Malware Analysis Report

2024-08-06 18:00

Sample ID 240225-g1x8csec9v
Target http://google.com
Tags
redline evasion infostealer link pdf
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://google.com was found to be: Known bad.

Malicious Activity Summary

redline evasion infostealer link pdf

Modifies firewall policy service

RedLine

RedLine payload

Modifies Windows Firewall

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Looks up external IP address via web service

HTTP links in PDF interactive object

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Enumerates system info in registry

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Opens file in notepad (likely ransom note)

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Defense Evasion
TA0005
Modify Registry
T1112
Impair Defenses
T1562
Disable or Modify System Firewall
T1562.004
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-02-25 06:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-25 06:16

Reported

2024-02-25 06:34

Platform

win10v2004-20240221-en

Max time kernel

1049s

Max time network

1037s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com

Signatures

Modifies firewall policy service

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall = "0" C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\EnableFirewall = "0" C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\EnableFirewall = "0" C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall = "0" C:\Windows\system32\reg.exe N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\Build.exe N/A
N/A N/A C:\Users\Admin\Desktop\Build.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\Build.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

HTTP links in PDF interactive object

pdf link
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0\NodeSlot = "4" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter\PreventOverride = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0\MRUListEx = ffffffff C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "5" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter\EnabledV9 = "0" C:\Windows\system32\reg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1 = 7e003100000000005958523211004465736b746f7000680009000400efbe5558d665595852322e0000007de101000000010000000000000000003e0000000000903184004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1712835645-2080934712-2142796781-1000\{9B2AC058-379A-4A44-BCB3-E9717F3B0707} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe N/A
N/A N/A C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe N/A
N/A N/A C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe N/A
N/A N/A C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe N/A
N/A N/A C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe N/A
N/A N/A C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Build.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Build.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Build.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2292 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 3868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 3868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2292 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf1fa46f8,0x7ffdf1fa4708,0x7ffdf1fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,15655976539078234837,2698255511282181105,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3300 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Redline Stealer Builder.7z"

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Redline Stealer\OpenPort.bat

C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe

"C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdf1fa46f8,0x7ffdf1fa4708,0x7ffdf1fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,3562796993179457235,5409927480044642530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe

"C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Redline Stealer\OpenPort.bat"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="RLS" dir=in action=allow protocol=TCP localport=6677

C:\Users\Admin\Desktop\Build.exe

"C:\Users\Admin\Desktop\Build.exe"

C:\Users\Admin\Desktop\Build.exe

"C:\Users\Admin\Desktop\Build.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C taskkill /F /PID 2968 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Desktop\Build.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /PID 2968

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C taskkill /F /PID 984 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Desktop\Build.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /PID 984

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault22002f21hdbech49b2h9561h483f62246fa7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdf1fa46f8,0x7ffdf1fa4708,0x7ffdf1fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16120450098045998391,5100002165374448678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16120450098045998391,5100002165374448678,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16120450098045998391,5100002165374448678,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf1fa46f8,0x7ffdf1fa4708,0x7ffdf1fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5979830662131994285,8960994850657853957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Redline Stealer\OpenPort.bat" "

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="RLS" dir=in action=allow protocol=TCP localport=6677

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Redline Stealer\OpenPort.bat" "

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="RLS" dir=in action=allow protocol=TCP localport=6677

C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe

"C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe"

C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe

"C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultabfe5c51h4cc9h4332ha0fdh72515437f4bd

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffdf1fa46f8,0x7ffdf1fa4708,0x7ffdf1fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4616254104207145083,15109328990974904319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4616254104207145083,15109328990974904319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4616254104207145083,15109328990974904319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\Desktop\Build.exe

"C:\Users\Admin\Desktop\Build.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C taskkill /F /PID 1520 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Desktop\Build.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /PID 1520

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf1fa46f8,0x7ffdf1fa4708,0x7ffdf1fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6172 /prefetch:2

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\DarkComet Builder (Multi components).7z"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\BuilderDarkCometMulti\DarkComent v5.3.1\readme_help.txt

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,9989739440096138630,3492082108361633141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7088 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\Menu Start.bat" "

C:\Windows\system32\mode.com

MODE 90,10

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"

C:\Windows\system32\findstr.exe

findstr /v /a:0a /R "^$" "Press [1] to Enable Windows Defender" nul

C:\Windows\system32\findstr.exe

findstr /v /a:0b /R "^$" "Press [2] to Disable Windows Defender" nul

C:\Windows\system32\findstr.exe

findstr /v /a:0C /R "^$" "Press [3] to Quit" nul

C:\Windows\system32\choice.exe

choice /C:123 /N /M "Enter Your Number: "

C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe

"C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe" -U:T -P:E "C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\Enable_Defender.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\Menu Start.bat" "

C:\Windows\system32\mode.com

MODE 90,10

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"

C:\Windows\system32\findstr.exe

findstr /v /a:0a /R "^$" "Press [1] to Enable Windows Defender" nul

C:\Windows\system32\findstr.exe

findstr /v /a:0b /R "^$" "Press [2] to Disable Windows Defender" nul

C:\Windows\system32\findstr.exe

findstr /v /a:0C /R "^$" "Press [3] to Quit" nul

C:\Windows\system32\choice.exe

choice /C:123 /N /M "Enter Your Number: "

C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe

"C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe" -U:T -P:E "C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\Disable_Defender.bat"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\Disable_Defender.bat"

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "ShellSmartScreenLevel" /t REG_SZ /d "Warn" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenPuaEnabled" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverride" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v "2301" /t REG_DWORD /d "1" /f

C:\Windows\system32\reg.exe

reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t "REG_DWORD" /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\Disable_Defender.bat

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\Disable_Defender.bat"

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "ShellSmartScreenLevel" /t REG_SZ /d "Warn" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenPuaEnabled" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "PreventSmartScreenPromptOverride" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v "2301" /t REG_DWORD /d "1" /f

C:\Windows\system32\reg.exe

reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t "REG_DWORD" /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f

C:\Windows\system32\reg.exe

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\Menu Start.bat"

C:\Windows\system32\mode.com

MODE 90,10

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"

C:\Windows\system32\findstr.exe

findstr /v /a:0a /R "^$" "Press [1] to Enable Windows Defender" nul

C:\Windows\system32\findstr.exe

findstr /v /a:0b /R "^$" "Press [2] to Disable Windows Defender" nul

C:\Windows\system32\findstr.exe

findstr /v /a:0C /R "^$" "Press [3] to Quit" nul

C:\Windows\system32\choice.exe

choice /C:123 /N /M "Enter Your Number: "

C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe

"C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\NSudoLG.exe" -U:T -P:E "C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\bin\Disable_Defender.bat"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:80 google.com tcp
GB 216.58.201.110:80 google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 www.duck.com udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
IE 52.142.124.215:80 www.duck.com tcp
IE 52.142.124.215:80 www.duck.com tcp
US 8.8.8.8:53 duck.com udp
IE 52.142.124.215:443 duck.com tcp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 215.124.142.52.in-addr.arpa udp
US 8.8.8.8:53 improving.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 233.54.223.20.in-addr.arpa udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 222.125.142.52.in-addr.arpa udp
US 8.8.8.8:53 www.vx-underground.org udp
US 104.18.6.192:80 www.vx-underground.org tcp
US 104.18.6.192:80 www.vx-underground.org tcp
US 8.8.8.8:53 vx-underground.org udp
US 104.18.7.192:443 vx-underground.org tcp
US 104.18.7.192:443 vx-underground.org tcp
US 8.8.8.8:53 192.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 192.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 samples.vx-underground.org udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 213.80.50.20.in-addr.arpa udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:80 ipinfo.io tcp
US 34.117.186.192:80 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 website-cdn.ipinfo.io udp
US 8.8.8.8:53 p.typekit.net udp
GB 88.221.134.115:443 use.typekit.net tcp
GB 88.221.135.104:443 p.typekit.net tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io udp
US 34.117.186.192:443 ipinfo.io udp
US 8.8.8.8:53 js.hsforms.net udp
US 104.16.139.206:443 js.hsforms.net tcp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 12.152.160.34.in-addr.arpa udp
US 8.8.8.8:53 115.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 api.iconify.design udp
US 104.26.13.204:443 api.iconify.design tcp
US 8.8.8.8:53 pixel.ipinfo.io udp
US 34.160.152.12:443 website-cdn.ipinfo.io udp
US 34.117.59.81:443 pixel.ipinfo.io tcp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 js.hs-scripts.com udp
US 8.8.8.8:53 a.quora.com udp
GB 151.101.60.157:443 static.ads-twitter.com tcp
US 104.16.188.89:443 js.hs-scripts.com tcp
US 162.159.152.17:443 a.quora.com tcp
US 8.8.8.8:53 js.stripe.com udp
US 151.101.0.176:443 js.stripe.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 js.hs-analytics.net udp
US 8.8.8.8:53 js.hscollectedforms.net udp
US 8.8.8.8:53 q.quora.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 104.244.42.67:443 analytics.twitter.com tcp
US 104.244.42.5:443 t.co tcp
US 52.4.133.212:443 q.quora.com tcp
US 104.16.79.186:443 js.hs-analytics.net tcp
US 104.17.91.154:443 js.hscollectedforms.net tcp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.139.16.104.in-addr.arpa udp
US 8.8.8.8:53 204.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 157.60.101.151.in-addr.arpa udp
US 8.8.8.8:53 89.188.16.104.in-addr.arpa udp
US 8.8.8.8:53 17.152.159.162.in-addr.arpa udp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 js.hs-banner.com udp
US 8.8.8.8:53 js.hubspot.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 104.18.34.229:443 js.hs-banner.com tcp
US 104.19.155.83:443 js.hubspot.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 forms.hscollectedforms.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 cta-service-cms2.hubspot.com udp
US 8.8.8.8:53 forms.hsforms.com udp
US 104.18.192.125:443 forms.hsforms.com tcp
US 8.8.8.8:53 perf-na1.hsforms.com udp
US 104.18.192.125:443 perf-na1.hsforms.com tcp
US 8.8.8.8:53 track.hubspot.com udp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 154.91.17.104.in-addr.arpa udp
US 8.8.8.8:53 186.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 67.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 229.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 212.133.4.52.in-addr.arpa udp
US 8.8.8.8:53 83.155.19.104.in-addr.arpa udp
US 8.8.8.8:53 125.192.18.104.in-addr.arpa udp
US 34.117.186.192:443 ipinfo.io udp
US 8.8.8.8:53 m.stripe.com udp
US 44.237.70.166:443 m.stripe.com tcp
US 8.8.8.8:53 166.70.237.44.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 89.149.23.59:6677 tcp
GB 89.149.23.59:6677 tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.214.133.66:443 cxcs.microsoft.net tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 66.133.214.23.in-addr.arpa udp
GB 92.123.128.181:443 www.bing.com udp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
GB 89.149.23.59:6677 tcp
GB 92.123.128.167:443 www.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.75:443 login.microsoftonline.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 243.174.119.20.in-addr.arpa udp
US 8.8.8.8:53 canyouseeme.org udp
US 52.202.215.126:443 canyouseeme.org tcp
US 52.202.215.126:443 canyouseeme.org tcp
US 8.8.8.8:53 unpkg.com udp
US 104.16.123.175:443 unpkg.com tcp
US 104.16.123.175:443 unpkg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 126.215.202.52.in-addr.arpa udp
US 8.8.8.8:53 175.123.16.104.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 52.202.215.126:443 canyouseeme.org tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.134.139:443 aefd.nelreports.net tcp
GB 88.221.134.139:443 aefd.nelreports.net udp
US 8.8.8.8:53 139.134.221.88.in-addr.arpa udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 92.123.128.167:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.181:443 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.181:443 th.bing.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 vx-underground.org udp
US 104.18.7.192:443 vx-underground.org tcp
US 104.18.7.192:443 vx-underground.org tcp
US 8.8.8.8:53 samples.vx-underground.org udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 88.221.134.139:443 aefd.nelreports.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 92.123.128.167:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.181:443 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.181:443 th.bing.com udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.6:443 api.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b9e3e150cfe464e9ebf0a6db1aa5e7a2
SHA1 3cb184e2781c07ac000661bf82e3857a83601813
SHA256 2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc
SHA512 f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

\??\pipe\LOCAL\crashpad_2292_ZUPYTXMLXDTAXXIR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e189354a800c436e6cec7c07e6c0feea
SHA1 5c84fbda33c9276736ff3cb01d30ff34b032f781
SHA256 826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427
SHA512 ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c09fd9ba67fd7d5574cfe9604ac2166
SHA1 446021ebaf1c20f639c7897705772c64d39f8709
SHA256 dbf90b87a937b0e4e0ce095a89beda78c8e11b0c173e223b0cd594403c40d2e6
SHA512 f0e4a199697ae6efe75d54b6fdb2de42b6da953bd887aa43e6b90f4b9f3b5b3a5783ee8260cd5d7f1618ada6628487c33b6c2f65a565f42261588983b16d0dc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 873734b55d4c7d35a177c8318b0caec7
SHA1 469b913b09ea5b55e60098c95120cc9b935ddb28
SHA256 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA512 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7eef57ad8f01e125b39a9767514d94bd
SHA1 24687a8ae88c5ec81ac4357e9c3177de51a9d3ee
SHA256 4a255327850293c406537002f05f247c1e92fc2e74d4fdfefc446d5215be26a1
SHA512 39ee9f6e04423cca5a1b25b2f69a55f395301da9c05aa3b52406d5f8149862a05414003ddc5134239cc3e30a033097a66a73afdd88fc449bb8e49dbb1ad20b48

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a5d1151c74ad7e8ce9d878448f9467cd
SHA1 9e4c3006ee7dcbee3883d05d3511928317bb7bb3
SHA256 3983548bf3a4569acf28b537f4d29c62febb82621dc99cdb161d6bf75d8758bd
SHA512 541ce8d9244b8d3234d3af875606fe79bd38c72c950fdf052e0d46adde3d3b1097438da886e3a1ec327faba6c5dbe4e68dfd2bfd7f13626f8aa576ddf49bd2a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 526d19360a3a5c087ddded1601dfa161
SHA1 6c1f7c4bc3d126fe585b9494b49a0536d4cc9bc4
SHA256 e2ed9791f0429c6e3ce7d0119d16baab80f55eecb064c1e4b3b1e66b3128b1d4
SHA512 0bf2bed4b561cbb7c74d126371780baa3d283375e734f946c5094a6342ddeef6ad0cca1635c5c1f34c3d78928829b15242fc233b0942d983c8f13b4f5c9ddd7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 27402b3a188c1c8b038342e2b6e4d1ae
SHA1 7d72a73dddf862625e75ad726677b7a46699e9ef
SHA256 76c139efbdef3b721ef74169820689c1c6b1abf4383bf5999c25734842df0079
SHA512 bc74647918e8c35eecb53099bc5622e164a1ffc51db875934eb3564296e18152656b0f2502af77baa15eb93fdf7d7218ceda1065ac96a42b772c0b8e95ce850b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57aa1b.TMP

MD5 a0018c6768b243898dfc86899f0d4538
SHA1 38ddacef6bff9928977e31858b918137cefcef2d
SHA256 0226619ccf40e1486257047d15ceae3fffae9016dfc89b9577a8aa534be24479
SHA512 76cc3dedd704125bd6978c6a773b0cc9dbbf6e87624885d6c9e330fff9d2de396a4f13264686c994e6271f29768d3c35bde8b4cf5b0a2ba4b74c98458558c5aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ff01ef6d7e8a47fefa333e7a6e0cc6b5
SHA1 ca476cf6172d2510fd46a91eda486018b84c3701
SHA256 e77b5d8be3960718373581e43df6e7effaa60e7ee7dbd88f3c0300d224fd7698
SHA512 00c2fa221773b0b5d4707486c3ea11ba87a2ef618243f020340bccdd2e3f9a032a31137250746b665373d0cc6793cac6429dec67e24ad6d7f3a7830faf3e78e9

C:\Users\Admin\Downloads\Redline Stealer Builder.7z

MD5 3317523fcb65de0cad16632d204adf2c
SHA1 8d68b943b791774933acfc6a9b4e6a1e018b2439
SHA256 4f758849cc2c1a02baf4c275ea8fc9cc2fd9a380c157d066a984162fd43cbfe3
SHA512 df0a952becbd4925aa14a1d54dc8ac4b6519043d19960daad27b99f0fc83eeaa07a1dee53b3f0e582d3db0a5012cbbbb6ad67037347f79cb0717c756eb92a796

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 83d3fed0a3cd7e45b25bb151541fda54
SHA1 5e8c12a2e8a579c46a3aab0ec6e3c3c73e7af4f7
SHA256 9724f5289f9e5daa830d62d5c3210ebd69e8ea82aa614df695e05ec08375d846
SHA512 696bd08f42988ad20417a3514b7a538fd1ea49e3c6135bea48900fd9a9fd4909a4d870a22d73df6d67d54b926d32f7f468b69cdb7cc04c5300bc660563b6f674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ee891f5579bd5a2b0e21de61bf893ecc
SHA1 f0d4abbc123eb1e8933dff24d00d1fc7ddf5c4bb
SHA256 315213df4d34845b8bdf1fd4a318d1ec9ceeef3f9f76ba7c80501f1ba47d32fa
SHA512 522e4accfb153b454708161cf9afd3c695ccf83061285ef289d406437b6cefcf5aaacf25aa1dbf45ba5d444b6b85a6caeec4e92df12b3e0c1f2054b352c45f0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16837c4e868a6413528a4bbe062bc9bf
SHA1 927091bbf57bdab4aad412bfa1d188bf8474a1b7
SHA256 08c5cf5fb3c9f256bd378d80a503e5419c5705b0db9f196f74d9c0c94430fcaf
SHA512 a8f5b84db8aec55f48f3f4b0d66589caa11502b22945ea388d87cd46d655de2452dfb53fe4f2d5073c9aebd50aea2dba25f597867eb62f11788774f21d2b3f60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f7b4f08334e5be459bb10284f00a3cb9
SHA1 e20f01bbeac04e8162de5ef3b132a0669ef4fb87
SHA256 f2ccf79dcf1c6a9000f1472796581656bf4ef69d5085b424f2ced6ffb2e0b9f2
SHA512 33445a64d6101cb11a783100ca95672cef1ffd65c8fd133ec698b2ba7ba71f6dc963865b2a7a9ae4a412e792b030d627b7f946d4014e6b9a35b9e57c8312a664

C:\Users\Admin\Desktop\Redline Stealer\OpenPort.bat

MD5 cf1cc90281e28cee22dce7ed013c2678
SHA1 2f213a71b76db3e51ad2d659f84dc1f3f90725fb
SHA256 84399f8bccefa404e156a5351b1de75a2d5290b4fddd1754efb16401ed7218ef
SHA512 2b61c1da7cc66506537719cedab82f172d2ac1af4df69513ba64507a5ed67989974f81791faf08c5855580df53f564600381be34c340b825f1f01919948921e1

C:\Users\Admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe

MD5 baf102927947289e4d589028620ce291
SHA1 5ade9a99a86e5558e5353afa7844229ed23bdcd5
SHA256 a6d2d1ba6765e5245b0f62e37d9298e20c913c5a33912b98bd65a76fc5ab28ae
SHA512 973ecb034ba18a74c85165df743d9d87168b07539c8ef1d60550171bc0a5766a10b9e6be1425aea203be45b4175694a489ea1b7837faa3b1927ca019492ccd37

memory/3344-507-0x0000000074430000-0x0000000074BE0000-memory.dmp

memory/3344-506-0x0000000000F80000-0x0000000001024000-memory.dmp

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Build.exe

MD5 1035bbf6b782b7a8819fa9bc616a9657
SHA1 e24f76eeaa29637aedd374f0087492d24aca22eb
SHA256 4060699be22d52cd3753fa0bb8d3147a7b14b4ee9769013f2f0ad284586911cb
SHA512 fb6ca81949db5bdf70ad294d68e3af534cb5e823558ac9428712a04d68b4b7413b00e3e465ad09e0e19572c777b6de7decaf705df3394177ba5792ec274e06d9

memory/3344-511-0x0000000005930000-0x000000000595A000-memory.dmp

memory/3344-515-0x00000000059A0000-0x00000000059AA000-memory.dmp

C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.exe

MD5 de6f68cdf350fce9be13803d84be98c4
SHA1 e37ec52f68ab48344579ccbfc4d2d90d3073c808
SHA256 51bbc69942823b84c2a1f0efdb9d63fb04612b223e86af8a83b4b307dd15cd24
SHA512 0344b764dc0a615d5a0bbb24ba442bd857d69fd3b102f243dafc9a9ae8776f6ad98f9af2cf680effaa5807451e310232224264ce9fe1bbc4a5f826833705ee8a

C:\Users\Admin\Desktop\Redline Stealer\Libraries\builder.pdb

MD5 418dc008ef956465e179ec29d3c3c245
SHA1 4960b2952c6cc8de2295f145c3a4526bf6d1a391
SHA256 8c7e21b37540211d56c5fdbb7e731655a96945aa83f2988e33d5adb8aa7c8df1
SHA512 ad386b6cf99682d117dce3a38c37f45843ac87d9ad17608453c0dfe8dd2b74c0c19c46a35da8140dc3ffc61d2333d78ab1438723cfd74aac585c39f0f59542f2

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Bunifu_UI_v1.52.dll

MD5 5eca94d909f1ba4c5f3e35ac65a49076
SHA1 3b9cb69510887117844464a2cc711c06f2c3bd19
SHA256 de0e530d46c803d85b8aeb6d18816f1b09cb3dafefb5e19fdfa15c9f41e0f474
SHA512 257a33c748dfb617a7e2892310132fd4abf4384fb09c93a8ac3f609fd91353a4f3e326124ecc63b6041ac87cf4fcc17a8bdca312e0c851acd9c7a182247066ea

memory/3344-520-0x0000000005DF0000-0x0000000005E2E000-memory.dmp

C:\Users\Admin\Desktop\Redline Stealer\Libraries\GuiLib.dll

MD5 eaf9c55793cd26f133708714ed3a5397
SHA1 1818aa718498f0810199eca2b91db300dc24f902
SHA256 87cfc70bec2d2a37bcd5d46f9e6f0051f82e015ff96e8f2bc2d81b85f2632f15
SHA512 b793ae1155bd7be247b42c0fc1bc53e34cf69e802c0e365427322dac4b5cc68728d24255a717aaffa774b4551a6946c17106387cff4cfdb6ce638d8a4ecab4d9

memory/3344-524-0x0000000005DD0000-0x0000000005DE2000-memory.dmp

C:\Users\Admin\Desktop\Redline Stealer\Libraries\MetroSet UI.dll

MD5 f13dc3cffef729d26c4da102674561cf
SHA1 5f9abff0bdf305e33b578c22dada5c87b2f6f39c
SHA256 d490c04e6e89462fd46099d3454985f319f57032176c67403b3b92c86ca58bcb
SHA512 aa8699c5f608a10a577cb23715f761ee28922c4778f5ea8a5ec0a184e1143689fba5a08003fd5cbf3c7dd516eac1fddc8c3f9efa1d993ba1888e87b70190c08f

memory/3344-528-0x0000000005ED0000-0x0000000005F44000-memory.dmp

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Mono.Cecil.dll

MD5 7546acebc5a5213dee2a5ed18d7ebc6c
SHA1 b964d242c0778485322ccb3a3b7c25569c0718b7
SHA256 7744c9c84c28033bc3606f4dfce2adcd6f632e2be7827893c3e2257100f1cf9e
SHA512 30b3a001550dca88c8effc9e8107442560ee1f42e3d2f354cc2813ae9030bf872c76dc211fd12778385387be5937e9bf172ea00c151cab0bca77c8aafdd11f7d

memory/3344-532-0x0000000005F50000-0x0000000005FAA000-memory.dmp

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Mono.Cecil.Mdb.dll

MD5 dc80f588f513d998a5df1ca415edb700
SHA1 e2f0032798129e461f0d2494ae14ea7a4f106467
SHA256 90cfc73befd43fc3fd876e23dcc3f5ce6e9d21d396bbb346513302e2215db8c9
SHA512 1b3e57fbc10f109a43e229b5010d348e2786e12ddf48a757da771c97508f8f3891be3118ff3bb84c3fd6bfa1723c670541667cdbf2d14ea63243f6def8f038cc

memory/3344-536-0x0000000005DC0000-0x0000000005DD0000-memory.dmp

memory/3344-542-0x0000000005E50000-0x0000000005E6C000-memory.dmp

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Mono.Cecil.Pdb.dll

MD5 6cd3ed3db95d4671b866411db4950853
SHA1 528b69c35a5e36cc8d747965c9e5ea0dc40323b8
SHA256 d67ebd49241041e6b6191703a90d89e68d4465adce02c595218b867df34581a3
SHA512 e8ae4caf214997cc440e684a963727934741fd616a073365fa1fc213c5ca336c12e117d7fa0d6643600a820297fc11a21e4ac3c11613fba612b90ebd5fc4c07e

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Mono.Cecil.pdb

MD5 c0a69f1b0c50d4f133cd0b278ac2a531
SHA1 bcefbe60c18318f21ba53377a386733e9266c37d
SHA256 a4f79c99d8923bd6c30efafa39363c18babe95f6609bbad242bca44342ccc7bb
SHA512 c38b0b08e7d37f31ab4331fcc54033ec181dc399e39df602869846f53e3dc006425a81b7b08f352c5e54501e247657364dfc288085a7c1c552737d4db4f33406

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Mono.Cecil.Rocks.dll

MD5 c8f36848ce8f13084b355c934fc91746
SHA1 8f60c2fd1f6f5b5f365500b2749dca8c845f827a
SHA256 a08c040912df2a3c823ade85d62239d56abaa8f788a2684fb9d33961922687c7
SHA512 7c47f96e0e7dfaebb4dccf99fa0dda64c608634e2521798fd0d4c74eb2641c848fadad29c2cd26eb9b45acdfef791752959117a59e1f0913f9092e4662075115

memory/3344-547-0x0000000005E40000-0x0000000005E4E000-memory.dmp

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Mono.Cecil.Pdb.pdb

MD5 8e07476db3813903e596b669d3744855
SHA1 964a244772ee23c31f9e79477fbccfd8ed9437e6
SHA256 aa6469974d04cba872f86e6598771663bb8721d43a4a0a2a44cf3e2cd2f1e646
SHA512 715e7f4979142a96b04f8cb2ffa4a1547cd509eb05cf73f0885de533d60fd43d0c5bba9c051871fd38d503cb61fe1a0ee24350f25d89476fbc3b794f0ff9998f

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Mono.Cecil.Mdb.pdb

MD5 0ba762b6b5fbda000e51d66722a3bb2c
SHA1 260f9c873831096e92128162cc4dfcc5c2ba9785
SHA256 d18eb89421d50f079291b78783408cee4bab6810e4c5a4b191849265bdd5ba7c
SHA512 03496dce05c0841888802005c75d5b94ac5ca3aa88d754230b6f4619861e58c0492c814805cde104dc7071e2860ebc90a7fba402c65a0397fb519c57fca982f7

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Mono.Cecil.Rocks.pdb

MD5 17e3ccb3a96be6d93ca3c286ca3b93dc
SHA1 d6e2f1edc52bbef4d6d2c63c837a024d6483bbb3
SHA256 ca54d2395697efc3163016bbc2bb1e91b13d454b9a5a3ee9a4304012f012e5eb
SHA512 08c4fc7b9a7609aca8d1f7c7cd1b8c859c198d3d4e7cad012a6f9b5490afff04a330c46f3429d61e3a5570c82855deda64a0308b899f8e2f93f66ed50f7fad3b

C:\Users\Admin\Desktop\Redline Stealer\Libraries\Newtonsoft.Json.dll

MD5 6815034209687816d8cf401877ec8133
SHA1 1248142eb45eed3beb0d9a2d3b8bed5fe2569b10
SHA256 7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814
SHA512 3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

memory/3344-552-0x0000000006060000-0x0000000006110000-memory.dmp

C:\Users\Admin\Desktop\Redline Stealer\Libraries\protobuf-net.dll

MD5 d16fffeb71891071c1c5d9096ba03971
SHA1 24c2c7a0d6c9918f037393c2a17e28a49d340df1
SHA256 141b235af8ebf25d5841edee29e2dcf6297b8292a869b3966c282da960cbd14d
SHA512 27fb5b77fcadbe7bd1af51f7f40d333cd12de65de12e67aaea4e5f6c0ac2a62ee65bdafb1dbc4e3c0a0b9a667b056c4c7d984b4eb1bf4b60d088848b2818d87a

memory/3344-556-0x0000000005FB0000-0x0000000005FFA000-memory.dmp

memory/3344-561-0x0000000005E90000-0x0000000005E9E000-memory.dmp

C:\Users\Admin\Desktop\Redline Stealer\Libraries\RedLine.SharedModels.dll

MD5 bee2969583715bfa584d073ac8d98c42
SHA1 37d1221ce6bb82e7ad08fd22bd13592815a23468
SHA256 5f92db78e43986f063632fb2cfafdce73e5e7e64979900783ca9a00016933375
SHA512 5c139b81a51477d8362be2bf72b9f2425d54ef67b4ad715fbe8aa11f8a57435abb7f23a7ecaee18611e559d1006c0df5dd3427b6e7c3caed38d8cffd79e4bb1c

C:\Users\Admin\Desktop\Redline Stealer\Libraries\README.md

MD5 8cf8463b34caa8ac871a52d5dd7ad1ef
SHA1 a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa
SHA256 eb4bd64f7014f7d42e9d358035802242741b974e8dfcd37c59f9c21ce29d781e
SHA512 dd4f520768dafe6990081e74c73c7adff8bdde7f831aa9ea6b8de15d3ed53c7b04eaf15cb332f4ff3b55966b75612bd5c2dd5ca62139eee58470a7f5d59bb62f

memory/3344-562-0x0000000006030000-0x000000000605A000-memory.dmp

memory/3344-563-0x00000000063C0000-0x0000000006670000-memory.dmp

memory/3344-564-0x0000000006000000-0x000000000601A000-memory.dmp

memory/3344-565-0x0000000006C20000-0x00000000071C4000-memory.dmp

memory/3344-566-0x00000000061B0000-0x0000000006242000-memory.dmp

memory/3344-567-0x00000000077F0000-0x0000000007E08000-memory.dmp

memory/3344-568-0x0000000005EC0000-0x0000000005ED0000-memory.dmp

memory/3344-569-0x0000000006760000-0x000000000676A000-memory.dmp

memory/3344-570-0x0000000005EC0000-0x0000000005ED0000-memory.dmp

memory/3344-571-0x0000000008320000-0x0000000008332000-memory.dmp

memory/3344-572-0x000000000AB50000-0x000000000AB8C000-memory.dmp

memory/3344-573-0x000000000AB90000-0x000000000ABDC000-memory.dmp

memory/3344-574-0x000000000B1A0000-0x000000000B2AA000-memory.dmp

memory/3344-575-0x000000000B0D0000-0x000000000B0F8000-memory.dmp

memory/3344-576-0x0000000005EC0000-0x0000000005ED0000-memory.dmp

memory/3344-577-0x000000000AD30000-0x000000000AD80000-memory.dmp

memory/3344-578-0x0000000074430000-0x0000000074BE0000-memory.dmp

memory/3344-579-0x0000000005EC0000-0x0000000005ED0000-memory.dmp

memory/3344-580-0x0000000005EC0000-0x0000000005ED0000-memory.dmp

memory/3344-581-0x0000000005EC0000-0x0000000005ED0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a2978705748680dfbffcc0dea8f22fd3
SHA1 32544ca5504e49ddc9e2966225fdd028a60df48a
SHA256 4894e234312f66959ab89bce09abb366e4934a1fe7dcb38589618a23a4085a06
SHA512 c34d37a6d759b3ec396f34bfc75bec019659f87c4f0648d4165a44ae6a7769bf5221be17a2631bef1d89fb21786805b2ce5f346a63ceaa1a7b9a0153dc59308c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4ba42c4751cb093bbd7ec09828d5dfcd
SHA1 4ab28f76f6af8380309998a09d8b1a8068a53ac4
SHA256 6056513a2d5a39503577d3d2cbe3409d2b865876b6faf9e4512ae5205a6a29af
SHA512 2e59b6208af14bca7ecbcd575f82a0ed4a84b4d27c8003f4932cd78d0ee8f7c410f3b4f8ad7d94a6781b76673be09eb1a41cf59ec2ae94b9fe6af1ffe67a2615

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a259bfa98d1c18208f309d58ac1fbd4d
SHA1 309a865e6d5cfcbce9e0bf973ce79d14416ddee7
SHA256 cf9ff61ddf4e260757283e760db60e3b509d8e1157cc05ed68023563589ba9fd
SHA512 a9700251c2584c3f1213fa5726f8b9220d7f956a08aef790856e388e9b837557d6992cf99c5d370de271cb302c0512a9488aa7d6879f8716831d7c32ee73d928

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f28e478a0d6303f764d7e7139e7a98cb
SHA1 8e5bca55d1d746fe4698f2b889eaf80ce534a118
SHA256 2789b2b6d787d457c702dedf3ce52acbc75d9b59c6fe687010296191111cd684
SHA512 2bb92d4d7297a7c03beb8eea0a4656aede44f016833c847d248b528c02a655a0d4f41445ec860156a252d205dd7e4035a27aba0ed01130c36426fb0a6dfa15d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c9802aab56678ad91642986de038283f
SHA1 0d60f0487812978d2d8ef88cf98ce6f93550aace
SHA256 5f976e9eed67be0c3829be99d37268481df5c86682632c68542dc8254ee3cdc6
SHA512 395ee536205788bf197b94d35f5549789d8aeffa0f589540a9af8cebbacd7b2039509719d510b27876815be0457f5d19e53d8d95ba1526599ecab3bccffdb088

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ab109fb7cfe30146d932176de2c76d7
SHA1 4a3a0fcdce6e08ce6ab5b8b4daa94a08995d415c
SHA256 28cb936ad451aba8f83ec09d0dca52b956b0b3df838b28cb7f467bd8c3b85fe7
SHA512 b95ff32dda52cd1cbc2925d3edd01cedfe0aac90976727866b0f58be558f08b6648664432fa46ab4aceac32d9c82d2c1f3631f2420ce15d93c6e6eac23157457

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64b713ad5342e8c8cbf5661e0da95eaa
SHA1 6db030ab54968b0ae7f61ae341d07939a716cd1f
SHA256 41e7fa2af26dc851528b1c9e02aea426fcd36ff7d39c24eee1459d3c7887a07e
SHA512 e9994ad931b594b322fa5279ac623c7e88f94132d31a74a61a037b0288546b807ed85a688e7810881ce23ff9bd2737cf308c43d00d3001f0b60c756b012fe34f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 aeaafb730a562d88c3b01f29518d4d3d
SHA1 cf30bb27cd0108a49fe7549e86bfb3745a0a08cf
SHA256 24c2150e0f6398657362c6ff7226dc772c48c486d943aa1f035fa28406702d89
SHA512 cebe6cb51fab842957830a90307fa70b38be60e16ba39c2ff4f644ed82dbf7f0554d77a7043d5a2565802454fecead8750519cb2b762042fa74429ee816b3efe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bdaee02b8ced8b41db750f5b8909b3ca
SHA1 d56bccdb7c0c6c18b43f0d6b874ec162bbe8e152
SHA256 127369581ffb501637f352e67c08ed015a5167b895db8734146852d7e4704266
SHA512 4d7c22e330b2d7cc2fe14d4bd88c54a0471f3385ad14c770b35213b74d260be629ee59f02893951c8f13d4adc6073176dd8f71eb9bb0ad3d3cdbd86c7fce9cac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 8560d08cf7172a2a9a2424a07791094b
SHA1 75b9e05a245c86e815043962c42db3226111fbce
SHA256 6c832cd3e638ae946ab6572308b427b0c98d64f506b1dcbb84e9a07b0b939800
SHA512 c67b5c3fe0e5ce7aa66bc2bd603cedc5ec9bffbc7d1fe005107dfa255929bc1e8814d0f19c5dbd88ee89c2dc418e05035a8a745d1ddbe27f3e0642afff141dc3

memory/3344-880-0x0000000001730000-0x00000000017CC000-memory.dmp

memory/3956-881-0x0000000000980000-0x000000000098A000-memory.dmp

memory/3956-882-0x00007FFDDDD70000-0x00007FFDDE831000-memory.dmp

memory/3956-883-0x000000001B590000-0x000000001B5A0000-memory.dmp

memory/3956-884-0x000000001B720000-0x000000001B77A000-memory.dmp

memory/3956-885-0x000000001E6C0000-0x000000001E86E000-memory.dmp

memory/3956-888-0x000000001E6C0000-0x000000001E86E000-memory.dmp

memory/3956-889-0x00007FFDDDD70000-0x00007FFDDE831000-memory.dmp

memory/3344-890-0x0000000005EC0000-0x0000000005ED0000-memory.dmp

memory/2968-891-0x00000000002A0000-0x00000000002CA000-memory.dmp

memory/2968-892-0x0000000074430000-0x0000000074BE0000-memory.dmp

memory/2968-893-0x0000000004B90000-0x0000000004BA0000-memory.dmp

memory/3344-894-0x0000000005EC0000-0x0000000005ED0000-memory.dmp

memory/984-895-0x0000000074430000-0x0000000074BE0000-memory.dmp

memory/2968-896-0x0000000074430000-0x0000000074BE0000-memory.dmp

memory/984-897-0x00000000049C0000-0x00000000049D0000-memory.dmp

memory/2968-898-0x0000000004B90000-0x0000000004BA0000-memory.dmp

memory/2968-899-0x0000000074430000-0x0000000074BE0000-memory.dmp

memory/984-900-0x0000000074430000-0x0000000074BE0000-memory.dmp

memory/984-901-0x0000000074430000-0x0000000074BE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\36b2358e-e68e-45ac-8c6f-8f01a55cb929.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 947c31363b5733c6e0261ff56250e624
SHA1 f77900b8555ca4c643611ab56eb43a056b9c86c6
SHA256 2f4b796cbce0a7944455775a6e82aea9aaa87819fd8d6b89fb2878f137443117
SHA512 976d5e7a4ad15c885641aebe80081617fcad426ab03b69ba3cc5b8de5f4e9d4e10096b1509819b527f1c8d3f28f9a1e409edd851253d84c37737c25b2c00b9bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2460b350fac107164c8813334c57657d
SHA1 009ad3adc044b4a5f2707a27f068c2d509988383
SHA256 49d2e875c44799d97ee4342126f55933be51930a444b28bb353bf52a36d7e3c8
SHA512 8ca0aa96edde1f6b913b02ee74c6867019e004719bbfc75a60607797e5edd6321a5efd47a6520d1633860615b4aa3dd0a892229cbb66c0ecf758416cccd7cd98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9398eb965db289f8dfb2e352f0af9f7a
SHA1 ed61f62a451bdb35a047a0bf16beebcf16ecfa29
SHA256 a40e6c4e40e8158dbdcd8ac4009610547a042c189764b1107bbc102cff12148f
SHA512 bec9b2aff740ce87f054c71e14715414a3e4b39b172d38443225cb87a8405ffc9e0779d2b6f471fc8e0bd9cf0293b8f4fbf3f0a1707281833bf1bb5806838c4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60006b4aa638d26afb4754fbad8c93a9
SHA1 c5c8b1ec5db77431dd168b24752f69f7755abf6c
SHA256 722d80ea02c4205d6f12c4bfc748e8ceaf6f54fbe1c870cfb57bb460a8ec97ee
SHA512 35c2567263268d4e542cf1682002d667ba170caca3f0d3e73852c57b82d3a6ea12fa03634d30f87acd713a800b87b1ef155986912499f6e960fa179e9386a46f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1d15fee2f862fc0d455e2c5cedbfef4b
SHA1 51d8b4cb3f95283bf1625fd3f31ee091fe328de2
SHA256 7222306f0813bfb61ca7abbf7db1788ed447cac45dbee73a3546e0137d5f0420
SHA512 c297f5864a195e2a5fbc60958507a9dfc72d18e13f963af70b95bad253a5fcc18e7c5bf4c5434ac72849c577ef529130f3a9547a046376ec95b082c5f86bf8ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ee5e9e2fd43493884b3b34f4798c4f5
SHA1 b9139468dfe2c63789fcb3861daab4a5923e3eb3
SHA256 f2bb1a3fbd7616edbcb585ceae9e9a2bd98e8a61b429556e12dac198719bc31a
SHA512 deea8d1e119368aad2c2ea899d563f2d27eab62749cd2b55ac6eb2a03f64f27337d00f72231df2135aa81a3654ef6e0cda7e8c84179a75e916636782b48bd80a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 93c28ae06b29e4d60af5d62fc5d8e885
SHA1 dd1e7b9518ef25cb34b56d42e7f55ace831eee23
SHA256 b05f8a22223557d97f61b8db49a0d6e891699493669029a0ac283a2f5d24b8bb
SHA512 d1e3c89d411a313c4043c104c63738be559772eae7aee13be0e13c2ff179b59ad4833f4e30075441da2cb121ece9ac8e88f8cdec32134fd9d53b3cfe5319c087

memory/2120-1090-0x0000000074430000-0x0000000074BE0000-memory.dmp

memory/2120-1091-0x0000000005D40000-0x0000000005D50000-memory.dmp

memory/2120-1092-0x0000000005D40000-0x0000000005D50000-memory.dmp

memory/2120-1093-0x0000000005D40000-0x0000000005D50000-memory.dmp

memory/2120-1094-0x0000000074430000-0x0000000074BE0000-memory.dmp

memory/2120-1095-0x0000000005D40000-0x0000000005D50000-memory.dmp

memory/2120-1096-0x0000000005D40000-0x0000000005D50000-memory.dmp

memory/2120-1097-0x0000000005D40000-0x0000000005D50000-memory.dmp

memory/2284-1098-0x00007FFDDDB10000-0x00007FFDDE5D1000-memory.dmp

memory/2284-1099-0x0000000002E20000-0x0000000002E30000-memory.dmp

memory/2284-1101-0x000000001E930000-0x000000001EADE000-memory.dmp

memory/2284-1102-0x000000001E930000-0x000000001EADE000-memory.dmp

memory/2284-1103-0x00007FFDDDB10000-0x00007FFDDE5D1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

memory/1520-1149-0x0000000074430000-0x0000000074BE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34179dd15e171cf256e47d61f9f8d1ab
SHA1 e52e76dc7c8be1915e5e57d99c4d7992f05bf839
SHA256 5d1e03a5282fb1c79ea398ccc1fb9dc775cddf9ad3b2d6c4757dd27cf0db9390
SHA512 63c0cb582c9852ef8a7b905615241f06b97923dad61ce5be25b15aec46f7d36fbf760668622e51da9abc407680351701eb9320f8420a8245978b078a1de5838a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc4bc69f34af1c2b9ab32ca9ffb2c22d
SHA1 6effee97cd0cb538970045eade7e01d4d8cd34a4
SHA256 fa184748d08a7a8d1fda68f005f3f9795e2609e8ba271d2d59b9a5206b9d39e4
SHA512 6fd8b2ad7927e5078e3082c48b0554b0fdf1e474985f5461801ff53d11fee2b9dd86afbabbbbdbd5a7e938c8e1e3c1640678ff0fac63d907d3a4696e027df83c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a29c76931453d6b70737cba928027332
SHA1 35b8b13f72e5de7baa72f98b1e5883e73ebdb098
SHA256 c066a8eca15d85e2ccfbb8c91194ad1c0524cf97b78d355ffe5a55705534c709
SHA512 42252c12c9d2f434da7a1134c6f8338658d380e09c4661db1aed60a5164b4b3d3c660e54fcddcf2a7132986efdb297c79162566a8f66caa834641b86fe1697ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a24887b88c73bd14fdc21f4a2a5e0481
SHA1 5e51529099104762a4c9b545c94a0b7c35378025
SHA256 3aae807a97940ed3091e74b8493f0c6af4033e4d68415444b6aa5a747da80d3b
SHA512 606182789b65963ac96d7f67758759468e39267f34cdc8b94f857cd510076da319c8e758b713407075a4414a61b92f6d1ca5f3ad5df400bd57b1b672e54d69da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 452cee87a193d291cf0394c0a8f961c9
SHA1 5ed43fad7737f776e85433d7fe7aa70d37eb4606
SHA256 6c31786e9b268be9d7e56b3e519845551550a8b0df4d3f55fbaf947378446c61
SHA512 355afabaa3be9194b4d47800be51e0ccecd9a857364fa57063b0866ee7595d33def0aed28eff297e582d16978e1ffb61921f3ee723e7c5e940dd48197b472500

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

MD5 e753cba4baa3922efb691d9b3834efce
SHA1 d191dad55a78cde01231c0b1a3d3ee7a0b5c1e5a
SHA256 d6ade064592fb3c2eb460182a1599d5ca987f9dd81a7115ed3e3e402db0d132c
SHA512 25c7ad97eb4e47629bcd2b67f7eff2ad2861e88443a50d2d71ff668e471366991d7ce851cf2bf2f0fccfb554e3230d6ae05b1626be6b81a892a7b1b70b8ec58a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f5450ee0d10322fde41a4398187d7718
SHA1 14cc7b7a19e0c966ca3018bd881634d2607b7e79
SHA256 fd9161090601ed7421ef1a18501f8b6d2d6b02af2c457119e8289bdc8d9a992f
SHA512 a0bba81c272616c9420b52e9258642de45616b9d0de7e31254b052723cb670b84ca3003972f594e0dd3ecf8731ed5cbec1e256ebc71da85508af0b459033b437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bcd43c643c371ef5da9ba5f723e4b26a
SHA1 eb02ac81681904c7e8f69984af72d3e8ad44328f
SHA256 5a164a5f8f3ed51344a482b8a1c86cdd4f3b42193f4ba41ad4d86f47b8125f01
SHA512 3a343d9bdc0cc5cb393badee029a9c5a2a290e72154e151c920feb99925c887fd8e8d6112993f35f98ac53a4c854138466b4c6abde99dea15c95c75bed6e1abd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 ac2f8fa4dd0be9cee9378c1d9e4c428e
SHA1 b611b9ca2f8a9d964469afea4ea5f707c6c53312
SHA256 5f236cef449e94436e1066370d7378962d989c3e9c0e19864a2545997cb33f3e
SHA512 a8daa270de182a6af7ad0d90a637e47e3d0226f7ca1c1fd0c38e640170181f59368fc64ff6f3a89d5006a2310a143c78c3a7cb3115e1e44b493ada427fcc373b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13c027560dfb980ede81e04c84e47320
SHA1 14b1e96c599867c6cc66fe97b36e456a2576f9a2
SHA256 abaf2af69af34295a5c257f06216472e777163d9face93b14daf11e553fdf2e6
SHA512 167b0d83a556224dd8c5f7e666f02d2b648084ec3c3aa6b4efb5d770b05cf8d73b6c6d1eaab75827e11f954a9d4e0daccbfbc17477454432d80068d3b99c7951

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 12dd3a5bf4c778f63fab4036672bbbba
SHA1 65f8ccc13f7b03dc5ead65959458b5bf543a148e
SHA256 fe733259d92dd175c62f38bf969a437bd5fc3283a678ce694dcaec768a40b748
SHA512 f97e4ff366f5c008654466cef391a5bb12ed93de7347dedf027c6a02acd8ba50f8f76add7c87b2a62693b045d6dc7c827550bbb7dac7a484e3b2f570de314b45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

MD5 2cf9df4d427447dd00b9566db8465de6
SHA1 8087616509700002b3364e20c748888ab581b42e
SHA256 8008577b4c52cbdb4883d39192b6dbef37e006851cb0415c4752dae24b985783
SHA512 ea36bafecde55be1ffa649f4f873e2267f2a7633d9fbf9c43bc6ed1d7076761e167ca4944ddff9f26630f15266fb26237288dfeefcf2b1d6f59eabedff9c89f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e65b273f43e6f3190cace44b46d038a4
SHA1 9b24ecfb67fdfb1288c42b8523da07353e730f9e
SHA256 cc15db5226a59d4ace58775686bcf3b4fc6f77a05c2865ef205742d14406449d
SHA512 0f744f972af123e1de50791be5d6fb6ed544ab00e521fae27f5133661df158b3e12ba0929439d03ed951be7a655a475212c1db98350b04c855c2eddcfe2c461e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6ec64ac63b6b389537ec44fbee3c611
SHA1 addea3a8ff69e8cd5b7995f1bbe3e8c0195e0e21
SHA256 a93284cd06fdd4f69ef5f802c45b059ce7ceb274257f5d59dbfa1f72840f314c
SHA512 c7f94bbfe110b144142a0c6ac51eb7fe581608bda5f030bb711f1d627ee1b3ea51bca70c883a22a58300ae2f18e07aabf1e7640ee90cb12cd32b324db049b3ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 33da3d10f932783c45fc10bd43d784ee
SHA1 2231525fa3d377bd2f2b4313c0ee624bdcf9c6fb
SHA256 a8bfd40f4adf84e8ab6ca797f3741b971d07b1bcd73c105b7d641c5cc03e8851
SHA512 d87b4036112204bb48ee2671504989858a1ad269d8e0e1323a15373efb3fa86c0cb196161f03c7a9d9848e5cbab965e5910288ded5205ea109fbda8f33bb8397

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d3776a5708fb7e0cf0e83c6a91b05943
SHA1 9b9809def7a9bdac1d1ed566c0fb16506160565e
SHA256 8ff66b55c5f87bcc8299bff9979c70c25b1aaf572f36b2af329792ef277a3a24
SHA512 a4062e45e334cb3cb3a442247ee144c5edcc30c66e941ba1c650b8c7ec040722168a859ae6ecab1cf2fc4610b2d052e3e4119e1618109e6775b46fda9aeca0a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 97cf604de60010f68d3b35d433da094e
SHA1 580205fb4d57199867ea88d5b3595e59fdd5bf72
SHA256 0932ba1e4243683d8d263217fefae900762ab488f1303e9a6fc9d03922e74510
SHA512 320e0f389f2f2c6694960b78a3375778e0094cbfeec5922931dad6a286145bd5dda4ca108dbee100e9b732ddfc2f78cfe9c041662feca54811af8e341d3a8557

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a8cdc80a41b7096ba0d144c9c6b5163
SHA1 3ddb91e49fda1d5fa1fe47b71d5f5e0cdfd7c9da
SHA256 274da6f2aa95c5dec1aa0fee6fb57c3e269b5cfe425e834d6d1c71b4aa790fc9
SHA512 003a0e9d1d9b88c040180592bdc1461075a3a9a3e0dc9640b9451630b31a5cd95343e81946f0259a0e27c0db30701525b94d0ebd79040fc087ac277832b93774

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 63e89cd3cd5361bc27e5839cf709a8dd
SHA1 c0dca1c8f3ce5c9bf181a093c1389a59a25704be
SHA256 a9cbb916a8e5e337551df7e243101ec6f92895d319f9425312962bbb2187c5a8
SHA512 bba34b9d6cfabdbf46601f03876162d94e06d70df33b7d1d7fe8ff2001ba63251d6ca7f3148fa951c87ef6866684f1b0f7b224ba4ebd874fee69e9534dcd11bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f12f81920ba46c5d6782491a6096434
SHA1 5c0a77ec4412bf265ae25d9e7fe3d0579bffd6e4
SHA256 f9ed615b8af2393ca659ce4805613736f51f81cabceeca22b315f85d99d467b2
SHA512 a02fb6b0e302664e052473c37a6600984c78c20bf7dfa6f28cfb9ed7a855e0569ce3904449aae5612aaf954e9e0ff888d3646a8a999a922c2408ef005eb4eaa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 df836ff8770c3da28f87d716f51acb71
SHA1 01bc95ec6cd99a628d052fe4464428544d25e160
SHA256 3e37c8ba922011177c76bdf2b19d9c87d6dec97642013ac1430db8d503fb7381
SHA512 7809ed75f1f2898dd4ccac049ae6f924d2fd682fb8d3360b35d0ece06027648e081d94ef4fd68b94012f960d74d0a2b162a5ca58af5555e87207eb0bfe6fe90f

C:\Users\Admin\Downloads\Unconfirmed 575379.crdownload

MD5 016f5a1a5073b93f9a4a164af1447c0f
SHA1 f8a97b51b2d04f78c8f94a6ff94c6128849a9a61
SHA256 0cb70432a70e01759916831c350f6059e8e262fc9403c94e9d87bdb68f5076ad
SHA512 789ba531124ec4b28dba1a9c632f1e1048f37e4ddfaf3251ef43a52e1d2963f6578d5855ca6b403da75f2d6929af832e1c4167441d4317a5474988997d0bd7c3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 5d99dca68f6bc672843bfd8418c278ed
SHA1 583f54b1d18ce890d04c2ccc78b646ec60baa6c6
SHA256 60891d34144b1413409cd85bd1f72b2bc6b7b9d47e5a8b94451a6ff2f5c117d2
SHA512 f58c6f63fb125cc96dd4e068947c81a03f01129d1f7d630110faa89bb110cb8330caf0f1592bc0265a9b35ee8378853284af06c45f0f17acc23457bf4e6528be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce66d3e57984ad65c9c23ead917ffed5
SHA1 582aea42ae684e3bd53bd8ff813828a5427d7493
SHA256 714d29ead7418568d500beb92f1db4d10b6ac322d80fe5afb538b2547713f481
SHA512 2b0bc2b0f962cc43dfc7459c4379ab2f41fd4766b0caa7323ecdfe554dfa1ddda5ff464975d4c5bcb7ba48a703e3e4347e33c617e882277a3e90fcc26dd65865

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c66e703670016827a030816eefd09995
SHA1 787ee3c8772aa84888798838f5d988a1e7cf62e7
SHA256 77901c72ef081c123d319355ed7aa5359dd85c8dbc354ba6758f133f9b804aaf
SHA512 e75052a57fe6fd49c0b7da3d35d87332bc01134429071e75edbc78751c3b7b0c79bc1c9e3ccd089e1a239fa179719061a38c753183f0eb194af595084f1ca1f5

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\GeoIP.dat

MD5 b64ea0c3e9617ccd2f22d8568676a325
SHA1 f8395bace374acb3596c0feea0edf9b12a41a7b5
SHA256 432e12e688449c2cf1b184c94e2e964f9e09398c194888a7fe1a5b1f8cf3059b
SHA512 9301821636655e14e54ddb47585efde3a98dabeaad97441500db832b52c1ff065bd51657258bd2dbf98679d6b711c48abc08d1cf9d282b6fac3c697cf50b1dd2

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\facebook.ico

MD5 c6120e467c833d5f277c2b939251918e
SHA1 8794f9b3dd83a26a1c745dd61f67c7e143287db0
SHA256 62a4fbd69e3e534e2ce8fe2f664ea8a803eb29f2eff3bc7503dba641ab33e589
SHA512 c746c806b2a350463c30328f2e0c0eb1f3ea46c58ad2fcdf62d7bf9853bb687d58772e88ea8395af73c91721a578b47828655a9ce38a54458404d5b00ac823f2

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\emulefold.ico

MD5 7a19ef1c29ec87e43983fc94f95ce198
SHA1 f425ac0e69248a441e718238dc24e9f1f24bffbe
SHA256 101169e184ec7450b03811c6f4fee4460ade14a2b93f275a55b617417e7cb5ea
SHA512 897846edd45fbb01fdb133dcb048518c076ecdad97b9ff57832d29c5ee12105ce54253e8a454577d3b9b314202a5fe564b8f09f48faf712a44a9521e9c2e9b71

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\cubic.ico

MD5 f273cf2c932b6d768bb2d1d62e9d2a4a
SHA1 a473fb4b3fb13830e3adbf547e1d7129f7ab5e18
SHA256 713cc5ede2b35ae4933ad31b02b7c4bda1255c9709b219a13162b72f228df652
SHA512 3dc9334afce339eb43a1a76c08aee16daa9cbbc91abf618081e07ebaa990fcf7ebd5b3877d1cbf9b1bf442cced476428dedaf14076501c8493233c41985800c3

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\chrome.ico

MD5 16a9e9b49f6e08635ebe55f5ecd5f346
SHA1 1e846edddaf2857168db8e8387916492c3b3405b
SHA256 fcd5923f3401b523c3ad27ce999398328612a86eec253cc7c09030a0035b0f99
SHA512 1a4aafb3cb535c41f3afae7938a41f6ae84ea5bcd7b4b3531e253d1635783e53c950ef1bdf0433db92848e283fe6c1efe58ce2380b39f3f5aee4c35ea85460b9

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\bittorrent.ico

MD5 73d8decab435acb32df1dce812ed3acd
SHA1 1cdf281a6f297f09698a155a9010e2c7f6a212e1
SHA256 8e44bc15b2a99d99d4670112b6e3c494ea46adb49a35899ec0192f12dcc30f5f
SHA512 d5f2b589dc2203c03db601b512d3a5dfe40a651931b0c1cc883c17c0202e045e690eeaa2c321cdc08827a86d1dfa4046d6c51f5c5ecd9e4a2a80cffc95bee80d

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\archive.ico

MD5 5af592df403c50b14b47f9185cfb417f
SHA1 e0a7885d8208c76dfaf0e10d4acd942fc2e917fe
SHA256 99b5cee64ef8164a68cae08d883aef65c4c96d3b57a8b075d330c537aab183c5
SHA512 aae53540e24db201054d9f9291db54b5744f15f3ed097fb9ba405155d85b983b0654352f7c0b0187b34c4dfc45991d38c87d65120aa27e1ddeaf8d77c23262d7

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\againzip.ico

MD5 b87dbd32f31532ea8f7af9d28ee7800c
SHA1 0e3e2f5ed1186d09716d91f25913a6341268e47d
SHA256 c3c3b009cb602535c18ed168c0bc448441a62b63c69ff27e3f9c2d8973411250
SHA512 5cbe3a820268917be43ec2991502aff0a7880972eb7804ed1d8709094a26ba4585b95b1505ae4fc7bdaad11e77ad1dde1e7cbdde530bb32b0d95617a47d15de3

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\heart.ico

MD5 ad26dd83ae2ec2ddf0cc07021825d063
SHA1 1833edf0070e4f089470834ccd264725e206ec70
SHA256 11d3eac0551cae9686bc6ebe6166e6eeab70c3b5f5bfc56db45ff9dafc8188d7
SHA512 98238db2f29264b18d5c1b23ae38a67819faa19db55a94f8a6ace95e43e0742735a72f2a8191b254e86424f82a46b09504c5e4090031ee1f7b362d4375897502

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\girl.ico

MD5 846e57f8ba357943141eeebd6c454e33
SHA1 9d7eeb6113fdb188c58e0bd21b7bc43cfacfa96b
SHA256 9f4f839255213d82abe0070caa720aeef01b1f0195ddac8a3437d7931b31a890
SHA512 d67512dfba0c7023428b2a8f4cc0ba81e2a2a2eb2514f0f934b3618a348581bc3216c9cef4923006264b3f5dc4b50980b42b0d0c40988d7498905fe5d48e13f2

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\ffoxwhite.ico

MD5 882bbfbf5cbc4c791e32e6a74d0f4eed
SHA1 affaca5862ccffc5e8148d709fe5e6335dcafb6f
SHA256 a3bf3fee486dc890cc3c8295a36da3a6045d2ee70d17d8a370b87eccb0473b5e
SHA512 a54e1841b8fbd90344992f00f4b0586b57090214b5eccff4b7792eb349be4ae887d4bcef697d11d6d64ef05cb2f4e207a020c047fc572527ed1ec7364cca8152

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\ffox.ico

MD5 3bb3e1c6a6ad5c89934f34be4b1e458d
SHA1 7444b0857ccb72e3dee1b07f1273348c15f295cf
SHA256 5b4ee4c5878336be86574d599a252d1a5472fc0579bafcccd71f25bccfb0c003
SHA512 1221c68c591624218b2f6809c36892400ab2c399971780a4828e83cef4018ad8e33bf2d6bac6cc5cfbd3565feffba7fac749d14baf7d831fc0fd9a9038bf6626

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\female.ico

MD5 9ec80b1ed453ced93e4dc6f1131e4cf7
SHA1 99896ee3687b44fc55f1b2f4d549d5179383755e
SHA256 e5e9481ebc946c869655aca4dd53407b0921faed0172cad9cda4d4dc47c7351e
SHA512 fdf4f8c5506991068387d44b221fc5e679c3d7460aca41b7a83ce92efe63618944fb844e032a8d2de5c53ad30a036083053fa87615fbfc309b948351bcd725b2

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\facedebook.ico

MD5 a219e70366471a9b13953789791e9a42
SHA1 94678b982b8366be0a4976118b65cfa7550d2a7c
SHA256 7a18fb1007712b31600043bd3c2400b6f8ab1ebabd603f4aa6730089368af734
SHA512 08ad1a527c81bc96dd82eda16431c4e81b298e756257e8a982c38c1152f34977165a6db2b7b7d3700eab0e163a9a1c3181fc1269ef6f9ba77630428ea1995705

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\idontknowlol.ico

MD5 7ac0c49cc1cd32b141693995e8163479
SHA1 591b52e827426974bed3caddb17f9701f1729198
SHA256 a367776a8dc47053258f37edef7537d251e40d409cc8f51bc9d271d785be291b
SHA512 ce90c7d23cdbffacba7f83613fa0562af5a0932e8543739174ceb5b9320e8c7faa60299fdf667ee3c19dccef3c2566df00c8cec029303c4205f52d169d2d5c42

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\limy.ico

MD5 925fdf30a687bba4d7bd85def5def9f0
SHA1 61962dac96adcb884dbb7786ad9adf22a166232a
SHA256 279eaad8880dea2d52b8221c38f501fa34701f5127bbc41591921b69a5a0934d
SHA512 59af01947f36e8a751d2d7cb199f9f379f7b886779112debae9d6a0f6c47c137903500f27ff06587a977247610f5912957079f36b9f7a3a097009caf90f0ef0c

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\limwizearrow.ico

MD5 75c74ff8112550471b9735189cb36c70
SHA1 2b2e1fefdbf6e8c5a1875a01f8f98b94bdd2630f
SHA256 330467c3b86d06b43d3c5d7148c4aee3672c096aba4a0a99fea124cfe303095d
SHA512 b879da97937a7c7e21a8fe7ddb1104261c92340f4f75f896839a49c15e486bcd1395efc820d5b6fc5c3f10c39929f2ae56539b2c808343e296e31170d665a17c

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\limewire.ico

MD5 8f880b2b80387f6acde78230ef28bc77
SHA1 dd6984de04b1b74805882050525de70426e753d1
SHA256 79661a5ed0eeb027958aeeedb66de400412a6fe06f1dfd5ab8abe3c14a1570eb
SHA512 cd084b648ea58e3b062ec602e25342509d425949ae20a73349322a11376ee1ad556604facc6ec6ad38479007bdccddc3ef96efbe6624dabc566677dd10122c94

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\steam.ico

MD5 a4e06cf0293bc3fa83db852e1c9ca2bb
SHA1 99cbe81b5a67ee920070800d4d5b8e5d617ece80
SHA256 42ae2353c1a9f101567bf0f5dc0dd848c9f1c7f25a1fa9b526b0e881e017cdec
SHA512 22f478d364bb32fb696519b5c895dafcf47f470c28bead5ea3fbb97ace0f6900268b309107ccd0dafbc8571bb28200d6e8bf4b9693071f5440c3139cd64cfebb

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\shareaza.ico

MD5 ede558c3365551e09a966536b1a61209
SHA1 f12a153e8f2ecfb8236ebb16db493dbd045df98f
SHA256 964d15e5aa45d26fc0d14912416e268f3caf31420f949c7734c92b7d58dd22f2
SHA512 2dcc1302ca6d05fd1797182d99557202ec437093bb25403d3ba780e01ad87f344936f963ca1d9243519a7cbcf023daa8004328b036f16798431b29681aaa4de0

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\rar.ico

MD5 f11ca004114c0382836197bb597bf509
SHA1 96488172264d9c041da502a4a357b2f41c0967f0
SHA256 c42ee1c8031b1e1917cef782b2d73460cc65ac3cfd6fe48737804459e25226be
SHA512 b8d34d1f4f913e48d73379cc7389e91facfe8da9f06bd78499ff31523f5b0ef6efb5dae1211a50905962d3fedc47cb8b182db1f514c5877d8a1678b15c0023b1

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\mov.ico

MD5 71ea5c0cc8245978042ca1a57e70149c
SHA1 7f4aac912657c833f22bdd6ab993ae1cccebad1f
SHA256 9deffadaca7d25ae8e04d2cbab6acb19e79c17c9456e30d8750cf5803b5f298c
SHA512 74bc9e3e11ec593f6a10228e30ad4658608b532dc36f94ec04b49e6e75bf3eb1feae508697b7ac0e5c9ca91e6ab38b0594856b8cbd49adfbd162a07ff2604bce

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\steamfag.ico

MD5 a7b87171a833e2eae9e0610545e4fe48
SHA1 af9c18e50d1a5eb41c44c037a579ed1383826221
SHA256 9f02ceca15fbb244a3dc8ddcedc82441779e43e56495233098d096157c1497aa
SHA512 bcd7b0630f08d48dd3537f1c382982fa5a42fd7d82731fb2628a3c65a51955abffba976400629b3e270ee0cc3ce7e1ce342d252273e351dcc6f0f7f5e9985d54

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\utorrentfold.ico

MD5 9bd46aa8a6a9515ce610c48b568b04db
SHA1 c7acd58ebce43b7b106f2be73a3dbf0f3823f1ae
SHA256 fcf06a10537d646cb9d0af81b9bf096b5766b87fbe8d5aa487c2765dc7563cfa
SHA512 f2869bf9a74e2d3bf6ad1043069de3b1cbe7903fb13d0b089f9ff68c646b9f3bc2117bef73d13b2f9de53d1697ca395ce3da8d24acaaf154d0518d783246767e

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\utorrent2.ico

MD5 fe767036dde72aa116dfec4d85316097
SHA1 38015110c63531c2b83623c7ad2a7ea38974d823
SHA256 0d0b0e33fe0c7058298d161e4fdb7a95fc30620aefb3cc86ec989ee00e6f085c
SHA512 0bbf9ad9e5d653c3a5149243a87656eedbc36975021067c9474d639d33e56168787fbed45cdeecc05ce3d7d96397919a0c2fbe7f933aaf677fa1500f9f7eba4b

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\viagrafemale.ico

MD5 fcf35c04537b9f0bfed48b00dfdac72f
SHA1 1a8535fc1d38afaf32341980aafbe106736e6855
SHA256 08f38e7bdd931bd2dd3b7da2800f21e4492b53a81dd97d6a1c4723c87ca6a87b
SHA512 4f8132268dd668b0e84380cebc2a7d1e647964ced2757fb761ab0070c35f5e9f9dba170b42831f96354604a383dc7fbc3507fbc504ed33f0864d4000466f5605

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\utorrent.ico

MD5 13a203726213ebe1120330a01c85e020
SHA1 0ba42571c83fa789a40e2377ca747a52af785f39
SHA256 17a55f7e7cde8b9e75a1a54930047014d2de0f3c90f7d297dc71af984e6eabf5
SHA512 6cdcc39b0d3d6309a8f23184460012d44bd498218a6f55ccc0d2916e45cd97738cc1487df96a2f04da2e858c66e7c1fd6fe5494120403916db24f7197f1150ad

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\win.ico

MD5 668b3283b8b3355e456d8f757d29d306
SHA1 fe18afd55f490f495823b5d5c67eefac3d3d9cdc
SHA256 a459017f231416448a88180a76619fa54acabafbc3aea12cb7e3c245c1c77ffd
SHA512 65c1d52e89adc6377acd6cf27491c1da08f68315a550338a6e7c37266ad96eb332f98ca1d30b22173b4421fb8d4595c68985354cd5550575c07e083fd25824c1

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\winmov.ico

MD5 18c58ac76371e7f5f0bd7757a4754c11
SHA1 e84bde268887c41411847b3d029127eb44530f39
SHA256 f2ade358b9ee41807e043387cc8818b458a82db9f9208090a3a5b90a633952ce
SHA512 fb4e7e786af6c863b231cbf8476be25fc1e0a18588150ddc3c04b5a365618ddfe38293d465d1ca1658f6bd4a9c8c025d6bf7a2ac182627389517150925141bfc

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\winfolder.ico

MD5 731bff80b494d3337ed41322ad5e8bd3
SHA1 920bcbb93bb73414d17e7155630c73e633f34275
SHA256 57cb616228fedb666ed3d157c14b7a6eed08239aba8bcb2895d9243d6eb64c74
SHA512 fbd0722cdf439c8842e6c6a207036dece7c926301255caf6d19bb45aa38b10474f3b445f12af59bb2ced961e7905098eb092adc2ea0f0884013f1f41f811c600

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\wintool.ico

MD5 6dc053a0cbd40d8c7ef064d658468f78
SHA1 b7d3245b002a7a06d3a115f466d56da0501c0030
SHA256 3d0486cafdcc262b43c6a802fe6a5bc906b93dc2723704838589ae07c72ba0fa
SHA512 0cc5fe23129f2719d89c356f0f8071c9d01459d28db3c96be14e735a33d5488f28540438182ae1cdcfe4b81600843ed130ca7120fed48d0af32238d6e846cbbe

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\Icons\zipzip.ico

MD5 6c5fd527c2646604da317eb189bec62f
SHA1 d24dc5e0bb4cc1ecdefc74f9933973b73cff3695
SHA256 67b314ec74424d74bbde5c61c87d1b30b2078ed86d59ef8e6f5002e448e8ff22
SHA512 d26148a33b45b8fcdfe598a34149adf3ba0db29062b036fcfcc3bd05ca504fd10b702d78b7265509f26c50c3d38c2b4d12cdaf2593cad6ff974787b897d11add

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\ClearLooks-BLUE.skn

MD5 6b5eede231fe2360e609fabac1b70935
SHA1 3fb47c45ec6da28d41b24471e1794a01d8c282e4
SHA256 f630a9b6b4be459fc222b33d7cbde9e73110fd00d07a19375f889602ece548c9
SHA512 6c7968022be81c992737ac8b8b36f57588b8fc76aca0f4e10b857ad63654a34f3015c0646b84db7669c97460b8d77b5d6eccb5ac2d23b5f11a86aef5798a945e

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\ClearLooks-HUMAN.skn

MD5 09a4fded9fd322ecdddc6491ddf5b35f
SHA1 297fdfbcfaa45d8ee2f2b36d4fd0209e0e6ff6bc
SHA256 2379a67838cd700cde52b9650a8029aa354a4f8dba94d758d3446af5c347f1c6
SHA512 22f7b5dbc002a05b5078529396b1b3e27939ab696fb67bd8b24b7060c52369ea282adb16b70b34769cc7455372119a7f1899e0fab0f11bb0227cae2d2e555cf8

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\corona-CORONA.skn

MD5 321544b69d1639d623a20063ce9ce484
SHA1 c4fdb8e71c1a72776390e432678c1e3994b60f76
SHA256 61a77602ccdf7f0557ce96d33b700a7f61746818bedada47be5e4736677fc58a
SHA512 96cc48d2c05ddb7c1ff7ffd3cb565b94d7c4da9782d2dc58efd0a6e185d4bdab3a2e32864bd2995d610c9b2bc6b59538ebd1ab30a29d4b09aebc0cdd04615259

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\GNOME-Blue.skn

MD5 4f1f519eaf0a316c3b6dcdd97a3e21d1
SHA1 091390ecdb998909c903d6737746f0cc39e760e7
SHA256 c662755d97529da5cec1bd870433599b007559b5dc54c9b93550a0e0fe408c0e
SHA512 5e44730faf8d5b70b0f637ea85a41fbeaf40d10d0ae6df294618aac4b87d3fcdba9a432bc93688e63472f3b19d7aa75ff07e3671a0a61d897cd8ca8864017d93

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Extensis-EXTENSIS.skn

MD5 68e92268fa4b7131481bb887be8086dd
SHA1 8d73fda3c16e86fb049e0632840fce1ac2697f17
SHA256 51a313e33bd9e4a780055dab31be90a4bf4458466aca2ea5ea8423f971d97d5d
SHA512 9fc1616d76c8d5fe9a7db10e2d60dde4ce068767fa0faf669dd9c8e56882d0892036aba239f5a612f8b6b7bb433ee9457d0781ccc1d5620b4d0f16b13ffdf470

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Extensis-COPPER.skn

MD5 7be0261d187ae78ae2da82df89c93468
SHA1 b85370073610cf5ae7aa4f3540350471383c17a2
SHA256 46c6d59a671816afc9f04f80701e82bc97ffbae1e627190c1e56411b3c58917c
SHA512 6b8a61787b8b8ea3ab8416616cc2a72b126c47038a399b36cc6fca40eca0aaca90e6d164b3381fe529be42f562dc254d6137a83a066c55a17d868c712c56c2f4

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\DarkComet.skn

MD5 85339e1c0d2347fa4966a7eac5b0745d
SHA1 6403bee5bade1d6134c4f9a2f938d09d7410dbcb
SHA256 c418c31b216de26eb25c960ac00d9350725c63ca55f9366fe2a938e9462e7bd2
SHA512 6eea69dd4ee19c71b197ea2547246aea8162b8efe80ba0622647e37f43c40e862100a0e05645bb5055ecdfe30bf6cdae495c3b056d426851ecd9c90d4105050b

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Crystal Clear-CRCL1S.skn

MD5 4371487f2f2457013e169dcf9bed94ad
SHA1 ff288de3d8de2a1a1b26d6af381720611d1c3732
SHA256 0f4e8f4d9e47d5d53d51a5647ecd2175eda568f056684ca2b6d65b0b5f8323cc
SHA512 83670db3da209ae78076e6a8c771d13b63db168adde0eae0923ebf76afde2eafa99ae192afa4b2f57c8c053c74ef3bc89bed79dd20c47c93613360068f1813ba

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\corona-CORONA12.skn

MD5 bd91ac37eee2a3ef900f0dbe65b3b43b
SHA1 c18b63a55c64785c8832412b9f358450ae6cb829
SHA256 1fa39f6f0fb6e1e267a3df7db6274eca9f2f177bd88aa77802b9c52a9fe5f79a
SHA512 011b74cc0fb8add227d2c6990d58f9b8a5613d3cfffe46d3c09a6b3984291bef401864b62a2e11a2c9c8c3ed653cee2d9580e13b066dd81571cffb194b6aaea2

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\GNOME-Gray.skn

MD5 935a3e670bef8aab5b9864ee9d68a3fe
SHA1 f3f899fda3fea02c7ba1b9f502273308209df240
SHA256 e24a87721080f978ddd8c4b9c76b28156d203ebaa58659e3652416ec3e28172f
SHA512 3b5858340c861e634a0b72f9bf7cd2cf7e9406b307414aedf38a85290137c0a319172fb17b501e02c4d11754376bf9fa4692fa43dd56aa18ed35c9506a018baf

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\GNOME-Green.skn

MD5 1b10432d4c0cb9ffd3fdd4cd0b18b0ad
SHA1 7de2e8b7ba1ebc5d90c9a5ebe4dd4dc564db51ed
SHA256 224db58319d8683bb2b9957ed6dfe019a139d3ae84fead163c346b806d7b0f62
SHA512 1513945729e094f9d625fc2f6f62b946c2e1331a9ac221429b5f55f4a7481086d7efacf5a75e228eb3a3c0d7b15334d803f5b7aa68fb7529703ee3e892efab6d

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\GUIRelax-CINDER.skn

MD5 58be805b95bd508becb43face451d72b
SHA1 56a664147641fd9b6e8751205e7882097373a8a1
SHA256 f0f5d81ca30dd9c5b2d5e52e46817fbbe5ddd04db779899ac3779aa62d9aced9
SHA512 2341e40bee75499c05e82a8fddc54210b9ae800f2c8a23ecb576cbdf615cc067f9f8be2a4d5310b9c8bba920dd4b6ac497c6ec1024623d79dda8ff737aa060d2

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\GUIRelax-SKYMAN.skn

MD5 4e483ca5a87b3a489182b2137d4d4a3b
SHA1 b3323742fc4dc35fa1c2866d402fcd037d9e87ec
SHA256 178ce74d9d71cf1b87b9ac24f028c2bdee4ead5a651671ee8a2707c36e427cb0
SHA512 3c5c25bcbd6f1dd2b4f26237b6f2d5eee5acfc434c6b1e2377e6da2daa43a893b0ffa0039acd1db7e23af058793a1f12c73032b57d6c5a1e740b9a57f750dbe0

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\GUIRelax-SUBTLE.skn

MD5 00fc419f38bc8497f9d3e28d0136984d
SHA1 bfdc1d03456bc6e180cb0feb3daab851bda726c1
SHA256 dd39fa2c254c06daa1edd584473ab0fe3d7c00c6f324dc1f4542d7261711364b
SHA512 69c5c20b2d227d1fa63b46c62a87e7a534e7d3b20659ec6eb7d0dcc1dbcf4f93a44391b481ca2307fa0431209327dc24bc09af6f40c3ba23ac46c64026c458a1

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\iTunes.skn

MD5 7871441a52a0fe7b63fcea24e59837f3
SHA1 88891af464a2cac43671737e7fae4dc625561e68
SHA256 a4a052c5113fa43b340f22efabef3cbe698d7bbfb5fcce25596fda5634c3761d
SHA512 9a3b9872644a4a0c2a9d8f5ff6191725f2b1eb1b8d123d9ca9c276a120cbdb02adf31e34174a1c9c2ed11fc2a3a1d4947c94cc34a12521b582508a25a90ba86f

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\LE4-BLACKC.skn

MD5 59594d9d17e29e36d5a336e031aab21c
SHA1 a0d4ea77fabdacbbef6b7d823c63013ee9eefa3c
SHA256 e1c26fcf63b72e43bf7457337a3ccf95ceb5d31697cc20f86b7b32c36c5a9f83
SHA512 aa9251bb45c5c17825a8efac18979031d0d3c525847171bb1d3fa7e6b49c1d67d2c00d6caa9255b0cc578a48656a367657762e737ed9bb3e7619395730efa220

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\LE4-DEFAULT.skn

MD5 dc8498299ca1bb027040e292a78f53a6
SHA1 c85030591f7bba9ed6e153310eb600426b0a82a3
SHA256 4d80ae552feb1cf37f3982712a50b6111ece92858ea332ad712e7f4e22d41510
SHA512 1012f47e4915c9f2895f466a83591b228104426e82083b867222242b42c57e9c3a5f0049033ab9f75c0b8b1e8b6379edf26c010de5e25cbc5fb920368e175e1b

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Longhorn DWM-DWM.skn

MD5 3cf957721e522fbdee43468b17f6ea57
SHA1 a609fa37987bfa80e2af43f3468daf841e281d89
SHA256 4b2f74e0a34e0b438c347b036bff2ecb037e88e77b29600d6a5088d6dd1ce10d
SHA512 bd43edf548b2a45e72f37543caf5c786ca29319868d14ea5d0f59f88cf73e5168da6f078111caabaac8fc56ede8206e7f6de6340222d2b51afaf5a7fd59e1558

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Luna (Longhorn Revolution)-BLUE.skn

MD5 f9454430c7eb51173b3596b2b4a6d588
SHA1 bec48cda3f8cb5480070913676506b0ceaf8eae6
SHA256 71b1ef0bc584424f83ac32d375d5ad040fb9944ed4e0fa5fa3f85399fa149398
SHA512 78e13a6c4070529af928791db3fb5100c023c5ecd6559050cb6dad9bf313e267e3119ba8bdb693f143e068917e61dc944fdc2461d7e0b60ad364937e846a5a92

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Longhorn Style-BLUE.skn

MD5 c965396d6d424b0604519795224ee105
SHA1 6c73ace673f0176828a8dde5c8ef0f4fbbeafd38
SHA256 c28cbb1e21c1be3002edfe1e29d09f750ee7fd5b4a35fd6d178cbf701449162d
SHA512 f9053cdf40b5acebf6ec9200381cc8ec404ef1acd751e288a948602de5cfe179381ec94642b5b77c09b523acc8682d50c535c53837ab98c04c3df70b30a2f786

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Longhorn Slate-Plex-SLATE.skn

MD5 ac64b991cb1e2f00bb76207396fed90e
SHA1 529c577febf72f15492babcd474f0efe7b86afed
SHA256 79b122b14811358060d028d47e8d7d4968ed2cf16d36cd27ce12ffe3911894b4
SHA512 ecaca57c6c1bf4314082530b71388d8bf6b5ed4aac2bbe00ac75880f3f466ba54cca3cb68613977459112c4768ebfd4fdf93cd6c7e6949e8beddf5b43112f3f5

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Luna (Longhorn Revolution)-HOMESTEAD.skn

MD5 b94c2b1cd9fb293cb168bfe3d22c340f
SHA1 afef0a22e5b6698b85dfc386fd862c93d1dcfdbb
SHA256 d3117976ce0e00f4b0f4c769fbdac64f24420ce1580eaf5411b4aa2ba4ee3a34
SHA512 284c678d4de429b746069f3dfed60616108e3594e6956a3623cfd9da27a1e89567539e9cdaa120212955c7c7496f231494ca505fae35477e09925827a943f085

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Luna (Longhorn Revolution)-METALLIC.skn

MD5 d5785da4aa1344cde14813df93ebb3dc
SHA1 3b0ec332e767b7c79a93ba42a1d308a11e6d808f
SHA256 dc90fee27707b3a72c32db3785f1c8e0be3e1eb678c7745aaad04517dfe13a38
SHA512 ad31a00670c789b7fcf19c6725a5e5534405bde0573d90bbb6309fa2f874f08237f73ad3e4f2884113a841bed3c079a100f0a4634a6f63ba1dfc4f04f8306571

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Luna (Longhorn Revolution)-NEON.skn

MD5 13779d0d3d007b635edce23f110ae904
SHA1 bf389b96ed700fc781023bfedd436dc8bedd2e0a
SHA256 262b3068bcdb3ebd3dfc2f8771229ca96b668e01fb9e0d5138b0ea6ad7f8485b
SHA512 601e7f972ac25077d5772addfb69916bb259cb78be09b8f3fe31ffcc8ddd3781976055c9c6b1b209dd723a8440d8f0ceae0c4465c4ef2f4f87a32b40750d68f2

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxp1.skn

MD5 6f63cabc1e3c451773a8e73c9705bd11
SHA1 44352399af22584f370313686cb3bc1808148c90
SHA256 56a6be0a63b61071a03f674a142461df1ab8865ed219f8109511a9073c1504c3
SHA512 18e5e2d9f70b0805aa0d2785e031c0150748d7939b12a520b872becfc7d9347edc70cc8ee31bc0d0bc4295024a21b7302c9b8719532ef91467b0f9c3af3a15e7

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxp2.skn

MD5 39095bb9b5fcfa96529b14bebf5829ac
SHA1 9b10d359b43a29ba8fd8d8bd4bc94b84490c0db9
SHA256 bfcfe95201c6aed712ee46d391412fd6e377964107f7a74201fe6221c588d88b
SHA512 8353fc29bc542cb1933113fe5467cee8023f72380875d87cff4c237915bd8989679d9d8ea256fa770d74b9904c301153b5fd99a6b9df067521bc0332914163ea

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxp05.skn

MD5 ef4cf84aba2b1a31ad15b84e47f3fa48
SHA1 9d8e394bd536fc52099ce6ea27362dc591f5b126
SHA256 0afdd8bb794ebf9b2712062ee48ce3df068f34737eebd82bfdbb575f5e338741
SHA512 9b01b9878fea476c8283700382b5f9d38231b45d780c8426503f7f82ff01fd1e086e88ce21f9a745a6fe39aaed010b1f9c9836b7d4ed20a10d5000bfd29b71bd

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\MSN.skn

MD5 87b457bb0a565901597aa87eae7c8b19
SHA1 83b75d2eddd0f2d3001abd70d4444bf63deda4c8
SHA256 0b2af1b1f29af9e4f1218ec2dfab61164ab9c6c709e0dff0f90f947dbdae9c71
SHA512 08d21658e0869407d61f2f294921c913d09cac41165b36b0d6deda35fabb4f80f60d2e77210952103e094dbb62d135baddd875afabfce137e2c93275158ad060

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Mollis-BLUE.skn

MD5 bfa788b65b5aabce7a005649d89a9fda
SHA1 3b0baeac458b72da57919b11a5260a41da9c27f2
SHA256 62f4781195de735bc8f980fa6810285951720b6a05e06d4c92749f6f13e942d8
SHA512 266ad21b4e405d5268f3e19fd08d206f6423661fe3a96e16d7d1047b49068324523cd7fe0613542c5aaab7d2018054a220f0b879874c558f584173327fb99ff0

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\MediaC-MEDIA1024.skn

MD5 0a3e79ae6ba18e8366270270a2262d9d
SHA1 014f27325f0f07fa1350a868e578b92e45c5b31d
SHA256 8d59cfd15845689ce19bb2784bb9ecbe43fe28cd8fbabcec254a2cc1987178cf
SHA512 3e991aeec409e8c7e5d9d6a06b6a783d89668e3573421b3e1432b4b17a10abe4168a428fef233b9c2906308e181ce560370f39a1f3583e615877ead0ea98a1fb

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\macos.skn

MD5 9e5925399cbf958e3285df53c5225764
SHA1 388442eeb5987e92491123640fde74be3fcc0042
SHA256 aa267c690863dfac1d9fc4cdee6129db318255429be176493a06fe0c075e4362
SHA512 6315d8711901d6d0f97a8e880b383b8806bb34a2394d0ad9cfdb3aa2466279c3a9706c75fc4ec77ca4fb98b3a351a7e7d976894eca58998d49671d11601b2fb7

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\luna-METALLIC.skn

MD5 851c715dd0dbb0413a7d90538141198a
SHA1 35b60bbede7d167cbfa7b49812d46ff4a13569e4
SHA256 b3852401572289fb4ac03c4a13af87c22d9d5191b0e449898ed5eda22df97b2d
SHA512 4aad06cbb491801f27ae52b714cd6e218646b845ef00e705765505c9d2865f9f3a7cad10af303b8ac469c1e94b076fffd740c5fabffbe84d24d1784ca9560f44

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\luna-HOMESTEAD.skn

MD5 fdd3979b4ac29b2f64da258c3b0a2399
SHA1 fe91882acea8ba2e93f424e60f7d9da6424c1019
SHA256 8f4034f071054136242d39d33e047ff3c58963b9d68f552f512302e9780f5c46
SHA512 b459da7a521d7650500b49d97161f102f6d639b4c4c1fd94dbc15601d8f91011d67cc208be5b05a9446ffcf13a11e1c0d33675cb05ca6ef1c516acedd54f74dc

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\luna-BLUE.skn

MD5 774d6a541bc4a88bcb4c169c9624de88
SHA1 b5a27f9f981c97021353fd4c48127444884d045c
SHA256 7cf65a4d01e21e98ea843ae1355b3afa41b41f74e0588c0a7b36ea7699b51130
SHA512 1bb9897e9326427391dd19e49d6efe3c896278e2a70a76665760b3aaefc4ab6e5cf9e23224bdbb0f03baa7434899202ba0ea1894717fa10c045c8fe1ac41d27f

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin10.skn

MD5 2c5511cb1b9a331ee45567b9fd1b0fe6
SHA1 3a9a519cb988bbc5faa30e68adca62c4e8d03f8c
SHA256 dc74606e034132b16f2e8beb7e1009dc8a98597ad235c7882ad04d441ba591f6
SHA512 8f940f2c47578a4c7bdee3d31a3e770cc825ddbab73613afcea3abb13d14bdddc60a8942f8785932f5a5508df7decf5b0c9781a4cdbd42d7b31c0e1b9de8d0fa

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin11.skn

MD5 a9b7d22543d36b44e91f387233f4acb8
SHA1 1bc683b1de2225b3d68cb22c87955473f30feb72
SHA256 b5301ca5e5168687b130d68792476fa6e0301c07170998d1ed1aa60f61e1674a
SHA512 8bcbb05d2b537bb488bd6727c80df23f27cb2ea6ae1dca57204cc5f22c2ffb87491447b5a6c8ae02caf7982d9dbceea598735a0f117b575086df936cd19c9ac6

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin03.skn

MD5 73069f2cd6e4b1ab18f973f1050858ed
SHA1 9a94453f09642049b9d7106dc04be596d01eab4f
SHA256 359beba063525cc84fded83bf31b8e21569700cc2f02e53670006b444b6e957f
SHA512 4c345c9c24a0f025e06241fb8fbb310ae8e739e34e91f6b9209b40869b2e679653c168c56ba5f829ef4cab7f806f41005f0492d69898b557032c34ab7b3e96e1

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxp3.skn

MD5 f4cf139b15ca7069ff5e9b0697d79070
SHA1 b567daf50f566ee442ea75f686716a736e6fa851
SHA256 7ed227b7ba4f08398ba460cd5fb3c6714ee5b0fa160cbebaeab8c2a969982afa
SHA512 eeac8520574d045489b2f5b903b311e32c87cc76a03e05ab2604b6bff09bf9538d365b005f7dd9a5dd8509c4760e46efb1d9858efd18dcf3c09d5db863498b5f

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin13.skn

MD5 a80603df3f9063f4a0972222b6ec485c
SHA1 ee369542ff2be6ca00d6bc58d8936c74c1fb420c
SHA256 8f739a6e87c279b8a0becbadae80e37da948ac1579a8727c9ef3bf15bbc003db
SHA512 57d1b33f9cf83483b9884f3a0716a592e6e16d643a65a6962aff6a1d8c46aaa116ad603ee781b6fccd1de4a94e51df1dc9cd290f1fafc00199e47c0f38ef6252

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin14.skn

MD5 34d47679086057bea1ff2a7087ed2550
SHA1 55d456fa83d6f2501e4d94e9e43d8a1f0c48eb6b
SHA256 09ee9b5d453cd0c8544ab79fab6a409585d8198c349ffcacf18ed4740d11a0b1
SHA512 b43409a9395073200465371bcbcd87f8c8d73e6b0c14f56bddaac2a82ce8d1ff98017d6159e2a779f6b23615ca09074e640709545c57b6a1a6bb377fc55218de

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin15.skn

MD5 567e30c6efee36c81c2f1b3da68e38ba
SHA1 1beedd313bca9cf742a7e446f4807703e9d1b2ab
SHA256 080839f465a5357631116b3b358158e57848ed08cb9fac3bc326b48c362c99fb
SHA512 939351fd6686f6a7407a714adbe42cfcd36e1410f292ce3e83a3ecc50dc1d233b8c3d643edfa9323eb4c29ff8956666c9b66b3ad39730bd91c66486bb67752ba

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin16.skn

MD5 eb2fca3c3525edfb597cd81c8403af0d
SHA1 f9cd57d9196eb84ee5588bd67b30a1554d40e89f
SHA256 24e9fed4557e7b63214c55d507cbcd712f67b2b5ed26665c03c3843ed0cbdba6
SHA512 5911c9d1c785e372a967b725fa25c285a0d9a73579d58dca164fc8bf7621b9dde536a3a96e94afe2b1dd7eb7f5435cebfa7f8f99ac883cf98e8cf3ea00c1197e

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin17.skn

MD5 0a425bce490a9b356d9048b19e2b3a8e
SHA1 0811bd49fa96c34fdda82ae8a9763d7456e72e2e
SHA256 e1354e0d704e75a9df7697b07d7fae2d3867c5d7483ad09b88a73c2ecbbd8ec0
SHA512 c5a1e0eae7e6fd7f31f779ad1c1c0df267ef31c89d88308e6ae8d96b974a89aedf420ce320f0eefc138e2f3e3a87c1d672ad3577ee8c827928f1bed7da87a63e

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin19.skn

MD5 fda67405727ac74d1f57afea15ea6d30
SHA1 43521d3a3883f0d310a7da57b89c9bbb29fe43b4
SHA256 8374be7821176320d715a86abcaac9182730b87fb5649a95467f6ecf3a19da90
SHA512 83a497b460048f447c9dde738fa6e18828d9465de7d68f7ac83a4dfb90a9c87203d2280e58229652db20d324c6cf23f5dd0eb66abbc07f202be61681398f2177

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin18.skn

MD5 fd58d8e0e777b4d53f72d5ee5bcd3386
SHA1 cb079ff32c5d27241a3e335460c12b501a874cb5
SHA256 82a1508dfae997f42e182208940de2dd35e2bde4ae9efc3d5f8798050e9d8d48
SHA512 1a63c3eb062b02eaf19855acba707fabcf9ecbdbf4894e729aa5ca7d32f00c68be9ce00f68708f3cc1bec973a7af6615a700d6f5aaf4e7d172e7b691bfb4b935

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin2.skn

MD5 06f0917fbb236acb613bb5066625cffb
SHA1 958268863a7dc37ab19716fd15a63c46e5db9dd4
SHA256 7513e03ea0568851f15c334269c9ab172e696d7c62bdf58151eb1f6a37430667
SHA512 efd2f7c84bcb11841ec28027e50f376fd3c831a07bc50cd266a9f8c4a9ca02d5c8867c561f23d4c645b5ae82f3639725ae8963b6999dfaba3b9d48822724b4a9

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin20.skn

MD5 6e6d4dfc12c67cadd014b8b31b32e313
SHA1 559f4e399465e1fa75845a4e9369a103fc67cc33
SHA256 7754651afa69507a1280a28514115ad0bc223902890c20e777b45620d4ade4a8
SHA512 fbc40f00a0ac00d32cda3bbd3c6e6d2a4836b5cca913e76a8226d7471016ffbcb01fbe30d121d49286358be4342d39644152622e5c87372f53626dd24f464c7f

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin21.skn

MD5 f42fdc9d40d367954a3c56456993d2e8
SHA1 1db61c14893a9711d532f6d7a4fac16b4d57d353
SHA256 1b812f6a187ebd640874294fe9057d794ccdafa0b6a9fb497779349f2162e49a
SHA512 2d423c15b9896b9a598aa8b666f1e8d8128a7fad355cf57523460243353bbaf275a0b7de46ef02620add3796c8d6ed4337c2652c35e4ea1ba717ad1d9f5884f8

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin22.skn

MD5 1a1e008b4df78238eb41246df2afe98b
SHA1 d5f4e3d49e687da835b37bd7b5a81639ab690442
SHA256 c385dfcb4b2536aad4ee9ebb29f65c7aceaba4bc9dcbaa26cb954c62536fb045
SHA512 67e8c75b535c07cae415d2c365ecda93d75d398f665ca1a5199376a3c5024a65f9b0bb8550c413b80c3f7d8beeb4079144a9a087eaad2ed8cdd1bcda115f3658

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin23.skn

MD5 f511f42a37b45d8e0b96aa1c0a2463cb
SHA1 91830cfead5f7c00ec69f868a3f7b29a63dfd564
SHA256 566cdf33a2ec3d39ce8c5472b26c8335e2216bf08e86dfbf3e4f0d1077b5f0f5
SHA512 5f2a6bd743b78032cc26d6189c53bf66e505701c2b0b2f3fcf9caab3971321795bdd6644e979c3b1f29dd465f30aff510fc51f03a04413bc379f154a8b2a1406

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin26.skn

MD5 2b9a363294f3d66b9f76b30f13e23de4
SHA1 10a774e0245fa75e5c06b712960f9e001b5a1275
SHA256 a7fe6d90c52485051bbd3f0d2c72c406bab9e18b6b5bb02cb915d351833e9250
SHA512 a54dd3c1a071812f09ab7a4bc2fb28558c9d3151fd7bc5725411dfd7de322b70f34b4029edba8367cd24f2091bdd86e08c3832fc4a918ea357537dd38468cc1a

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin25.skn

MD5 40e6e78885c18ced76f3cfd85b36e182
SHA1 6c6fb20eb7ab3c6e11f18d7648d17e53b1f1c4a6
SHA256 45d64e97ee3781a7e86e6ca2125cf6657ac62bce38aa99f42a0002f7da80fe22
SHA512 b21b164af4202b218fff9f6a18d5fc91e1d8472df4822098d896854aeede5b298aed684d18f60c4110c355b325bfe23a34cd856ec518a463ef3da2d075f20897

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin24.skn

MD5 e1d005b6be5435786f60250e7a36ee7f
SHA1 4228bb63cf8ada2616bc4bbd24c9cc57ae1ac6c4
SHA256 0235598832943fad9aae106d95807d57d2189ab4d322d917ac3b1351b7dd8602
SHA512 bf07661033592c64ba0c569d2f838be389009256c14db7cdf7588ca9e8d926b5a934d12e03372e7a1cef15510a1ef6b331355a18b93bd29903d6695bad958fe9

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin27.skn

MD5 d969fe8d8a5a4d543442e6654071ae6e
SHA1 c68c78988b207c706847eb6b16fd50839a5bc646
SHA256 e22624841bf74fde378505f224d1931ca390a0a05aaea0bed4886f1c219b5210
SHA512 be81b7ac4a5d4e757ae0b91d5e157398d47801f02a1c17e8628f2329f6932693112b7972258b41d63147a701276252b2717e9e1afb03bac373c5c8264cbd31c1

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin28.skn

MD5 80ce17364a6b9c0bf36c904d70245016
SHA1 f4b633ce6d61f71b3411174203387690ce1a4bf0
SHA256 900470a4e7d044804f06aed962d5ad5b025831200f7ba643fadd16cc45b0bd8b
SHA512 77eda5916118f7ffcd84b3a31f2522e1fba9a0d26ecb8f94c277b166996f3aa4b09e54b35ee9a2fcaeb230e9c4a6d37b1d27653d14b926e23166d101371209e5

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin29.skn

MD5 1abdf4551268cad16e70e1c33ac82fc6
SHA1 0231c5088ea8b040f92809ed74842de4d746200f
SHA256 4e4f2a2852b2600946b5b55d6dac59e2afdc4a4b8708355b09f3f5fd9c060575
SHA512 3bc728f5f3b396535b86e4c17b89578b73017fb84ea6a57a88dc96b792ba3cb2bd639dc6a745068abe8e4becbfd4d560a0db9bf7ad3912bdc4da9268343c9ee9

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin30.skn

MD5 cee61b5333c13283a763e88d677f2454
SHA1 27cb37a48ac3541a05c5a3fec254f0dede13d486
SHA256 5e681c34aefcc33f76000e94a334126f02b2a56ecbe8961c3be4f22c434b7356
SHA512 91856c1b8c9695b84379a5d81c942ff979c8ab242dc725d1e8d26656d19fcdab3ebf08e9f4e601e019e889818f54e0c9943289a078225983d391b482c7ce7530

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin31.skn

MD5 1649543fbab8c69b3c13752ae892ba94
SHA1 d053cd28b6586fb9a657a01fbcccfbe5252de91e
SHA256 325bd68931ef6b5d5d06be44c5befc29febe8cc4b72a25f6375d5bcad2c9cfdd
SHA512 ad7d7be6f1e2a50dabf8d7e1337f32393e42ebfb689b7c9630771ee710b0c2c533ffc666e060b7daa8d3e1ca516508b955a613d8c08b8cadb329ddc1aafc3746

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin35.skn

MD5 a90a2e430450fb5ee6330590434b539c
SHA1 1407b458b49f241dfdd50d424dc5ca7699a8b2fd
SHA256 9813f039950becc40211553c64aa763aa537abd0eb5c34e9bd306f8f125673e5
SHA512 06a280f4f02545b7e94902249afc53dfd27c5526e1ce5266760bdfef029afc4621dd65632e9f1e7e57899f0c36b0e166b4509d9146db78b8a78d0309f7996619

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin33.skn

MD5 c4a73fb88687b83d4cdfe5d401833176
SHA1 e3ab0dd06026627ec6da51012413c0c60f4d3225
SHA256 b42709ece52896ae2209cd43eb898cd87579b5a93401c1c9ce3ccab0e0336eb0
SHA512 533a43848ee618313581221c40fc3ced1aef7116167ee4e646df6aa590c932eb03a9b6a4022396c814d81cac3e8013ac775ba18daddbcebc82c6ebcb3fc1b016

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin32.skn

MD5 a858e589e9b4bde048ec1ebb9747e841
SHA1 0c4bc7252a00d1178f8bbbecd28f91c622388e97
SHA256 3388f7bbac6f22a6702fd0a0f4672107d718b9dc43c19859c0d6bea3f83ae9f0
SHA512 8a80c4bc92c7e8c2251ed7f48792f83a0789c4051dfe1073af3bf6b77802fb3f386dd675a38fe80cc1d12525077a21fcf05c6d3acc3858edb17e68e66c7fe796

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin36.skn

MD5 50efecee54d04679b3817cdeb4f6d053
SHA1 9332dd65556bc61fc0156677f0b3f82fff258955
SHA256 e265242b77a3bf12aedbb4f4e2f2ea15ba5ca9855f6f647094ce4b6ec05ee3e4
SHA512 5202f22dfb09b18409031fb2ff3948f5e8171392800f8e9043cc4762d6a45449f9d1bd23671be6907cd4d189f175cf1f634f8006f1dc0bb1c062e73daad36b07

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin37.skn

MD5 cceea6ca1299caa01ea83c813ea76f88
SHA1 dc5c919f2f187b9ba6c3958238c2f3b6401376aa
SHA256 56f5bf45063961b9f13eb98d3ebf030f1d3278060fdcde731d316a02fc567eab
SHA512 b2c76b3048ed1dad5fa39b09d75e1d427248b1d0e90da668c325924c74166d89ed8809c3792a287a5481725e4bba9663389ae874633d8d6277f1b4be06016ff9

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin38.skn

MD5 cf2b82ec5d0385856bc7dacd21eea43b
SHA1 26342099aa9a0ba6a3ef22aa9015b35551c96c99
SHA256 78dd8b6563e9d6a72ed70aaeca656428569339ff8e4d47637d69423c009cb4f5
SHA512 2a871adabe046b550cde99957b0c6b46db58476f96212631503d3fa1bb1ffdaf6eb554850156d9b5bae07c63691abfbfc7d726bc1e5cb832683e4f5bc01dd7f0

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin39.skn

MD5 b3003d222a3ad39aa036d420a9ff05e7
SHA1 0a276ddc35ad6f37a68f254cd0360a6734246efd
SHA256 224eccaf92da46fa74e3f0948a7cc4f49a75fd05217e330e09a9f076fc66b18c
SHA512 0039e3c61150b49673772bb7df616d6398f8fce2eae15d48c32976a2c295fe5531ee4bde67d204a59bfe2823a57dcdc1bec884fbe7094ac613297aee4e0c5144

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin44.skn

MD5 ad3e7c09243680ca09cc9d3f5a339faa
SHA1 127791109ee06a31152c08295f28920e7bb6391d
SHA256 88bfa3d66d1e646ef0a83185c38a53e9b632caa301e13f647ed09687a1e79163
SHA512 5a016690d9fa26b0700b6ae4c5404b2fa2a73ec15168ad4ba14225ef20bc29111586dfd51958f7a5ac59a1464a6c94efd3a3df3998f33fbc63270982570f1fba

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin43.skn

MD5 1f424d3bc84ccbcc3d62587c377a2656
SHA1 f0bd9397ca95d96245514ab42dd2861f2c29925b
SHA256 8ebbaebc3c26eeded721ec3db3a39e703a92bc41017fc2f294bd33ab34f77dfa
SHA512 6e5379697944b55a6b6b8dba2ba8b929775162e7d744b6839d8c9294ba64c64d32a139e02fa504a7649bbd171b6295c92c888fa3fc65505e25419a0fbecc599d

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin42.skn

MD5 8d36ad067a5b1f2d1b07b3fdbc9ca2d5
SHA1 1ab38023b98cc51b2798b82745231db27685f054
SHA256 3894a4c48a743a3f772b51d4beba2818d94d136ad7c4c897d9a0a1f29ab00fa2
SHA512 84ecd8276fee0a6220446765837fbc65a5c4b10d84563916eaf8ad26e233a58ca061a81729aeb1087161502efd2b28f72468bc4d40a5e2ef217bea89e2224fb5

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin41.skn

MD5 49b669ad0a18b807a5669bbc940a2a66
SHA1 85e196aa59a373b265e38acc31fe3ea82aac11be
SHA256 3b7e29415197b0e096de7532a3c1608bfe0397dee2fa37eeb0daded83d4332f0
SHA512 39899e2993b82f501d4a93c493080310032b60d05beb63a1bd68c420e84900b47625580c26443e6d6a1cbc704df3bf4d5e4b18efbf9e7e91508b209b4eed45bc

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin48.skn

MD5 6c5f6314e9dd71a098b9df6bb995d108
SHA1 ba766d50cd59a23397c8939e3ea6b616fffc133b
SHA256 4760a33149b021ec14c99c8bf5d7baf4aa8819134adf71b2b8211c506380f1cf
SHA512 54da699e433864eda56ac9ccfe901d34cc8aa563fa0bf327aaf02f0befc4100244c19d2bdb8894dffedcd072ffebfc051594ad8b86000a19130d347ef15ea99d

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin53.skn

MD5 7eb5480a8e3d41286271a59bc5bcf680
SHA1 8444a29d53766cc24afbbc0b57fdaee2732d6dee
SHA256 7dc694d2c868db731b196f4379e8dcd47b007f2a693b0ac2467133418360d6e3
SHA512 65f3d51e6923173446812c2b64aa2eaef931a88e8af99a120d7e8d59b9709b1e2bed0f9d47c7f450e1039d14bfa52edcf7eba426ff68ad144ee35d8a6f8b7943

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin51.skn

MD5 bee3434662960efde6e26fb6adff91ec
SHA1 4caa67eda01f3ee3a64970ca4105ce6d38f4414d
SHA256 4c21accba4599dc64ce8bccc58c56d5f12647c05d03c932a65f825a403c85869
SHA512 826f6b790f74c37fbbddc20f58641d2495f74b99ebe77ed1f4d199adf02f834669a954bc3f8d1f2b8576b6a1e22afd34d6bab2388bc3c45a0ead7ddf10e6ff30

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin50.skn

MD5 90f39e32063cf0c53e3301054ef44123
SHA1 5b7729942c91adbcb3e07c7b6605032f3698cfd4
SHA256 6e6a66c668f9fc4909077a640b095021318daa2d76fdaec3ddc3e01e120f7792
SHA512 90f46e2f989ff0572a4a488ed64038c42d674cb48643c58ac83d56e7b39d50f7c8a3071ad290af05566a22b66b1f04e4fcfd51dfe94c333ff680106a009c990e

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin49.skn

MD5 927dfc5aeed73d1a5f044e0296b2a35f
SHA1 9e90f2ae06f107c38ed6c20eb142815a9a7d6c3d
SHA256 3b28b57e687dc2a7649872892c6502e02a364b540e9fffa568b3384db2655073
SHA512 b9328a09da1a238ed3214edd89cf2e46af1ab81724761845275f3e5ac66f4eb1154924931d379034f8b55a1c139bb0a9ea58c684f57003bcc48121c97e007a72

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin47.skn

MD5 1b445f8b85069fc7aadc971b343069e9
SHA1 602702dcb168ec236ac5d0048cc2c83d96faaa89
SHA256 52700eb92d3e2e9c7a2b228719741701d697582dab022ce70f411725bdfe98db
SHA512 8c35cdb146c89b4018bb2732db838c0ec06ff90aaef246eaca686bb10fc6737295df50aabbcc700caf55a8e86113b7bd7941f401ae45a1807136b56e263004ac

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin46.skn

MD5 2b8ee88a4b35ca7732c64a304ec9b5d5
SHA1 01f721ab2e01d1b033ba6870cb336e52097ac82a
SHA256 c0798ab4bcaabf4e137cac6f3d4d97931190cb04d1443911f6dc61af25bcb384
SHA512 076d6be1f5db3f053ac7ae1a633283333280f3eac4978bd74a653bf95c6920c6a55a26ad60cdc3e54a46ac0e06f6024c8fcd1b5b7f7fd6fb86676c7a4cbbe61c

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin45.skn

MD5 5b47f73f96b3e1e5a0caf48e5b220c98
SHA1 3627fd58c2f6aea2a1490c9136e5db0ca1b24555
SHA256 322053dcb17df76df1a1926c512fca73b37e675091de084192daa1c592ad793e
SHA512 2edcb95dc44a433794ee7ba134a15b4f744d16e0777d6071e9c65adc5e5a34eb280fdc18474ec0d5a18a3e657e7ce742ee30caa63d701aa269cc5fb59e6d0dea

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin54.skn

MD5 97266238e0a3e21da9a9e64f0d3edcb1
SHA1 d2278d678f338aaca52eb9ebd946d9f06fa04eaa
SHA256 20d951ba7cdd860e30c7cf4c4724108736d5974419eb21aca3c839992c173084
SHA512 49827533bb44002c9155a780fcada3a27f73112dfd611865ff238d8e1df878f77e762f67c07b500cbde128a5b7ab8a0ecf381be1204084296b2a7b1efb81654f

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin55.skn

MD5 12c3cfc2cdea5bdc7533b316b793e398
SHA1 49ee4fad238437b451569e7cd8b63c0fecb2bdfc
SHA256 7f9c5ac8333613746daf515ffa56800a17ed4d3a77175a3c85c32669a3e3622d
SHA512 029e04d4a5496471fff51bed650d295be29afd846acb50785482b0574a834857459fa36418c1c4e1117a13a729478624719d6233062eb10be6185f83677f41c8

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin56.skn

MD5 c1802e4504bb468d6f755cda1dc9baa9
SHA1 d7306d2cd60f76b29ee9835e405a02f7388b2113
SHA256 838fe9050882e0eef17fa4063161d888bd83ecd47907cbe315540e265ddb6ade
SHA512 e6d18511b8c3d6825bf5df3583ef008db6f445da6d93b9d8f2f3d6e036ac4de7a696d9bc4e28f209f3dcc0c1c8ac06cf1e9de5ace2c2dfb4abf528dbb44cb938

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin63.skn

MD5 41e791423d77a7e939204c124a0dc9b1
SHA1 178a0155e92395696e5dd50a1e7b2655c7e09856
SHA256 f79ddd926215aa61d2c43457ae6bbf0840d1374014a3a99c06d5c0e7589283c6
SHA512 678a66e9996b02111f1422fe3b2d2b943b3127039ee6a7234e1eabc38656fb8d2fec1aae0d63f43c01484c52bf8a9c3270396869e10703be3851cb3e62ce05a4

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin61.skn

MD5 cd5088a61e32541612f55c55f61a8ba3
SHA1 0b30a4a8e57c745c96069d958745c43f373ddbd8
SHA256 9a562510e8f17a7e58418539748c304e79d0a1f1a7d4fdc1475cdbf6e1167d61
SHA512 ae707ae490348e04b963fd5df2e13e5cdacf47042bf0e924828df7552675a7cb47c63be0f9037871080d102a3b9135801aebc126e68ea13bf9b635aa7fdd8ab4

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin59.skn

MD5 db1c432364bc233a18168cc6f784ecb8
SHA1 4a3fe670b2d59e86c5e8f6a5c5b1adc6dc029100
SHA256 9c847a3dbc5597598413e968e16b784024291d4e60364738b23db3d3cc427611
SHA512 f988b4b39bcf9c081743321c236a043d977634b8276390d5b86c46592c75d2d60b40126a723ef7b00d1c03f420330f92d4cdb3676986bcf7f7885202ae401f73

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin58.skn

MD5 8df669fdcc550d9b5b5812d9e90e75fd
SHA1 ba4c79d8953c936af5631d03c9b4cc0e0ea167cc
SHA256 732a92661ccb8c4d1e48a8cc73443ffb3a02417eebd6f631cbc3233a32960611
SHA512 bdffee8c88b761be01c12b3b0898f6f251d58cc188b6c2c22248f11db916c05576495f828d75c590584329b7d8c2d01cc60e63d5353deca92c41c398253b6973

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin57.skn

MD5 77ad1fae656170bf9f8c04c60eb06044
SHA1 bf68960c5a9355e5815d5438663c9845c3085468
SHA256 fbc5f6853bba5e59cfd3f6e10a9f9bbe9bd98778ca1567ca700db6e840bd970e
SHA512 0de0e326ed39d1dd936e78344c6657a69a98dec2a45debd0243b9a3f782cade1b54ae2e85cfbaf639ecad71f6549ad3bd31f5c8736e6c91336b0f796cb965704

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin64.skn

MD5 a8350d3c53dce2105c8415cee6d4783b
SHA1 7740b468136ce22afde5d990bbfbe01f0e4700ec
SHA256 091ba219728767aaf5bcc1d53be1103d2ca84882b4af654be9848f17158c7acf
SHA512 f5c5895d9e9f04042a64586df2916505f762e2f87e03faa175f1821107ca0fbad2d03419b8591f151fc0d2b8c911d9d0d13cdf14180b15b59a03c3e2ed5600ff

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin66.skn

MD5 b53e6cc48828b8e5208c51c8b8574ce5
SHA1 75d000a24e19cb0cbd90445287f844e07d7e529b
SHA256 393bfb6a03736dd6ba792677161bf52d128512d28d290b9e2eebb91293f00e50
SHA512 bda9296db0ead75dbbc7bca501d3c59ceaf53aef22b2d7d3ea7989d261d5818ba9125ae41a9884cd4adb39f36fab5d558584b41b98c98baebd01a8e2089df92a

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin65.skn

MD5 7dee78c0408fb6b79a94b5668edede6b
SHA1 95bd45d22767f3fbb8740da8607f26c1757a3525
SHA256 4bdc8f70caf6ae60e5b65451aef3519da00f23444f332ac71ff3aa3d4bb794d8
SHA512 46cbb014565050de4fdee9caecec72aa8b04393dd5d76b2e2f056c2e3eb55f9bf213853e8b1bc535a8f323851b21eb65f827321d5b569d9146b8038d44682e68

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin68.skn

MD5 ffad305a0e2473163639441e06f38cc4
SHA1 aee1b225d58e88960e486ad47c4f8fb479869407
SHA256 0407037044bfac888f4a8cee56ceb9101d6b30d06c776f772f41ae888f2170ec
SHA512 2e2e7155241a3c892c5c661b7c978c7c8f189758127c6a02f2fd6312cc777472f6f91488aecbf11c5155b16f50f35897546b85176c7e508fbf3e4961606af389

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin71.skn

MD5 7ac0dd71bd0b10a0cba80911123103b9
SHA1 e1963f295c62e2f5bf8588f0c04047a95b419c5b
SHA256 af0bbafdd26bd632f411d04b4857980a144ba000e9c81aea9b5290791418fc13
SHA512 661e135e9f6dac240388b67ea596696a83d52b4ac2fdd17f277bc8cd016c5ab9ede05ccbe78c5b8d61207e9f81dabc338c5f9a929aabaf509a7191440a0c96f6

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin8.skn

MD5 b450f19a18ed23c8cbb741c60c54d5e8
SHA1 19534fcb179abb39cf143c6b91866b02d6bc8d1b
SHA256 13d77498728d3c6a5feb5dcd6e030ee2bd68da6a262a632d253977145a7edcd4
SHA512 2a3a945e70e8a7d8f599b6037b1000e2aad6bc2956fe1205516133f422b64941eeb5ab5adbde63e0fe87822689f8a1019ab4979e13d9886a3a2df20c09a15b93

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\mxskin9.skn

MD5 18b1d7b6cdd339c54a932195a48c5d96
SHA1 e9a33658a232856bc4efbc8447fa33137b80646d
SHA256 1517a5bc483752510769410c67fbc5a91018e1e025bee43b32f56fca1cd2fddf
SHA512 04822a0f3826ab49900967c71cbc58aa70f4ca158828f7e9965864ea584249fe0c8bee37451c6d27fcd73233f4a775543703904dc5eb5c9bb611ba8fe13017dc

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Office 2007.skn

MD5 ba4029be7069329be089b7d789ea64ad
SHA1 0fcf1bd8a353743fe650945c6c213b96e57d2982
SHA256 4be54b7672bf050a6cec686ebcf9085341807492055f33185d184866b7ad2a3f
SHA512 956e4bb5fa4968200b6d0d27650533d9f6672833e3f314a84d1ef365480dc7bf6449456a9ffe4b55b138872f7251a98789bccaa58ab9c31d376dbc5925b25f2f

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\office2003.skn

MD5 07dc1ba635eee0edf8e721d22d08abc0
SHA1 b1abe8384225c450c8fc58e0ea2dd98f203b7a98
SHA256 a6c23b708fef9ff5b13f35802bab3badd59ab6d1f4371b35d19a38c8a89242ef
SHA512 f2f08511ecb599b33124ecc4c0f398d5ca154526463d45f3156f0ce7666f0fd977adc6c6c0d8bfb08740446324f2d267ed4bb4802e89eb5889993e3ff19f032a

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\ONatural-BLUE.skn

MD5 ad28ad7ce71a2b380702adec9947a99f
SHA1 f518888f55e209faaaccceb31e44380bf6f5d924
SHA256 3e90675b63a48a6d3fc270e5febbd1de5c928afa27786affb5e01a7773aa68f1
SHA512 db11880852398ecdc45fdc02d1f8bb4e73a0885f231c6386ee5fd38fc4870715aa988e75275a692fa7da5a3477099b4d721c02322d92e0f1a3cb3587609af704

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\OpusOS-BLUEB2.skn

MD5 73c5ee5eb79cb869c87ddf6a757d39d1
SHA1 0f0e2160ebed52c6c884b03f993ce45054583733
SHA256 daced90376c952a30956989ea086a50bdd415130a0f38ac5113ace036e29c9e7
SHA512 8783811d3d6ff1e238a6876090b56fcc02b84ed9504386e12cc321962bf919e09686a70fce1668482fdc201d4295202563479b778a91598458091c94648a6138

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\OpusOS-DEEP2.skn

MD5 7aaceea37b23b488130a0bcbb6c461f5
SHA1 2e90b531a33eb13e91ba70f49ec17f0a348bb106
SHA256 ad1cbae9c97ee5df875bc18312d2a8134049194abc249e1ed3657b8fa449f41d
SHA512 5cc5d2f98dd07926b5bf3165bc89200f593b9eacc5880ae25159c7724784c66a6624329e0091600abc868ed95d11fead0e7ae82523e9689d6f806359edde1e00

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\OpusOS-OLIVE.skn

MD5 a3adbe28186864478a01b5311b2e76a3
SHA1 d1377acac49bc9ffae8e6ca57830e453e858f30c
SHA256 8ae182cfbc01d075696d596e7a669c9838b947c84dec2ac23464f059a061d835
SHA512 3d9e619decf5cf0fabbf3d35d21052bbbece854b020202b2ef2913e7d6cef129bf1bdd4675b46ca263ca95de65cd4bc2e01ed2dccbf4c6e259b7aa767bff3528

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Plex Style-PLEX.skn

MD5 6a32c7eb12129eaa04205cfce2153200
SHA1 f198d4bc989bde7935e7d66f241e8256da860fbd
SHA256 77e417b18bfe411d8ab99bf2faeff42c75d55799a63160cdea557b5d80b2595e
SHA512 2a148e96219975dc17c8509d5fd4290c376683c7e47e8d628f8e3a1bfcdb5c95ec19d74696c3c5b3a1b78ab5f135c3052ae2292cc905c1c3f538fddfbcbf791c

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Plex Style-PLEXM6SVR.skn

MD5 c57532550440d653b7d9a7aed67abaa9
SHA1 6e63807575b467d74e0f16548908711edb0d50ca
SHA256 f63491f4f5134dc53eddba203ecc8e4243a5d15fa1e52a914e9b60b9d3de1d68
SHA512 5582e395b637b98d52a5f1fd8e09c2bd329d19c516bf34e20cd742cb8e91b6944375671273c9df3f6dbf035c6deec28704586c33a0a849692736115ac0959ae9

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\RoueSteel-SLIM.skn

MD5 a83f345b22f93e4375717fc5c4c159df
SHA1 3f42a2a2b8666e5e6f810de07b701839c5ec1a7b
SHA256 e72e520399185f7b5a2d00a09eacd908b1782f5b9b5ac09a91f10878b6fe54d9
SHA512 6080d6fddc8e595ff007d14376d7ecd375a89c4c7a39d2d2b8c2b1a90f33ef15a6ec1d0676e37594ddfbea97b11bb6b2e9bf8084fcea1bdece93b37868192693

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\RoueOlive-SLIM.skn

MD5 a90981a2f900d65e8b3a7f7845a4ec6d
SHA1 2c656b14a6140bf7b86f97809e7474bec3323ea9
SHA256 712992040b8470493a06169c38e9b0330e82d02e63a55015de29906deb546241
SHA512 3e7a43d9c1e8379947a507486851793d2ff29646023cc42ee6a0bc7133920e64576b30c3edeff4891fa47b46c90611172d19cce45f2939eefc11e12624602503

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\RoueGrey-SLIM.skn

MD5 2de74dc3f87cb3d269c542312d9f0165
SHA1 d94e917eebef8f4086f8f89342e2075b463cf299
SHA256 6739686ff5eee0cbbaf2450905b945bb8f7f5b0f68697600291af077606bd861
SHA512 2a787074bfa9cb77bc7ccda64afcb23d59e5c2b7b5785c9400ca00839be97fa9e6e4a69fa7e9d97189129296f41c2d1d89043c1da90df75da4492b5f228f9ca1

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Royale Glass-GRAPHITE.skn

MD5 48ed4034e5353ec86ab20df53e9909c2
SHA1 5a5da3c1300c4277b46c41e7b8d7bbd71da6a671
SHA256 7bbebfb37d8ece9e339622532691c6e5d411cf2f69e78c20ec05280ed678689b
SHA512 0d8ed776cb038b29d5f6154cc0d2a60d8b13fa0163d36216420e31ca8dfacdfa26bcb3c30398838c58eba3dea4928ca6cbd0ab62f063f9f66173c9ee3ed4f4cb

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Royale Glass-INDIGO.skn

MD5 d39afd458a82d52889569cea78009188
SHA1 4f248de905680247b919910b073d6fa8ff87a94b
SHA256 7e73f61b81f1951ddcab75dae09458a06399625b61c2aff3dcc2bca716abb995
SHA512 0aafa21ef7d7e27099f660647387454487ee15c81f3a1f931401fccb53bdd75b25197581fa38b9b1017cc45510c670074412fe650f91fc35e78a473932504411

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Royale1-METALLIC.skn

MD5 1acc9b187b6ccfb16d5da02ffd3f65ab
SHA1 e100aad795b5d5f8d3ab915d6015d7668a5e74c6
SHA256 a3679a14179b2b2cec0ad5a3d9b32a6d692c9006285d1f8493b3887e37270c22
SHA512 4e2aca93944d0fbd6481486292781fe4c772ae8faa56c8db086a31aa5b80f37f6632972eec58e220e943cfb5177f0a4451e2270f80b6e584c4daa90f27bb8d77

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Royale1-HOMESTEAD.skn

MD5 1f215201a27f22180eb614a254773105
SHA1 23663e3014e0a8cc37559d129767cac7fcb954ae
SHA256 b996042ea3d0159928e037ef1526c8d93a62d7fd787c4a10ead4380b502b7975
SHA512 f94eaa360ea6339a00d1d000ad1457cbfed8328e7bf7ade442273a5b7b709cbf50de94696850cb2d5ad4fd288b0c046aa46ba200e678fa80b31bfd51ea82f3f7

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Royale1-BLUE.skn

MD5 b453c3eda9eb762742e0a86f67e8d8d0
SHA1 62eca04c2a49fb5cbf34b24da956ea4733bf9d8d
SHA256 dbc989a192d00d521896baf04ee874efd680145d5c7663c0de7a076501487c01
SHA512 20d6d6074a841d470b3cd7bea212d9278aba0bb379eb418f21d167b30064a2b4fa12117a52d147185a1e02c07b169876a990e21e58a982aa685269cc77d57d15

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Samui-SAMUI22.skn

MD5 98d2adf7dc8b8b79e2793b964834cc2d
SHA1 ed82c9358c86791fa5c18267a768ebe50d23ec0c
SHA256 a4387d433d02fe3a31fe755d9215004ba98ac2b2d42a760a10af63bfdf67f3ae
SHA512 384df1b9d575803edae6c628316d62fb9894a2ee6fd42066c1a5775b65ebcc261965e9db8ee96647b50b013c8bdc3632e8d551f1b81e267c921dbe4ba376b222

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Sustenance-BLUE.skn

MD5 aca70ca4ba758d3a2f642ea208767cb1
SHA1 d8a667500aabacd0fd8594e47bb7080cbb75ad91
SHA256 bd25a406f6b3362b25532438be54e5e4254cd86f03c83ade3a5d30fd047a714d
SHA512 bdc6fb4715a63d8526cabaf6753ce5483b4d50635dc7c01521573c7d8ba52a9388169359927301121a7a7c6c530fbb38f9b9a6ad79b3049cf13bf243e1f44968

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\solaris99.skn

MD5 19b941df687a06927a07f3f319add5ea
SHA1 7aff0275f225f44d216c98678f1a2c6e4d5101bc
SHA256 73049bd60f81dae176e2a3ec2a929a502938a4da673a0cbb2b378b91052d21a9
SHA512 5f9dae663f751ef71086854ebd02ff8a7e43be7cd84441b7167dbb9b501464e86b4563ac9aa68437a9bb060b12912a995401c273258ca81e5d2ee6f7b9b5b6b7

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Samui-SAMUI.skn

MD5 6f35be300f4c6fca962e87445ed6ef47
SHA1 7ec77c3e200d26032dec272cb626982aa4d33b71
SHA256 469d682ba0ba6bfd6390b4c8d00ebef0502c60483a292188e8c812ad2bbe4bc0
SHA512 fe4d506ca57deaca1ed810b4d1549625b05ceb2e3874070ab6e4d9b9daf302a1cd9546c5a9fabc49256bb4f1f8ba7263e9109a76780725337de66549ee3c456f

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Sustenance-ERGO.skn

MD5 b64002146b0d23c18e0e08e83cbf9be2
SHA1 f2006930063e98333924a5e320a72c8598aaaaf5
SHA256 97b44c9f8e23da458ea3e8f328b448cbebe72ebb661084429838557ed8fe4539
SHA512 5789a897242ebbe443cdad56050c34d7203ea186d268315da368ef845c0e70f463a79dd3f5667c7c400a3de31473a0a4a02255cdb5ae997a319584e7144fe35a

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Sustenance-METALLIC.skn

MD5 b558466d934c9bd156055fcd69669392
SHA1 60a74283239e6284811ff05f2b1812af8c98327f
SHA256 1613a07f16a7313bf2c496ac4fd950efe007a377bbecc5bf4928b6e16efd4f2c
SHA512 8aa274a9a5b8b3f0b7ac6b2d4f494bd600b9096394c7422daacf29c86f8912a6d314a7b4f713ee9d1fa3a7d5829597c0069fb774801afd102cc4a8b26107a718

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Sustenance-OLIVE.skn

MD5 19b3d733dd444aa58fb0b339d86c09dd
SHA1 77bebebf70c865330f118905ae39bc24d836f783
SHA256 98c41d23db0e738afcc576a412b5398074195eb955a601daa69c10d3c260fe8c
SHA512 b77b01eeb8bf6ad058dedf6a0f7d1b3bb90fe7f35669d762235b1871bc6d34d2a309a74f5a0a8fa0254621be5f88c8adc7f4dcf5bd27b64a7291adb80e0b32af

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Sustenance-SLATE.skn

MD5 22768b1c5ae9dae51de8e48f3e40874a
SHA1 117c397025b8e849e5137dfe1dfd62fc398dc79e
SHA256 9279be6315bc7068163fb8671e3b7e9923c06e0945225e02d4aaf4aa4331634c
SHA512 1a89c03b5ca6109dc07e75c54bd217d152aa193ba0c845bcd2f49ec90ea5424be26085e85dd1fdbdab57016ee04370545f63785a700bf984ae867029a696c103

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\System4-BLACK2.skn

MD5 03beeb19cca16edae5ce406f93c7679e
SHA1 50dee9b0f9f566f2f15120bdc62100222fe7f477
SHA256 8315e3271eeae733b203600459a0ff8f6700d7b7b1960cc0b98757a81b857c72
SHA512 6cd46f86525946a9f633fdcc00e3124d0a445a2106b7cc3637c76f19367c9bbf29989bd43ba06860681ae6e2cf5c8eef1affb188e8d186d646606121ebb24c59

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\TangoXP-BLUE.skn

MD5 9d2ec6f14663b31090d5429f27a31945
SHA1 f6d38c6c401d03a0298612f02d5a1f002b284f74
SHA256 500d69fccd43d3c7a48f9c8652465179e759b7557b42b568260538640f852b31
SHA512 fd83a576c7ca364aa088f7b233556def090ffd100d938b4d9dd547e0797cc1f5296b113ecb1b3dbfa7e799dd284cd882eef3b61d91fabba13e639215dc8c0142

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\TD 4-PANTHER.skn

MD5 17b09a53d88338fed602a0b5ca1adc89
SHA1 7b0b8722d7e282f27cb0ba43a36556506d180ba7
SHA256 0576a5a66fdf0b98fb8cff9256e867b595003578c2f7b6c582fe2ce7d8c25492
SHA512 4675f19a48207ff12227e4bef114f4fbf25bf37c57c1b6dce0a92106919e808eb1ab3ca93c19f7e3aea4bc54f3092e666a6f2d700874f6ad4c6973d834d9d9ad

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\TangoXP-OLIVE.skn

MD5 bb205f4ac4625f2983c6481ecd8bd777
SHA1 be686474ac6b4ccd2127e3e71e8d8010da5c4880
SHA256 650ec48655229d144e96d4e90a634e46b1e49cbd98c28959a06ee3a78f1277ba
SHA512 1ce132ab0085e94f42898a9d98e7b0d88659de05ca56f95e01c55e3b78579547f8a6f21aae8986e1a020ab6acbb7350054ecf67925ac6775e41f50ddb68f04ab

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\System4-BLUE.skn

MD5 e0d87e0ae5c56ba46233258ba0a282d0
SHA1 cdb704404a5bc787ae33468d9d5132de3ff0d01d
SHA256 21b3be3118970e4b74a1a735a489f1bc396cfea22095fe6f0cbb1dfd1520a518
SHA512 aac84253f33ac02ec771e4b8f65126acab684542446d032af4ba74b8c7b2574cc2957b56b9945cece95551698c9c1b62f04402cd4ded7b70a62b56078712e36f

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Tiger-WINDOWB.skn

MD5 1fc372549cd168973dee52d97593a433
SHA1 0d3fb9567cd360feea3057103b62e956c5c885e7
SHA256 3637fdd76b102f34bbf7e8ab420aaf49ac83b32e03bbc5774f247d210f01d1b7
SHA512 872c1c5edd7c17a38273bcd515ab094ee72c4b6d878a23e183602c56696940f972063548de77d4bc1b1b653a1f63ddc3c8b6312d72a703a89f7c804ee089179b

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Tiger2-TGRPS.skn

MD5 e3a797905b33194024adbb7bd05c3f35
SHA1 c2aa9982895689be1d7da5b4729fdb7a1d9b71f1
SHA256 3fae02a457ba561ebc141c7d35803a9367a0c82d91e19b929b96f3618673a5cb
SHA512 1e78dbce0a4fe1186f3744c82bb355491bf287c9cc7b363fc91f2ffd2acab8f1eec0296a8e32656512bff8b848d64243dac1b7ef078a6e13901384ad7cdc7379

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Tiger2-TGR.skn

MD5 f7252903b0a4a75273274fb927d27f05
SHA1 e440654a37c6abe8ff8041598ba5599a41877598
SHA256 bb7fa40c82ecb380b7e0b14bed1de35cb7cf39bbfdb89ecc3492816475c8fa49
SHA512 48ea783cf78c7c63c5803bec5ba21ba8c01c67abe42a6099d017a8a467a934c46b3521e77e25185a59aab0a068131dccc2d5a6600b98b9bbe6087aa1f21e0e35

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Tiger-WINDOWG.skn

MD5 ace285f6206f26c1f634b83f1df7bd0f
SHA1 81c898fdfcfd2d5ce73e39a638f9d2ee36b923ca
SHA256 b8e97fbcabb94e0e83c0bf124e54856762ca8bfe5bf86edfd34f73e80786692d
SHA512 2f15127fdacece597a48b12af06795c93aba3350a68e9c086bca0a987dc6151118fff738daa05939141e9d7157ee3c61901d5442068c551008b24ad2fcb0b2d6

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\VistaXP-VISTAXPB2.skn

MD5 204d2da2cc459ce905cbd6b881ee1a8b
SHA1 1197bd5c64fb5e1f3ce2051f9f3d0715e66a6873
SHA256 30a65fc64ceed9550a17bb5c4d1e366c5ef32a7280f4a403372b32dfa0883795
SHA512 05314892b667ca76c58072937169b7a280e5df2996e260584cdb75797735e1088a5b796605a0dcdbebc4c764a518abc62bbb1dd6eb90a4abc0fc394fe45ad54a

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\VistaXP-VISTAXPS2.skn

MD5 86bedd6c8b05b6d43ca761eda1c86d1e
SHA1 8ba3c6fde9b32f9ca704e613644738f25fa234a5
SHA256 acdae3dde5babdc6387b750f51ba88c7d1837f9d5ef6c1adb9e3691405ea3540
SHA512 b381336281fe9002adbaf781cd87e4fef8846039571a505f336e3efbfc3d0992ef1599e04af826ff37b75f7ea690ff31adcddf08713f4d49793037b9d805b340

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Watercolor-BLUE.skn

MD5 0f1888d8cc51d125a3370e40ad84b1dc
SHA1 0b84b41574f4d112f9aa16abbcb2d9b5fe2bd059
SHA256 cbd7ee4d51337d1af0a039bfef06f94679d023698d65078497e7a3738d1fe7e7
SHA512 7d4689a2d6f326321aa89a456f171136ae4b557af3376892dd710a592545180ce73f4db7064af510a296c554bd8262c785d75726d722aa237ad8054d05d18846

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\wmpx-XMP2.skn

MD5 92d6cdaa2a55b724eafe815dbdac07b1
SHA1 862d88817007f23874e408731f36853f2ff33329
SHA256 b1b678279f9bdc8e34803371ae00789063532fb231ea61dd18a4afebb9e55350
SHA512 363bb8c849661db2cec97eaab32cd881ddbb2bca1410f75b4d612a754aa7b09d72527fd80eea47e88a7d6c54028d180505521c0a621e6fd6646ec0a7c8786c74

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\wmpx-XMPX3.skn

MD5 0960ab16329c0f2e1207ab3f7925b03b
SHA1 5165a9ee07ed74e590e46f522eb55b27f43c06cb
SHA256 ad3dafde3b919bff716f482228e181af2c179ff3f1a768ee5f92e408016b4c9a
SHA512 c58b8f161218e44b356e08cdda858e6de0f3c0bd9c73dcf0ebdcc059f979f0c552cc0015381afa6c5fb02db25b5720e0e797925ac014216b08183123634b2d8c

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\skins\Xplorer.skn

MD5 c09540e44c9750cd28374a8bb2d6fcb2
SHA1 fc7d0a0e6d2536c4f29f930242f58226182f21de
SHA256 32912b5c536813ea29f02252e208b95c706675d1d0704a5744d94bd7fd78b279
SHA512 1a055e0b4ba79932476d7aec9f31878eb892ca5c23ce22a75e0e986cbc45c208a49c4ce32ad6dfe39c367e5637ec9e2f14a13967d5e99dfc4b95565a7b7bd32a

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT51-1\DarkComet\DOCS\pushme.pdf

MD5 e82a55050cd0d5fdf3d133db7fea1bf0
SHA1 ec8480977819830f2d1b147c67babeb5e8b6aa17
SHA256 2ae3a997cd9b962f814a7930f4d2b56cde54caaf574ee752632888cb25de141c
SHA512 818db3c56172b44267664bd8b7a040c2dd96d8ad3ddb4364940d63def470ff715bdec4f63289451a7e8c7d0921fecc5b1385b4215c97c215b38d52e35cfdb777

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\AR.ini

MD5 4276808f92d3efe8359cb03f9c45c9e1
SHA1 8a9efa93e8c1f852df2ff1154535394481a6b790
SHA256 c4e0cd4d29594c9cb188deab7bb5f73fc6b3ed832468322abc05b4e981c306c4
SHA512 285bad5b0e2f650845da8c97a07dc310068618c28c98b6f3a7a6835c0a070fbcfefa71c747dcc814ee615abb847bcc1207234da4ec18eb42b084f3703f1de49f

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\EN.ini

MD5 d5b95d8dbcdcc5be0290067be9043009
SHA1 71aa58d6ce8fd5d3929f7d0ad85c8a09c0bad143
SHA256 48a43817f513a7de5f033f842ea71dcec7cfe45e2edc87be844e461d99e2572e
SHA512 95c784cacb82dca911fa606b35d50d6577a6e9b5139b830aad3ede2ba5e8a468b0311c79288c863cad25a476b1e89d864cf294aa8f398b782a44c314e6576dd1

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\ES.ini

MD5 4745b84e71d23454d2535cc608de57d0
SHA1 18f49e2b2bc31f3eed6c1048f26d2c10baf6ef54
SHA256 eb0553309acd121b01566c1ca297ed46e896e3ad11c486971e8fa7275a1ff061
SHA512 4e801ed8d2ddf569765d12138916c25b6d0917f062aaa84df04685a0c0739fd1b5cb1ba517fd1f03f73a11cb91433a4c6a97cf6a9cdf7a52419c618b40886394

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\FR.ini

MD5 a8568b41df3f0a47f875964e8feefa70
SHA1 c61aaaba7db9fd772dd7cd60abd66e101e4fa8b9
SHA256 f515ee7d43cf301fe771599c60e2771db6f27e614af6a4403771a0d99cb19bc7
SHA512 16fc8e467bae82233465b18f9b4e793de0fccc6c618792132dafe3c6c87d4741514fbe4d5834abc753f744e04f5b3ebe3ecde010e3509a109c2aa2332710bf10

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\GR.ini

MD5 8b35cdf90f3d89d2502e1f61b2bbf631
SHA1 8f2140d80c4df4f63860dced951bb04e9ecc8fad
SHA256 fca01673cb23abd479b6d54d19a40a87e9d72b90ecc7f5d59af14d192cc07c7c
SHA512 7cdadeb3b9a8296c359eb683c73d4edc714055df837e28ef93a73db660d2c5cb526fba3bc3062af9f11c12ab0cd661d6aab97d3b2443cfcbd4ee13da1c4610d0

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\LV.ini

MD5 84e0ff162036f454d019b48ba6af5f7a
SHA1 bbdf1038d2b003a4aec913a88896ec6477f67810
SHA256 78f24b0b140943912a1130da1ed3a20eb71126ee077793d19f990566ff633c3f
SHA512 462d8037b8b213997621af2735b50d828551eaa906a6662f9733a42544c49b00c0511378a84a6250d1f5f284e7141e1bdf91e4a9070210c81dc01bfd7ce96de1

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\IT.ini

MD5 1cb447996787264785c83d110c67ab13
SHA1 d4272378368bb955b711783b3922140b411044ca
SHA256 840db2223bc47b37c44393bce4ca8583d373ef6d70b6bc9143561190aa16cdcb
SHA512 76279039e6387e6c4c01c7ee094c4a9e594b310616a03ea1f7101a5ca1292f7ea1e82ca4c6fad9dd138b86e43bbb95bb10dc87f5eb877b58a3dcf7eaf730327d

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\VN.ini

MD5 24874c298b575ae2ac496765aa5f3f6b
SHA1 2c591a0d744ab07b18b260335e0bd6dcce8960d0
SHA256 b0b6ad746697e54cc76dce834d963885d0284cceeeb24de62be9eaf4bee47edd
SHA512 cd73c20fd8ead3490b66aa5c34b778785547702181512ad25f6a389c7e76f486b3b4df78f0dab91a75c6a69e009e6ef3428a6d16cc74db63c5b4ef5e50281efa

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\SR.ini

MD5 fdfc0ee3ad0f395e3078f600ed9ba689
SHA1 ca7d2c2a14d89d9a370f11a81512a20bff906d5c
SHA256 37dcda2cd0682a3edfe354111e0dd637be6581a71e6c240ae5729ce9f6a05ef9
SHA512 f3bd4daac5840be89ffe6f6027957e18b4ac009f363af5d9d16f1d9128c4b167520be1ac759f9da21c5f6040be49de1bc0495655e0929209d8f249cf41b2331a

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\SE.ini

MD5 a1edf15f421e4735c5701f0ea648b35d
SHA1 a794f090f2cceb03c114274172ba968307563e81
SHA256 19e6ec75fbaade63c3cf862f08c7c736de9374521b377ce3cfe55d23970381da
SHA512 24b94a8dda5a1e3eee170aa27cb7a8da156ed016711fdb051ba79f9fb7dc35130b05276d3abaaab5d620c1fc997979ec366f111469ba643547292b6cf867b8e3

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\Lang\NO.ini

MD5 832af9c517ea93df140200eadfeb3bd6
SHA1 feea314f2ff79479d223326c67ce69fc23810de2
SHA256 570a67620d3e396b4bad5ae46f7d72a4654625c965bdf04bd23d9341e867ac46
SHA512 b7709010e63e3f6b03337f6959ff91b8e2229b6ffb035f29b6d2bff103db7f8f283d90c355c7ff8b51e325de8a21a98e2402af89e5f39d38db1b7ab007263930

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Celesty Binder\readme.txt

MD5 462d412af9b997384cfab01b1dfb9fe0
SHA1 1acdbfbd52d698296332b5dc40b9e3e86bacad9a
SHA256 d0dc30d2d66810f2dcc7f470bed469cf2a9e0fab98c5ce436222a28218f95598
SHA512 e7dd9fa41ebbb1a38ab8457fa166013122d3b6a4bfd38b8efcac9aace6a5939427b6b3d884607c4bdb68d85124d613ce5e90a6c474b44815fc1ba415e3ec5797

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Plugins SRC\Edit Server Plugin Example\dc_msgbox.dpr

MD5 b1144bfd907d18044c6990b84b78ab45
SHA1 86e1af648083112afa15cd054d900a8cc705a67b
SHA256 eac1c68e3c42baf2abd2bca24d63193073e4debf30906a0b666e33e95e1847ae
SHA512 4ad9d8e289b30f9d4113a38d91b46b9719cd367d64017cd985b54a6caa7b96051a59e50f6fd0eb0243fbd0c72ecb54839c5501b3a71aa9ad36f69bd0d2e1090d

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Plugins SRC\Edit Server Plugin Example\dc_msgbox.res

MD5 b7ea2d977e055ea98279914cb750f2d0
SHA1 c7259bd30efc834eac7b975bf828f8f7562b4b28
SHA256 3fb1d1ff60fdb8850ad3e29117e413bab7ff43243be9f92909c16086476dfa46
SHA512 19b10b6d04d9fea75fa6c33be407938c02e93e5caa03f82e4a1853e89708035186ceb8b4a231a31d2e0e8436e8f060432c56cd45957a995af1df3cd85bb6d066

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT531\changelog.txt

MD5 7a23e5b811dd52e99cbdb72a7fe4ce12
SHA1 5ed0adf045308eaf31161c932b691740f802fd51
SHA256 7cf268d2fbbc3bb3e1ce2019d53f7c88b42f3bbcd4833ac69798d34fbd809dfe
SHA512 3b3f0ff7e84aaa3fa6687416c80394ab1dade17e4c6ce3f9b9425c5edc1cd26d302fc733270788790e4a7554ac56bfb58c001b98ed2723394375be34ddd7f8ea

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT531\Goodies\wallpaper_1.jpg

MD5 f72131120657b33655e6ec741fc2c407
SHA1 1487f75375034d0439dbfe4931584bc24bf4c826
SHA256 9c53c010db6e61ed6ca7a484d3ffb23ba1bd8b6eee6cfa652f1c5647addc2280
SHA512 9adc346cd4637685d5a2b23b853e328094c2893a383511ca9f41320852a125abedd3c393e224abb0249f962e956a82705756e53bf8d977c0be7bb7471635f1c5

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT531\Goodies\wallpaper_2.jpg

MD5 11d20f268b9a0dbc43f95c93abd30e30
SHA1 4894c26c32c76bcef63e077cc609bcfc83986115
SHA256 0a62d0ce4f2ecdec5ce2f7596bbbf97ed14fd8793c247c32b65a91ba6084bdd9
SHA512 5ed0ec257b117f8da38f1b27cd693787580142710df01edf3ab83965858e25008f6865b7d96d2fb5c6cdf2553b39b6af97ea3eab6bc985d8a361d0152e0ab631

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT531\readme_help.txt

MD5 00353577e820f2e875217981e5db11fb
SHA1 fc76ee694826f9da38900b54e66b9902c8165023
SHA256 abab33ac3a560e3b0826fb6dd96dcbf8039d96c07d527aaa95a07cacab12a43d
SHA512 50a9224e15bf721d07ed772f4b5eb856e0b25c966f92c19935ea32b31313bc898cd57a23f0c42b55c02866d80014f04c3764fef0e20571a3f475d34a6f9f5e3f

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT42F\DarkComet\sqlite3.dll

MD5 d3979db259f55d59b4edb327673c1905
SHA1 0697e8f35b5951c61a3a632d74fd96843c941628
SHA256 043e5570299c6099756c1809c5632eabeab95ed3c1a55c86843c0ec218940e5a
SHA512 0b87c89aafd3e627c7d6bed0b833601fea1917a76a972061f32a2d9e4aa2e9e85b5e8a67cb330ca44aff17915d0fe2793798451a109d3f0b5014eed06b73bb45

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT53\Celesty Binder\Celesty.exe

MD5 c3009ee63bc661d9ea75eaeb256448ca
SHA1 45eb01150756df432e25eed44d976442473356de
SHA256 0bb88564a22bfd6d9ad6e4d8efa9077792a7b6094c2a0f865d70c43e11507352
SHA512 96f5847fbeef95df1309e97a4bc3d786a5f5c19b87e804f12d88b4473a0b50291c40407a3d95a2d5d78031f03be76da47f1846a73c7802ddae46a38ac4634e67

C:\Users\Admin\AppData\Local\Temp\7zECFAC3781\BuilderDarkCometMulti\DarkCometRAT52-2F\Spoof extensions\Spoofer.exe

MD5 894b256f41dc579a5b32828ed2f7e3db
SHA1 06fa1a4dd30780e404c8f2e7a615fd54d6f2ae68
SHA256 12dbd354b4cc073ea7f80cc0d74bd96118362e9c120df7800cf0f9e863569f98
SHA512 bede5a2c6e87ac6d432903109cca97fcbf60fdba082ba137a04c6ca6490a548f20910b6560821816b76744235fa19f5fcbe256c1ad9b87c2c1b8b20e5c5ac409

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 7ad8da368e5259978d3234b311a3d7ff
SHA1 df28bbea7f6f542976831a2beff003d4145c1721
SHA256 9469d8818c3b1cf2966147ce9fea382169618c7eba4c5a58b7bb9af5cfdfb91d
SHA512 733ea48011429d931d4918927eeb03fb08f99b221650a99f09ba5d5a68e914451ea22e2ecf28031507ae642380f1ecfc58634e905d35eeeeccfe8376fa89ed6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 078afac05fcf850c9a0577b971d229cd
SHA1 587cb09a9dffbf9bba24b670713d2db9cddc2bac
SHA256 d8121de598654918b2cbfce9339a24d0c23633e0b764eb2a2fef5d8423455758
SHA512 22e5a7b5258414a35a9e5b3867d0d1314a3c1ad366efca194cc5512e2893321295644fea51edf83a1b99fc55f839e75157ef404504ba132e82f0e736495e1c67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

MD5 3cd0f2f60ab620c7be0c2c3dbf2cda97
SHA1 47fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA256 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512 ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

MD5 bb3fc9718561b34e8ab4e7b60bf19da6
SHA1 61c958bedf93d543622351633d91ad9dda838723
SHA256 d6ea500b6752094a4c340d4f5ed01afdca1925006077560d9a3f56054cd8d141
SHA512 97da30e9a0d14e6f9151539b77b2216e0f6b6cc4742f075077f9ff92f46f8b97e82f020c562625261eaa01bcf810ce81c0b7b71340ac566aef1bef5a07dac63e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

MD5 65b00bec774c969842aceb3199fbe254
SHA1 bd464411b9578497f081a5f8b6c04180b6ee0f0a
SHA256 d604e67e9d16b6b3d2f10687a36ec00597c48288fa60bfa957bd3ca78eadceda
SHA512 0c89ad2ca25ecd9058e42ed477bf6cd1512859c7ac63701206a82f2591b2878acc7f9354b6a23245fd186ca9b3c809cf7700c0e3e43f469c37580d8531d3beac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

MD5 24cab279a1b1479cd2848b4cf4db97d8
SHA1 c59c889167dfa25ea85e0ab5b93db29270cd9a3a
SHA256 2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51
SHA512 d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d549011a1a39ca8378c0f7236195db5
SHA1 ba6ace454bedcf45fb2105e23560ba41f511427a
SHA256 283075164401c7b9e3730e908765afa5ec3559f24dafee6e53873b284786b51d
SHA512 ce46eefaab43dfd168e6c743113ed65e7328f95092a7df544a276fae5a39fad0af766e9a07167e6b55f2394dcc7d52397482b09d53c7676ed2787e3952b6985e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f90614103601528c13e201c66ba424f8
SHA1 f5be2a2898bff1fc74778df4f33f577c3ab61bfc
SHA256 ed858c7fb6020e23b01aaa3e29881f7827b2693c330c6f26bfb2250a44a304d9
SHA512 26f042839ad3d1528a6af0c21f9e67eee9b4895ed3c1a0a08915b83175c2050d36508bb0c19d988e5304df0dbb49992892efbd25fe83da4c12200a1f8caf2d8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 22a36d308f562614834fda92a38a52e0
SHA1 ecc98a2394736d0fce9f2604da6d2cbd8eaa1fbc
SHA256 7836b884892be715369cc4428ef58df41f4ca127a886acf61540d6d253edd1d9
SHA512 4de87a559f6ab95d55acea5c30e63038512593f94cc13cf1f5f978ddbfba06657af83dee243f7561442a47d752d3e07e3d83c2cd84643461e89bcbc604658d3b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 7dfb91568dead141be82d7cb81d9f6d9
SHA1 2a78579fe48fada3feafd0e49fad41d347513e66
SHA256 db439b6bc4467a46afbbb362c4855b438d5155d89435d7981f9a78d6bb13cbee
SHA512 4d6ca9ed31568fcc4a8f8754be7a74248e0151b4ad84d336e18d2839a494dfc49b5525573b36d6ccecc2252771c9cb4959ca6afd65b80e8bbbb27ba2daba97ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e74790e84bb184913ea71f4e29360ef1
SHA1 aba778049f139bc4f3c4da661c1549918501f7d6
SHA256 139154b015d9b2c0805e43f286a4c38ce75b948e1b627a299b398c1dbbf56443
SHA512 d8b62088569a012d5cdba5269ff22b8071937905f40a0ae1b8365d1a083e1e31f134e6f932defa227cc23d547ba441e1c2df548e2b878ddd8b9e8cea167a8689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b100d13f4b1a763d5f69488b4bb1ada3
SHA1 b9d6444327eda2c55a4873f44f2f2ed970777dd9
SHA256 5a2aba3b45b091c173059c6bc0e04e78cfb8a05af8d1dc0f3849597e5b1de7e6
SHA512 6da09e3fc5b8d9804517d762f393a7023ebc4a6a795d4b3c3b4ed63d82e95a06ad7ed06c21ba6f8b11960eb1cf87015101b9f843cd107241c8b56f552b840536

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 21ce13ef47ab0b6b89777d4f2fc856ed
SHA1 db8478d429681cc4f50bd91fe6a61d541c2aec9f
SHA256 d3350403d1da759743b57638e3982a04748a981b3c59cc2b499e19efc0cd48b8
SHA512 b5695024163d5eccfe35286926b6521d06d6be6351fc5ff86e34ab213faa4beb32000fe2bdc505c565cf369df8ff41c51c906e5df96ed86700ac007a42f8a5dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0d6ad10058cc6a20ec9334e20fe55dbf
SHA1 f7f8c58f194241a16fb46a23f671c9c8ed34cc11
SHA256 93ead49660b3feb6b941ea95f0457d016a46ab57d2f4b91086a4f28edda78d1b
SHA512 a78182b3a9b14f2e3226a5cfd24ccc3ecbaeb881f6373c4ecee25984436dca12d8e4bf83772730d5337d6c3067d3916e8d8773e16f059dd263b48c72d7252114

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

MD5 37d91cb7ab7e0380558dd4b6d8e27304
SHA1 364ed7d6948f51ccd9cf4c618ea4f111d372849f
SHA256 a77aca7eb5f0d17113fa065ebb1e628cecec77a81d866890d0b26b04962bad0a
SHA512 33a3467c08e2285545da1b0d6786463bb6b065fcdd2d3d9083362e115ae4b6881e35730ae4c581251b3a8b33928c043ad608706c5d117044ca22d69c68955c3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 14fb545316e6a34facc1495179bc6142
SHA1 cf567589f7b9ad431ace3cc924bfb6bd1eea5fa1
SHA256 fbaf6910ce59cf0068b8439a1314270f852abfe64b953db80b4ce057803bb273
SHA512 15e57877569ee2f533c2d6ffb81184d62e045246bb020b7686a0b1be17664b66991a8c5ad0920e6fa9f86e8711c2c7ac7b622ba27ac703ae5a4237c6e5ccbb25

C:\Users\Admin\Downloads\Windows.Defender.zip

MD5 c02a69636e8c19a137a5065d0fcb34be
SHA1 57ea7ea58bd63809a5740b77ef7f7dd420ed1ac3
SHA256 e5f880a97586dde86f7206bc2a7e41ef657851bcda8f17ec3831a804d831d837
SHA512 82f2e64d44d1fa43087317f994a5528ea65f846d6e73cb0d3ed4f9d4b36bce600c41b8954a72091c5b140a3209da4b2c4113a71ff49fa43e5090324b611cef5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 759be10aac82f2173bb21c05ef966ffb
SHA1 74b2cdb4691644353363e62c4f6f998c79e6e00d
SHA256 60faab9a506ecb506c488633a0c100c27279806ad89e151bf47ecd4396739d03
SHA512 44f9f474aa400471fd7443c66f218b60acbcbcc5dbba1c021244f9bf77360af4fb44815a6210f1192bc1205018c9b5570a629336770e8cb2d1f28b5cfe7a8fcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c5aa64abee5989741c211c52872ec671
SHA1 9129074306ce8102f6c165cb66197afa4d90f34e
SHA256 47f2ca79fb04695853c94233c8c79277c525ff37ef2732b3c1d225502d0dd017
SHA512 b99abb911f5f5838c7af947b9f6a4cce71f7ac02c067495420c4ea898f62c4388023ec5c0c9e1e35a63a3cc8a1c3c5992a4cec0a60b42e93585be9edbfbf4a63

C:\Users\Admin\Downloads\Windows.Defender\Windows Defender\Press [2] to Disable Windows Defender

MD5 df66fa563a2fafdb93cc559deb0a38c4
SHA1 e6666cf8574b0f7a9ae5bccee572f965c2aec9cb
SHA256 3e39ed22dc63246937c4dbbf34ce4fb1cfe6b00de7596b020cad49ae50031351
SHA512 34ea05ee75cd840a94526411777868edb293a69867e1fdc2c2e917d278a3d58fcb86afc65142f4b184ce6907f04fb254a86061cfb620f01874b0b454a6f01c18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 db389c325f6bc87cf1cdd3b6887d7c18
SHA1 91d74993412a271a128252076774b9591c8063dc
SHA256 1368b00add5096bc03cd24854c02947eff95dc845b69b8aade2188aa94c16f15
SHA512 a46a8fa585f51f17add0c75e2156f9122d6a49661ddf48c0620e641d83bcd604e008c73509c77d66f099d2e60f145459a92bee979668f23e44324df03a767a74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 30bb8a0013854096dea4d0183dbd5a03
SHA1 3da24a7d3fbb3b19de603c448442b6206330dfe0
SHA256 2046d8a3483b51046045561246477e226ddd3ef6c48bd70e5a2f5cd7687d3bb3
SHA512 9fc11dd93c3a64f21d572812c1d8b332803080f144201c97335d55cc93ceb6b9ddbcc38c0f73203c559b3d961c1bdee9700a0966cfbae2f39859d2985b1cc09b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a

MD5 8d1ef1b5e990728dc58e4540990abb3c
SHA1 79528be717f3be27ac2ff928512f21044273de31
SHA256 3bdb20d0034f62ebaa1b4f32de53ea7b5fd1a631923439ab0a24a31bccde86d9
SHA512 cd425e0469fdba5e508d08100c2e533ef095eeacf068f16b508b3467684a784755b1944b55eb054bbd21201ba4ce6247f459cc414029c7b0eb44bdb58c33ff14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

MD5 4b4947c20d0989be322a003596b94bdc
SHA1 f24db7a83eb52ecbd99c35c2af513e85a5a06dda
SHA256 96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180
SHA512 2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b

MD5 1deeafca9849f28c153a97f5070355d6
SHA1 03b46b765150a2f308353bcb9838cbdd4e28f893
SHA256 b1639f4ce0285c41f4bd666f3fae4767094e3042b0379646b5ccfe04ef01ec19
SHA512 52122b7e3ca9b58eab42fc652c24b4b8c17c43970f88860372d8377c49c540c31ddc81b519f4d59d34e199571758f82ab2fea0737ac1f847b3d4dd75d7acac19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

MD5 bc4836b104a72b46dcfc30b7164850f8
SHA1 390981a02ebaac911f5119d0fbca40838387b005
SHA256 0e0b0894faf2fc17d516cb2de5955e1f3ae4d5a8f149a5ab43c4e4c367a85929
SHA512 e96421dd2903edea7745971364f8913c2d6754138f516e97c758556a2c6a276ba198cdfa86eb26fe24a39259faff073d47ef995a82667fa7dee7b84f1c76c2b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ea042d487c3b9c1_0

MD5 098f05c3b7a4c3ff67ccb96efbd241ac
SHA1 9bfb23c0a5b96e2b726c0754d5d4eefd88897cf2
SHA256 a83b31ada09320cda0fd589c863b40bbf54a3602554e2deb84207b37fd51d663
SHA512 0637d21f939a5bc3c9b4dc9fa2be96d595173bf05bb94c354add3ec81dbdbe146ae41a9d0274db5957ee11dc467b4be93fa15cc7d9da5c6a816d723a814d0108

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b3609abd9a366132925b45670008c19
SHA1 058102f777c697800f1f5d0913818237842a5f3d
SHA256 fe77c0f5144e493637316fa3f5dea475c7d3ead00b3baecfe95d4af492a0bb7e
SHA512 2a096949853cb7c11a824db769501649778b7fd33c748c52ddc2383a5d21aca023ca7b70b944f54c981d0e92075955ec830e453e0ba514de0126bf48b0c887f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a7ab4a995a97840b3df24bed06140ca7
SHA1 916eecdd720743f4ebbdb26032ea2c11b38dfec5
SHA256 915a349d0790742f5f03bc09a0bb327da648c10a0dc501133253aa4ee9be177f
SHA512 f56b2d581ec91f5facce6f831c63b0e145cb21964f68172c9c364d3cefbefed130bc187b67174eb3e62be95da7d09c32481b201757f976704f50a704f636e7b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 29e55cc94c32718da761227a81df4da8
SHA1 11f0cb6e16b30ddc553b5bb61330642e4b0d9f6f
SHA256 75cc21ab8199f84dca4da271304a1f0ca3c9c3a8f18e7f949d01bac6435a88e7
SHA512 ff6e347e66a858bf8f281532469d78ac9713859bcfb00bf78d122b7d5a754a26e35679694d4fb335abddc4776667f0ca7505efa6a645cefb4d3211eb50e81b8f