Analysis

  • max time kernel
    515s
  • max time network
    509s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2024, 22:28

General

  • Target

    http://youtube.com

Score
10/10

Malware Config

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8124c46f8,0x7ff8124c4708,0x7ff8124c4718
      2⤵
        PID:1312
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:680
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4764
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
          2⤵
            PID:2104
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:4796
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:4108
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
                2⤵
                  PID:772
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                  2⤵
                    PID:3160
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                    2⤵
                      PID:1188
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                      2⤵
                        PID:552
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
                        2⤵
                          PID:3792
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3312 /prefetch:8
                          2⤵
                            PID:4016
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:8
                            2⤵
                              PID:4804
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4780
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
                              2⤵
                                PID:1588
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
                                2⤵
                                  PID:4000
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5212 /prefetch:8
                                  2⤵
                                    PID:2372
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4064 /prefetch:8
                                    2⤵
                                    • Modifies registry class
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1128
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
                                    2⤵
                                      PID:1048
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1
                                      2⤵
                                        PID:4860
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
                                        2⤵
                                          PID:4864
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
                                          2⤵
                                            PID:2160
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
                                            2⤵
                                              PID:1080
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
                                              2⤵
                                                PID:3736
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1816 /prefetch:8
                                                2⤵
                                                  PID:4860
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1372 /prefetch:1
                                                  2⤵
                                                    PID:3160
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:116
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:2416
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:2752
                                                    • C:\Windows\System32\rundll32.exe
                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                      1⤵
                                                        PID:2164
                                                      • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
                                                        "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
                                                        1⤵
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        • Suspicious use of FindShellTrayWindow
                                                        • Suspicious use of SendNotifyMessage
                                                        PID:2996
                                                      • C:\Windows\system32\werfault.exe
                                                        werfault.exe /h /shared Global\b67c3cd428e9442f91949ad6c78c1f5b /t 1900 /p 2996
                                                        1⤵
                                                          PID:4512
                                                        • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
                                                          "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
                                                          1⤵
                                                          • Modifies registry class
                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          • Suspicious use of FindShellTrayWindow
                                                          • Suspicious use of SendNotifyMessage
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:3216
                                                          • C:\Windows\explorer.exe
                                                            "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
                                                            2⤵
                                                              PID:3564
                                                          • C:\Windows\explorer.exe
                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                            1⤵
                                                            • Modifies Internet Explorer settings
                                                            • Modifies registry class
                                                            • Suspicious behavior: AddClipboardFormatListener
                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:2264
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                            1⤵
                                                            • Enumerates system info in registry
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                            • Suspicious use of FindShellTrayWindow
                                                            • Suspicious use of SendNotifyMessage
                                                            PID:3468
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ff8124c46f8,0x7ff8124c4708,0x7ff8124c4718
                                                              2⤵
                                                                PID:2292
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
                                                                2⤵
                                                                  PID:4740
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:4480
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
                                                                  2⤵
                                                                    PID:1140
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                                                                    2⤵
                                                                      PID:4636
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
                                                                      2⤵
                                                                        PID:3532
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
                                                                        2⤵
                                                                          PID:4964
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
                                                                          2⤵
                                                                            PID:2628
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
                                                                            2⤵
                                                                              PID:2216
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                                                                              2⤵
                                                                                PID:4588
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5216 /prefetch:8
                                                                                2⤵
                                                                                  PID:4328
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3564 /prefetch:8
                                                                                  2⤵
                                                                                  • Modifies registry class
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:2872
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                                                                                  2⤵
                                                                                    PID:3076
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                                                                                    2⤵
                                                                                      PID:2956
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
                                                                                      2⤵
                                                                                        PID:684
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
                                                                                        2⤵
                                                                                          PID:4036
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
                                                                                          2⤵
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:1500
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5744 /prefetch:8
                                                                                          2⤵
                                                                                            PID:4916
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
                                                                                            2⤵
                                                                                              PID:2592
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
                                                                                              2⤵
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:4296
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
                                                                                              2⤵
                                                                                                PID:1988
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
                                                                                                2⤵
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:1600
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6568 /prefetch:8
                                                                                                2⤵
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:2488
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:2780
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:4368
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:1616
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:2344
                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                      1⤵
                                                                                                        PID:4544
                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                        1⤵
                                                                                                          PID:772
                                                                                                        • C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe
                                                                                                          "C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe"
                                                                                                          1⤵
                                                                                                          • Modifies registry class
                                                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                                                          • Suspicious use of SendNotifyMessage
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:4580
                                                                                                          • C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
                                                                                                            "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Client.exe"
                                                                                                            2⤵
                                                                                                              PID:2956
                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                              cmd.exe /C dotNET_Reactor.exe -file "C:\Users\Admin\Desktop\Client.exe" -admin 0 -shownagscreen 0 -showloadingscreen 0 -targetfile "C:\Users\Admin\Desktop\Client.exe" -antitamp 1 -compression 1 -control_flow_obfuscation 1 -flow_level 9 -nativeexe 0 -necrobit 1 -necrobit_comp 1 -prejit 0 -incremental_obfuscation 1 -obfuscate_public_types 1 -resourceencryption 1 -stringencryption 1 -antistrong 1
                                                                                                              2⤵
                                                                                                                PID:2248
                                                                                                                • C:\Users\Admin\Downloads\NjRat.0.7D\dotNET_Reactor.exe
                                                                                                                  dotNET_Reactor.exe -file "C:\Users\Admin\Desktop\Client.exe" -admin 0 -shownagscreen 0 -showloadingscreen 0 -targetfile "C:\Users\Admin\Desktop\Client.exe" -antitamp 1 -compression 1 -control_flow_obfuscation 1 -flow_level 9 -nativeexe 0 -necrobit 1 -necrobit_comp 1 -prejit 0 -incremental_obfuscation 1 -obfuscate_public_types 1 -resourceencryption 1 -stringencryption 1 -antistrong 1
                                                                                                                  3⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:184
                                                                                                            • C:\Windows\system32\AUDIODG.EXE
                                                                                                              C:\Windows\system32\AUDIODG.EXE 0x4c8 0x418
                                                                                                              1⤵
                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                              PID:1488
                                                                                                            • C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe
                                                                                                              "C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe"
                                                                                                              1⤵
                                                                                                                PID:2308
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 440
                                                                                                                  2⤵
                                                                                                                  • Program crash
                                                                                                                  PID:1500
                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2308 -ip 2308
                                                                                                                1⤵
                                                                                                                  PID:2928
                                                                                                                • C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe
                                                                                                                  "C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe"
                                                                                                                  1⤵
                                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                                  PID:1704
                                                                                                                • C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition\NjRat 0.7D Danger Edition.exe
                                                                                                                  "C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition\NjRat 0.7D Danger Edition.exe"
                                                                                                                  1⤵
                                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                                  PID:4512
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                                                  1⤵
                                                                                                                  • Enumerates system info in registry
                                                                                                                  • Modifies registry class
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                                  PID:4536
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8124c46f8,0x7ff8124c4708,0x7ff8124c4718
                                                                                                                    2⤵
                                                                                                                      PID:388
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
                                                                                                                      2⤵
                                                                                                                        PID:3400
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
                                                                                                                        2⤵
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        PID:1972
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:1932
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:2424
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:4112
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:532
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:3632
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                    PID:4504
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:8
                                                                                                                                    2⤵
                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                    PID:2156
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:3116
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:8
                                                                                                                                      2⤵
                                                                                                                                        PID:3488
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5524 /prefetch:8
                                                                                                                                        2⤵
                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                        PID:1528
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:840
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:3376
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:5380
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:5388
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6044 /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                  PID:5556
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:5564
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
                                                                                                                                                    2⤵
                                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                    PID:5576
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
                                                                                                                                                    2⤵
                                                                                                                                                      PID:5616
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:5624
                                                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                      1⤵
                                                                                                                                                        PID:4972
                                                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                        1⤵
                                                                                                                                                          PID:4360
                                                                                                                                                        • C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition\NjRat 0.7D Golden Edition - Rus.exe
                                                                                                                                                          "C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition\NjRat 0.7D Golden Edition - Rus.exe"
                                                                                                                                                          1⤵
                                                                                                                                                            PID:5632

                                                                                                                                                          Network

                                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                                          Replay Monitor

                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                          Downloads

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                            Filesize

                                                                                                                                                            152B

                                                                                                                                                            MD5

                                                                                                                                                            a4f8b1f2f9fb6536c7354509fbf35948

                                                                                                                                                            SHA1

                                                                                                                                                            6c2e6476b1bb8b451312006755f6ef1bf647e083

                                                                                                                                                            SHA256

                                                                                                                                                            146fd5fbf625d3e9f3899725231fe6369ed2985d3d7934b1cc39aa6a7a760bfe

                                                                                                                                                            SHA512

                                                                                                                                                            24cb003b78f6f046c75fd4e2d86bb38f0f0bb1c5df994e4e507d97d18c5e8c1f9fcec731f60c6b7a967458828197fc54014b70e902330965a52852f643ca5757

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                            Filesize

                                                                                                                                                            152B

                                                                                                                                                            MD5

                                                                                                                                                            e494d16e4b331d7fc483b3ae3b2e0973

                                                                                                                                                            SHA1

                                                                                                                                                            d13ca61b6404902b716f7b02f0070dec7f36edbf

                                                                                                                                                            SHA256

                                                                                                                                                            a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

                                                                                                                                                            SHA512

                                                                                                                                                            016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                            Filesize

                                                                                                                                                            152B

                                                                                                                                                            MD5

                                                                                                                                                            0764f5481d3c05f5d391a36463484b49

                                                                                                                                                            SHA1

                                                                                                                                                            2c96194f04e768ac9d7134bc242808e4d8aeb149

                                                                                                                                                            SHA256

                                                                                                                                                            cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

                                                                                                                                                            SHA512

                                                                                                                                                            a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                            Filesize

                                                                                                                                                            152B

                                                                                                                                                            MD5

                                                                                                                                                            f921deacd4aadfc57ccc8c1106a5f43d

                                                                                                                                                            SHA1

                                                                                                                                                            f0269013da565761c40753477efd01aba81627b0

                                                                                                                                                            SHA256

                                                                                                                                                            820f4ec228f1e95fb3596250960fac9120802466350ed5dd4aa563bfd61f30ad

                                                                                                                                                            SHA512

                                                                                                                                                            fe738df869398635eecccd5d5b2c5e8f6d328e73454faaf4fde8f08500369faff91546bafd4962b4e1be01bf11d24ee1915801db9582490a4e97e156a56a8816

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                            Filesize

                                                                                                                                                            152B

                                                                                                                                                            MD5

                                                                                                                                                            0f13d8fc079b2105c3d2d36ef3903cde

                                                                                                                                                            SHA1

                                                                                                                                                            241c045694faeab6cfcbb199aaeaa02d4ed87bc5

                                                                                                                                                            SHA256

                                                                                                                                                            56e2729409a4b1712f5caa058cda65888545a54e0f6403f2be5aee1b7a6b04b0

                                                                                                                                                            SHA512

                                                                                                                                                            d1938a6ad89229ff3bd2ae304afa17e6ae92a48d3d22a03a961cb6ce5269e1d95c4a81f5efb54fa1f56dd3aa908f83d00cd0fd8da3c53fbc1c5aa41dd5e83048

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\560d3e94-607a-49d9-ad6f-2c725745959b.tmp

                                                                                                                                                            Filesize

                                                                                                                                                            1B

                                                                                                                                                            MD5

                                                                                                                                                            5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                            SHA1

                                                                                                                                                            3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                            SHA256

                                                                                                                                                            cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                            SHA512

                                                                                                                                                            0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

                                                                                                                                                            Filesize

                                                                                                                                                            44KB

                                                                                                                                                            MD5

                                                                                                                                                            a655eb8caadc6149fc3988833bfce462

                                                                                                                                                            SHA1

                                                                                                                                                            bd34fdddd85201b13c72cd31cfa3e6d868af0315

                                                                                                                                                            SHA256

                                                                                                                                                            8b7905598332c694c4a15db50a0b4beb9f403f221a7c2d40743330b3643a841b

                                                                                                                                                            SHA512

                                                                                                                                                            4460a97032222d53ccaea504d9e4f124d36a442e25273aec36c8b30cbad2328057616f928f8e5f04cbcf16e6ec945858d4b24cf81562cfc32a872c6c4f179329

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

                                                                                                                                                            Filesize

                                                                                                                                                            264KB

                                                                                                                                                            MD5

                                                                                                                                                            4fa9818f3b491d2e2545a1c6184ae513

                                                                                                                                                            SHA1

                                                                                                                                                            84e3cc0f3739edef8bc1ae0114e61c5709227f74

                                                                                                                                                            SHA256

                                                                                                                                                            7540484caf3b0a200c740cebf539fd9f50d54fe3c18ddeb5f053fbffc04ec8ea

                                                                                                                                                            SHA512

                                                                                                                                                            274dfa716ce55e84a2a8d5978658e042f8c889eabcff26e0efa0a652996993521836a9b2e436fb3b8d4da29d993ba531da29ac47f353103500449fecaaeec25c

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

                                                                                                                                                            Filesize

                                                                                                                                                            1.0MB

                                                                                                                                                            MD5

                                                                                                                                                            8d3233c38ccdf151f216c5eb2eaca08a

                                                                                                                                                            SHA1

                                                                                                                                                            52d8f0063924646e6e52aee1b271e99a98ef44ff

                                                                                                                                                            SHA256

                                                                                                                                                            721a7151bcfddf8d7ee1cd025b40b05f06c605f71d97f3c9b16b7bbb05b50aee

                                                                                                                                                            SHA512

                                                                                                                                                            9792ea5dc60c6d85acca31e1e3e92050466747b2b13b796bb11e86813413e7e87f5f7942b76eff28a0a78fc78e16de8ccb30b4996e767b1f07a23454b6ad3bdf

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

                                                                                                                                                            Filesize

                                                                                                                                                            4.0MB

                                                                                                                                                            MD5

                                                                                                                                                            a78d8a277a17d1983e69c78c3d7b2575

                                                                                                                                                            SHA1

                                                                                                                                                            b099a101ba477827b5c08e05ce2a2dbd516f8c2b

                                                                                                                                                            SHA256

                                                                                                                                                            995399286ad575f9a20e112a15ad2b31b35bc928252c9fc199f7c24c7dc9e818

                                                                                                                                                            SHA512

                                                                                                                                                            167f04fdc73d2914c1f72a0c24f00993f4851afc81dc5ac6ea08b2d8d1cad7f4e0072375a7a8efd2b62cf9e2c3ca138eedee0970e2e92a765751a04d2a227ae2

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                            Filesize

                                                                                                                                                            3KB

                                                                                                                                                            MD5

                                                                                                                                                            ba6fdaa26275a02c502db9f1c2165f41

                                                                                                                                                            SHA1

                                                                                                                                                            c1a2835f7bc9fb2952ed6f9d8ef9e1e6dad74679

                                                                                                                                                            SHA256

                                                                                                                                                            e58e9f117e42b18685de5e12041834807d9210a7d53fdf392f298747be324e43

                                                                                                                                                            SHA512

                                                                                                                                                            0d61b1e2d8c0e3425eb493e86d1e885d247b59f168f30a96e67475fb83d11107912d7175abfdab83c16367f8bba9cc7e510c8049d60b4ef392a9e9f39820a0ee

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                            MD5

                                                                                                                                                            32ea72892a3e601e8dd6311cff6f4957

                                                                                                                                                            SHA1

                                                                                                                                                            ace8da6e9ceb1f057b0ea58877d01e932615a583

                                                                                                                                                            SHA256

                                                                                                                                                            343e7cf1115519e71188e385bcbc1a1c90802c19f86b78fcd2187ade339e204f

                                                                                                                                                            SHA512

                                                                                                                                                            0cd1e3cc0089ffc4bed43e3a0d76a50620ac0f64ef0b99eca7e770b8d794c863f05b17e9ab71807ab26dc0dcae5a43ac8b40b11a06ff7f998b92d0d26d55e022

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                            MD5

                                                                                                                                                            752b3cf7365a767aef6fa012f657e7a3

                                                                                                                                                            SHA1

                                                                                                                                                            f6979ea148333a408a8863c3e7babdf32cfb3871

                                                                                                                                                            SHA256

                                                                                                                                                            7b7036f6f4076c945ea551bdc6d6243feaf43155ee20d5d1a0fa78077dffa5c9

                                                                                                                                                            SHA512

                                                                                                                                                            ef5cac4eb9b6f5d87e5bdc9b9760739554659103eaa0dd991e4626b51dfeee07c0b810ffdf2b4ba0eff5584fd89a2820b89a3a44ca9c4ed61e9cc40385c2a02a

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                                                                                                                            Filesize

                                                                                                                                                            28KB

                                                                                                                                                            MD5

                                                                                                                                                            ff76f0cbd21ec49567cd22dbd6aaac64

                                                                                                                                                            SHA1

                                                                                                                                                            6ec5b15f2bc98370ea56fb608c6adc7c4de0c6ff

                                                                                                                                                            SHA256

                                                                                                                                                            81e9c4de41bd8cf564c844528edfce862f0897306e6ec854b680e3db8b179a69

                                                                                                                                                            SHA512

                                                                                                                                                            97a57c2b91cf8f11bc973ee6310f6e68899e7570f68bc0ff6468ed29846d8c45ece36ff2ffbcd6eb34d9960bc7ed16d0809c8eb4ac5a87d70012a05bcd647110

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                            Filesize

                                                                                                                                                            322B

                                                                                                                                                            MD5

                                                                                                                                                            2f06d1f1cdbaade27962845afba96c9a

                                                                                                                                                            SHA1

                                                                                                                                                            da2837a03542948fccd61389cc303755bb8a3600

                                                                                                                                                            SHA256

                                                                                                                                                            3fd9f7d7e9994879e096385192d17f14787956ae2cadf1df71e25537cb563244

                                                                                                                                                            SHA512

                                                                                                                                                            1aa07ca7fd46d0bca95e4e0884562091b06803948160760cd499f02fbfd7df1f7324b77fe68cf08ebeb7a954868a6a514123ddef03bea4b31995e2a080f15ac0

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                                                                                            Filesize

                                                                                                                                                            28KB

                                                                                                                                                            MD5

                                                                                                                                                            134137762075405075c246306f6bc245

                                                                                                                                                            SHA1

                                                                                                                                                            d91989d90d11bccdd07edd028712c0cebdebf257

                                                                                                                                                            SHA256

                                                                                                                                                            d667233865bab9de545fd9c4444df3b527859d8e71fa11971d6003d9f8bee7c9

                                                                                                                                                            SHA512

                                                                                                                                                            0e0c111dcdf0e77f08e9c637c00f50f772b6d001d28b3d82c6165d6c721f3cd50ad925d2510a340320d7af1d2d41d643d299ab4d1aa6a97b66073b20f9dea501

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                                                                            Filesize

                                                                                                                                                            264KB

                                                                                                                                                            MD5

                                                                                                                                                            3f4a15f73a2c38df14cfdba2d3382250

                                                                                                                                                            SHA1

                                                                                                                                                            1044b3bac6491b0f5669359cadd4b0dd94808260

                                                                                                                                                            SHA256

                                                                                                                                                            5445016a75267edcd8839419171f5ff187b5d33a5ffb5066654656fb6e4fe188

                                                                                                                                                            SHA512

                                                                                                                                                            90f1feb4433a38db4e91d50a4df52bce30c003726b10bf923cb09a633ef0d5dbd621bb30f331eb49a5d11d103979cfa324ad541d26c4faf4b444d3cf9b181d8b

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                                                                            Filesize

                                                                                                                                                            264KB

                                                                                                                                                            MD5

                                                                                                                                                            405b147fefd860e61bab6d24d1821240

                                                                                                                                                            SHA1

                                                                                                                                                            dbfd2a6dcd8a29161e2e70256574f8d14b53f9cf

                                                                                                                                                            SHA256

                                                                                                                                                            fdf5f2cf498409240c4bec6ab7def9a598dc3ef178edae921e1a1156cc2cb1a1

                                                                                                                                                            SHA512

                                                                                                                                                            95eae11679f70a356fea5f748b0485fc03f427ffd92142d29362b7aba822e09f3cd3bd749e61108b020c462946f91cc3c6d4927e42770644a03aad23b69d0063

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                            Filesize

                                                                                                                                                            124KB

                                                                                                                                                            MD5

                                                                                                                                                            f1b2807a7bed05c091329684fafef512

                                                                                                                                                            SHA1

                                                                                                                                                            0547a04bd8bfbe7440a6a3ae7108564380e1f123

                                                                                                                                                            SHA256

                                                                                                                                                            44a7b4eea27bfed80186eb0dd39681de09369061fd0a764f6415ee2ba7a0d382

                                                                                                                                                            SHA512

                                                                                                                                                            2c98161272f8ac6a936e7ff49480e92924d9622fabc7ec859e087e7ed8ef8345e987acf351b55569970cd46aaa4161c59d976741225ed2ce0edcf3686a1c7d1e

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                                                                                                                            Filesize

                                                                                                                                                            3KB

                                                                                                                                                            MD5

                                                                                                                                                            e65b29f9b179ad5865b21da9eedfcf59

                                                                                                                                                            SHA1

                                                                                                                                                            9bd82439e367e8c15f460fcf999d9da141bbcc41

                                                                                                                                                            SHA256

                                                                                                                                                            6d74e525e78b0e8954d53f031a891812329dab1e9ee848f3699e7ee480d12134

                                                                                                                                                            SHA512

                                                                                                                                                            42635ca86bc8bd7de5471c7014f09aa92902dc7bb0968ae70acc3cf13d3fdac8eaf8c7fc0b9b346e9f8f5574cf78c668d70744f9f04ed4d69be5892bdb9f2367

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                            Filesize

                                                                                                                                                            13KB

                                                                                                                                                            MD5

                                                                                                                                                            130251f6fc4dcd68c6fd45dc7c33bbfe

                                                                                                                                                            SHA1

                                                                                                                                                            92fbdbc2098dfb7a3a838302234f7703470d9f9f

                                                                                                                                                            SHA256

                                                                                                                                                            7510661410f4ff32bf80e65ee535eed51ff5ef61b80d9faf099f561aa06e9fad

                                                                                                                                                            SHA512

                                                                                                                                                            c98a921e2b905373bb659dfb668f2b38aa927cafdb136c9d1fabb70e165eb1e662489bf1204e571e8298d025698615ba13d2f2411de8dc7c50fc53000f29511f

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                            Filesize

                                                                                                                                                            331B

                                                                                                                                                            MD5

                                                                                                                                                            e700dcee1be8197e9ce67d9e1962da91

                                                                                                                                                            SHA1

                                                                                                                                                            6f0fc76088d35cd3723af19eb0ca6fc8744f97ee

                                                                                                                                                            SHA256

                                                                                                                                                            5a7a65fa7b9b5a34c5c7f821cab10ec2470cf0758ef9f30d76d4acc6472a1541

                                                                                                                                                            SHA512

                                                                                                                                                            4e489502d7405941db058d6cf0ed130a5c12efedf1c6d6c5cb57b39258fa0f834f2aef4c87507cbbeae10f4b166926a1f6131e31c081a560b326f8e3fc2ba40c

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                            Filesize

                                                                                                                                                            2KB

                                                                                                                                                            MD5

                                                                                                                                                            b6c5b545f822ffa407b754fda059a680

                                                                                                                                                            SHA1

                                                                                                                                                            801d166ef94a2f247b080dc275a259c844d1f6bd

                                                                                                                                                            SHA256

                                                                                                                                                            326a738a80198977c3e95927603b7deda8273492a9581df982e91e5f6734ea50

                                                                                                                                                            SHA512

                                                                                                                                                            e0a6db322da4a7e0f612ef1920263f057d1867f52c832f11eaaedf08e9137cac640be09770f14ba5dc566988c3df9742362a59d1b4bf4e4d9b57b99611c26094

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                            Filesize

                                                                                                                                                            111B

                                                                                                                                                            MD5

                                                                                                                                                            285252a2f6327d41eab203dc2f402c67

                                                                                                                                                            SHA1

                                                                                                                                                            acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                                                            SHA256

                                                                                                                                                            5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                                                            SHA512

                                                                                                                                                            11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                            Filesize

                                                                                                                                                            2KB

                                                                                                                                                            MD5

                                                                                                                                                            a9a133ed5bf91f2199fa4666e584be29

                                                                                                                                                            SHA1

                                                                                                                                                            fe856876d3a782885e8098f5ed7413dc87ba4e81

                                                                                                                                                            SHA256

                                                                                                                                                            370718b51b5196926f235290bf95f110e8011bad0413212cbf05acdf23988fbf

                                                                                                                                                            SHA512

                                                                                                                                                            5ea76dd309c83248ffad4978ac1409af1a1ecd217c5212bfe2bed006850ef6238963b07d15f4bbbaffffa703c3b464034be73ca44f2f064a05e14297b9d6e56a

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                            Filesize

                                                                                                                                                            2KB

                                                                                                                                                            MD5

                                                                                                                                                            fcccff7eee516fcf0e0ddcaf9b5bcedb

                                                                                                                                                            SHA1

                                                                                                                                                            cb60d4f1237f156d1dd07b9ab2c75646b5ff82c7

                                                                                                                                                            SHA256

                                                                                                                                                            b36aebbedd2e1153989d91b78fdc2465180c55f9800628272265838a0932d129

                                                                                                                                                            SHA512

                                                                                                                                                            a33eed5e4caa78f52074eb23196ee3d681d88e2b68a9b68cef62b5f55088075d68b850393b3bdf7f0e3a48cdf52ef00a0230496fdeac3103aaf3ba47d3fee1fe

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                            Filesize

                                                                                                                                                            7KB

                                                                                                                                                            MD5

                                                                                                                                                            3faea36ea9405658e67301c3c64a58df

                                                                                                                                                            SHA1

                                                                                                                                                            d6645337816737f3c9babc7d376c9c6962d1e601

                                                                                                                                                            SHA256

                                                                                                                                                            a53e8315c78016175f197450de5cc1bdc9b34ced4bca12897031ad21e8fd945e

                                                                                                                                                            SHA512

                                                                                                                                                            d7248fa24489f0144de978c63a397f25755f1af166961292d4263ee987d63daaeab865dee569d9737875ddb06c35687381d9c206094e8b48a700b0c724344337

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                            Filesize

                                                                                                                                                            8KB

                                                                                                                                                            MD5

                                                                                                                                                            b51c75c0b9ad2c09777687ca5e7a7c85

                                                                                                                                                            SHA1

                                                                                                                                                            28dde6fcc2b0c6ec6104d515a6732f2ab3bca708

                                                                                                                                                            SHA256

                                                                                                                                                            ad4d0c4a9d53bf931a44e071ffd41c18504fadcdf80b962c3df76909d371616f

                                                                                                                                                            SHA512

                                                                                                                                                            13208282f7567f3db575edf049860958b67915debacf8ea112e0179adefff6242b45e3316437f638c86de50492ef8e8333a4bcb730e2896d275133fdbb97b394

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                            Filesize

                                                                                                                                                            6KB

                                                                                                                                                            MD5

                                                                                                                                                            feb7172378569d1be7246273a4289004

                                                                                                                                                            SHA1

                                                                                                                                                            de58e3e5d5b9709a7fdf670c08177c878b3ecebc

                                                                                                                                                            SHA256

                                                                                                                                                            a2b5d1b213165e758e3045e907acd055ce4130363b493b3b35cb8505b4806f51

                                                                                                                                                            SHA512

                                                                                                                                                            dc38fcede493792025c4572f94dd52e6d3a7c7d51b653cb09b2513a692bb4cbdd117703f41e32079d7a83af89f819dff5691ea5c77351bbff49d9c634749e94c

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                            Filesize

                                                                                                                                                            7KB

                                                                                                                                                            MD5

                                                                                                                                                            c388bd27751f7480797e0d43070bc95c

                                                                                                                                                            SHA1

                                                                                                                                                            86c3bfe96333f0f2f15f81db2f1b7a05fac67224

                                                                                                                                                            SHA256

                                                                                                                                                            b88451720c2fd14d1beba3870e9c115464ec91f602ab0f3a4a5f76f008f26a2a

                                                                                                                                                            SHA512

                                                                                                                                                            2ae6ba1900fa8a931c1378029e4d431e492a6e7ec8ca98208c95358e466731df9a245b93ec084309e3515d94e4fba0423366e51ac020ffd369ecd29a03d997f4

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                            Filesize

                                                                                                                                                            8KB

                                                                                                                                                            MD5

                                                                                                                                                            a8dc772879f13338b557d0a2d91403cc

                                                                                                                                                            SHA1

                                                                                                                                                            6a7418a096ed11f5747fd92bec5e5a5708da4a08

                                                                                                                                                            SHA256

                                                                                                                                                            106d191ff6435168ce0d38cf3cd781df602d079ce5b4d34502cf9093ba5fb05a

                                                                                                                                                            SHA512

                                                                                                                                                            886caa45536792663afac4507412c20cafec06c8ceb6ffc6cfb358166d6d4d368765e797768e5c52077ff22b61ce80a2ed0b4fe478171ea525cc156401375a0f

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                            Filesize

                                                                                                                                                            7KB

                                                                                                                                                            MD5

                                                                                                                                                            03b7742aa4b55bf4e6878472c8389470

                                                                                                                                                            SHA1

                                                                                                                                                            f4b365f0f267950cfac438cb339a10ba90bc2137

                                                                                                                                                            SHA256

                                                                                                                                                            28ece82f58884eab6dfa4eb8d00a5e9a62a7f2797405f668b5b266386e075d44

                                                                                                                                                            SHA512

                                                                                                                                                            d4fca73118c632e2ec5d2104e3d6e523bd6c7aac6da1bc247811638252f7fd834390a2d0fd1a824e4210fde41a4abb2d89b381cbe327ac68726139eb385b8de5

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                            Filesize

                                                                                                                                                            6KB

                                                                                                                                                            MD5

                                                                                                                                                            7f111b043c6e8bc110df0c6246671a44

                                                                                                                                                            SHA1

                                                                                                                                                            4ee9a7de707ce14bf9530e00064375e68f7adcda

                                                                                                                                                            SHA256

                                                                                                                                                            cea2e2651750b9d6a67c45fdf7b1d1139031c481f74b3f7dad32e661e1d2f5e5

                                                                                                                                                            SHA512

                                                                                                                                                            0cd97763af50d1e3eba2201bd92d0325ae19fb46704c3e86b21ac97c1d7bddb4308f65c61d1c9f12b1459777e3259a5e47b81a4bbd9b7c1f676cea87591d3ae4

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                            Filesize

                                                                                                                                                            8KB

                                                                                                                                                            MD5

                                                                                                                                                            48f022f6decede7ec66fa7576689b92c

                                                                                                                                                            SHA1

                                                                                                                                                            e109fe751292c0edd78eba216aa00ced19c78874

                                                                                                                                                            SHA256

                                                                                                                                                            c40d63f68f506b0f047f377cb8188c98c3fe6c127ff4b0d130242fe3dbd23491

                                                                                                                                                            SHA512

                                                                                                                                                            770d550b5eb14d14e9ea8df5a8af7f4fc91aff8888e9361d3784ddfa4735c7a4a72ccfca9ff02b2ac2214c55f4378eeef47571c29015ea27cc6feebf37ce8fde

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                            Filesize

                                                                                                                                                            8KB

                                                                                                                                                            MD5

                                                                                                                                                            0f40232f580cabc8d58118b6f478f313

                                                                                                                                                            SHA1

                                                                                                                                                            701a6062168fae842198a2c636bf2f990f3aff46

                                                                                                                                                            SHA256

                                                                                                                                                            a022cf0f373c017d564e3a0bd1f0eb0f637641c7dbb0f6f6732427af761b206b

                                                                                                                                                            SHA512

                                                                                                                                                            e06db384ebb432156438fbd0ae9a10ff318710a9d36cd5fad82d5e9f5ae4158ed63cc4925184c7c3c46f44928d99b6fdea0bde229592f847030c7339beb8fd9a

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                            Filesize

                                                                                                                                                            8KB

                                                                                                                                                            MD5

                                                                                                                                                            c4e684cc146836cc222acd6925e1b0a8

                                                                                                                                                            SHA1

                                                                                                                                                            b571de7d5ebc4e1dd1ea2cc87e31dc5aff591197

                                                                                                                                                            SHA256

                                                                                                                                                            5dd3beb7ddc06b0ec91daccd3e4937ec7a7c0284accada92d197a5e61e87d219

                                                                                                                                                            SHA512

                                                                                                                                                            71d8c57f9fb0c7530444af16aad441eeb387875b05ca41372fa7bb7b65084e484eb72952c09b6a442573b376d287b4726ba9d66a1c86729a8c70205acf5fea40

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                                                            Filesize

                                                                                                                                                            89B

                                                                                                                                                            MD5

                                                                                                                                                            146a345c9b33d01747b7046e1aa88a07

                                                                                                                                                            SHA1

                                                                                                                                                            b931cabb86a2da4f5a1538b0f43053f12ad1c463

                                                                                                                                                            SHA256

                                                                                                                                                            5805524f9ab560dab287b28ab38d8d4455c3d98ff31d1a4d5e3fae76952a8d7c

                                                                                                                                                            SHA512

                                                                                                                                                            7cd55d2a223dc3eeff579a042ab1f656d5fc500bb7a1c78a69dab41758360b0c6826d1f5c94dd8ff1f80ded945bcc004ec6a8518d3cbd341aedace68b1382173

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                                                            Filesize

                                                                                                                                                            82B

                                                                                                                                                            MD5

                                                                                                                                                            79134cb25009d88633860be9e24f0a09

                                                                                                                                                            SHA1

                                                                                                                                                            307683c7d7b0a14bb04ba7febc5954b85f7d49d5

                                                                                                                                                            SHA256

                                                                                                                                                            8c9181f1b039c8496af72e04ee7f4a7201b3ee4dbeed9d642559530a7f881ace

                                                                                                                                                            SHA512

                                                                                                                                                            2d20bb2d30b28e6ddd2c182eee5e4e654061c138bf82ef84db46390c500763c2e8ea2db8a034086112f3893e3b8374b6958389fe299a72939372c1c3d93db09f

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                            Filesize

                                                                                                                                                            892B

                                                                                                                                                            MD5

                                                                                                                                                            c5e7bb526beeedaf7ce2129ff4333fa3

                                                                                                                                                            SHA1

                                                                                                                                                            79da94f088c9e55e5b7ffaf5147c4c109d1a53a6

                                                                                                                                                            SHA256

                                                                                                                                                            ddba73042729fe2d1328b1ddf577bc84374fd8d03504893f905103c74fe2f92c

                                                                                                                                                            SHA512

                                                                                                                                                            012efa5edf60f4ded3bcc740558b398435692a6337c84bc016ce90baa156dd5b63f65aa9a6a734672d6898d4a65600bb9efcc3b421a84d398121083143355c22

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                            Filesize

                                                                                                                                                            319B

                                                                                                                                                            MD5

                                                                                                                                                            c6c444bd888cdb8a55bbdca14d4663ea

                                                                                                                                                            SHA1

                                                                                                                                                            09094da29984fc8a1d9215cd3106b9f1b6706eb8

                                                                                                                                                            SHA256

                                                                                                                                                            c4a1d52a73dba87c564fa611691e5a692daeb2ae64a68c471b8a7454e97860a5

                                                                                                                                                            SHA512

                                                                                                                                                            3a6880cef63dbc3331c61dc1a2d57dae5ce6f1dc07bb64a1ff138012c4c95c9d3420db0dd94992021c50dea5435fec87ff8c2491654e88eba74be1d4a8f9b8ab

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13356224898644269

                                                                                                                                                            Filesize

                                                                                                                                                            16KB

                                                                                                                                                            MD5

                                                                                                                                                            4aff28fa5b30831678320ee917b87a05

                                                                                                                                                            SHA1

                                                                                                                                                            f6cc6c16830bca63bb67c1c7834966f78186afde

                                                                                                                                                            SHA256

                                                                                                                                                            e7f8dc7f2d4fc6b8c55b7677679154f534897cc0e8b2894cdb62f4417fbd65bb

                                                                                                                                                            SHA512

                                                                                                                                                            18da65c6daaeaf70fe9f3f44667400c21a998a0fa552e4bd40b8e8579dac04eb2ec66496beb1c49433112dbc3f2e95c10feae5460b1334621f5ddc0543adb896

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                            Filesize

                                                                                                                                                            112B

                                                                                                                                                            MD5

                                                                                                                                                            df5222ebfc64c0b71d600fe0a21c3907

                                                                                                                                                            SHA1

                                                                                                                                                            c96b9d41aa98eff0debd5294c88ed7670cab6192

                                                                                                                                                            SHA256

                                                                                                                                                            67fa6698c93f87d460ab7ce1809a49d1f7eebbf4847c0538a24f8681e106fd07

                                                                                                                                                            SHA512

                                                                                                                                                            7a8f3933e628e01a3b6a1a43685b06da68a6a03b3981f76ebd733cfbee3626c3e001716fec166511e4a0eec566ef7d5c1ba47eb935c5d56e8ae9494605dfc2ab

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                            Filesize

                                                                                                                                                            350B

                                                                                                                                                            MD5

                                                                                                                                                            8a7521356ea40cd0525ef86363185838

                                                                                                                                                            SHA1

                                                                                                                                                            dbbee265f1898297b68e7598f8ed6b6fafb938c5

                                                                                                                                                            SHA256

                                                                                                                                                            feb666a3ed7c5843b6d3fa21629584dbd3ced7f5cfd9b3ee9c4ab070195d2d14

                                                                                                                                                            SHA512

                                                                                                                                                            f8db68627fe5a42a31c082506f553cbd370bebd5667f5802e297297f81119195ca76d61238191ad02be969addf8219ace12c1326ff7160ea1305ff32d22f717d

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                            Filesize

                                                                                                                                                            326B

                                                                                                                                                            MD5

                                                                                                                                                            2665fea7d62ff709f57f2d94e3aeff74

                                                                                                                                                            SHA1

                                                                                                                                                            627ee3f9cd9b8a1d34bb2ba961f8a4b3eaa6419e

                                                                                                                                                            SHA256

                                                                                                                                                            c1eea45bd4a83d33c6e2ca75922403c84327067eadd15455cf9dec1c731060ca

                                                                                                                                                            SHA512

                                                                                                                                                            616e746b16592f8cf7c68cce7634cf5d69c7bc4e385697b56ed9f2204f09ad0dfe879e698b166dddce2d0a725b77f1f787d98c766baafe07352cb68bebe1c2fb

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                            Filesize

                                                                                                                                                            1KB

                                                                                                                                                            MD5

                                                                                                                                                            1b5c48d42b96d6d074960064ff7e6ceb

                                                                                                                                                            SHA1

                                                                                                                                                            87c9ce753a187396a01edacd7e4a346785ac50b3

                                                                                                                                                            SHA256

                                                                                                                                                            21ce19536f992d9e8afaddaf91b06df5ea7a7ba6038c5d64688148a208c738da

                                                                                                                                                            SHA512

                                                                                                                                                            ce7763cfb7965e22f3d63499149ab377d2e81a76cc35f26ddcaf4c0f45da319ec6a8b39e24aa377a1295292029e2d7fd613676d909cedc1c3a8c2995959731b1

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                            Filesize

                                                                                                                                                            2KB

                                                                                                                                                            MD5

                                                                                                                                                            fc8ad49ecc291e332e5daab1e3b7cdab

                                                                                                                                                            SHA1

                                                                                                                                                            df0f50d413bf41e2b1812da424cfd2bccb654a49

                                                                                                                                                            SHA256

                                                                                                                                                            e7098f6dfb1501748a926dd902ed22d7bf0a6494597ffdce122878957ded6b6b

                                                                                                                                                            SHA512

                                                                                                                                                            07dac810192383e1e02a11dd7cc38ebc545ea058502db8c36d69c06eb3a5fa584adc5928e37a50eb8c72f204a24f658c4a03d0dc8ff9465a4f6324e8be31e00b

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                            Filesize

                                                                                                                                                            2KB

                                                                                                                                                            MD5

                                                                                                                                                            59c2b2c7eb335b6e0932a5c7b7c8330d

                                                                                                                                                            SHA1

                                                                                                                                                            f96c1448eb0a5171762bc375b78a0b7acc572b47

                                                                                                                                                            SHA256

                                                                                                                                                            5634b8c3459a8498045a531537eeebf524fcaa0e47901b003c9abb22161e005e

                                                                                                                                                            SHA512

                                                                                                                                                            ec4e777072c3f6161d9f54682d0603050ab017d35d92d7c3368ab626a5e8a99235b2dc749e0ebb6979477bfe8a2d93042a202ec9052cadfda7379319bd922f26

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                            Filesize

                                                                                                                                                            2KB

                                                                                                                                                            MD5

                                                                                                                                                            b7976c8f82a12fd527de26a9f00a0a4e

                                                                                                                                                            SHA1

                                                                                                                                                            9949015f1488f8ced13b9a1a5bb021fed681e1ce

                                                                                                                                                            SHA256

                                                                                                                                                            acc44af8a0ad6f128c289dc668357d4859193db24e449bb10ba1c158f8b66104

                                                                                                                                                            SHA512

                                                                                                                                                            3128fd2f96dec140e788886fcfc972ca8c5ab3134f15fe4dc3ad857786e0e898e8818633dc5456eab98c2234f9140cda2dd2bd623b03d25d9a649b8c356385e8

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                            Filesize

                                                                                                                                                            2KB

                                                                                                                                                            MD5

                                                                                                                                                            f1ff6a5d182133589e95d9d7a4301f27

                                                                                                                                                            SHA1

                                                                                                                                                            a30bcc72b888aa80c9f9d789503885a4b59dae7e

                                                                                                                                                            SHA256

                                                                                                                                                            b6bd0fef18565a0596c6400e44f45da90f7d7e3de4708e9688ee67672b831962

                                                                                                                                                            SHA512

                                                                                                                                                            9c63e151d7d6cc27ebad265790aaa4016b89e3079fb4c46cac86223ef1768576aef5c0e84969bb5e6f05d99ebe352110c704a209ef296b198cd087cfd24fbc42

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                            Filesize

                                                                                                                                                            2KB

                                                                                                                                                            MD5

                                                                                                                                                            1b5bcb1bd27b9713d7f55858ea001b9c

                                                                                                                                                            SHA1

                                                                                                                                                            9325bb6f16bfb72d3dc897b61f81af3780b8e6c6

                                                                                                                                                            SHA256

                                                                                                                                                            3a28ee2840fba700fae36b459aa746a235914388f2230a332f9676f971c54d7f

                                                                                                                                                            SHA512

                                                                                                                                                            5773a09537ce7bfae1218677959c7d1b76d06379ae1b04dfce444127cee66ce1615b64e96c4e48e649e7af8e5373c85846fa4c31d2474ee0e5b99b498406c405

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d84f.TMP

                                                                                                                                                            Filesize

                                                                                                                                                            706B

                                                                                                                                                            MD5

                                                                                                                                                            39543b8f7fcbf574862cbd437e4bc6a8

                                                                                                                                                            SHA1

                                                                                                                                                            ba30bc3e0138af7443d0c7a2b702eeec5a510a29

                                                                                                                                                            SHA256

                                                                                                                                                            e3a0a0c72a957132da0cce60fb2528c255dbc3a7867add64e0f4266ad1d6f218

                                                                                                                                                            SHA512

                                                                                                                                                            94dd6365207ec01e28532c1c1ffd366637c838d49eea517c0b61fdf369fc366de8449281609de0be19062920a0b9ff1bc803358e98a106f9f73c1404fa0bb31e

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                            Filesize

                                                                                                                                                            128KB

                                                                                                                                                            MD5

                                                                                                                                                            e44397f99eba53634478397bba9035b4

                                                                                                                                                            SHA1

                                                                                                                                                            aee08aa8b3d3177024992d0cea348eab743369e6

                                                                                                                                                            SHA256

                                                                                                                                                            c9c0313c319b3461cc05923632430992fe3637b7217d560995e0c2a9cd8ee2d6

                                                                                                                                                            SHA512

                                                                                                                                                            95ecbcd31a648c1cf318286cc8f968ecd425212d190efe1cb5c8b1d4d86ecadb28e4917e0812ac289a4decec6b5463acb22da4769e7bfc3dae280fe976d1a8cb

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                            Filesize

                                                                                                                                                            116KB

                                                                                                                                                            MD5

                                                                                                                                                            c6a28ea0ec00c71fa90087a2d311338a

                                                                                                                                                            SHA1

                                                                                                                                                            501e3d72c554894831d9766154b5404d6b82cdf4

                                                                                                                                                            SHA256

                                                                                                                                                            e6ce62b2eedd45ea2f85f9fdf9feb1b099544c58ebf555f56656fa565f6b358f

                                                                                                                                                            SHA512

                                                                                                                                                            33366ba8e14697e9011e0deb2b4014ae1b97d998b0e6f53fbad6981920b9e2d46515451893cbafa3aa343080575ff249f7814e2459a1398afcba58d8a0787a39

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                            Filesize

                                                                                                                                                            16B

                                                                                                                                                            MD5

                                                                                                                                                            aefd77f47fb84fae5ea194496b44c67a

                                                                                                                                                            SHA1

                                                                                                                                                            dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                                                                                            SHA256

                                                                                                                                                            4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                                                                                            SHA512

                                                                                                                                                            b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                            Filesize

                                                                                                                                                            16B

                                                                                                                                                            MD5

                                                                                                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                            SHA1

                                                                                                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                            SHA256

                                                                                                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                            SHA512

                                                                                                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                            Filesize

                                                                                                                                                            16B

                                                                                                                                                            MD5

                                                                                                                                                            589c49f8a8e18ec6998a7a30b4958ebc

                                                                                                                                                            SHA1

                                                                                                                                                            cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

                                                                                                                                                            SHA256

                                                                                                                                                            26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

                                                                                                                                                            SHA512

                                                                                                                                                            e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                                                                            Filesize

                                                                                                                                                            72KB

                                                                                                                                                            MD5

                                                                                                                                                            9d988f36de8d7279f04e9b4c65e5cc74

                                                                                                                                                            SHA1

                                                                                                                                                            09d2a5da6509dca3c215e4c1479a333e7443f756

                                                                                                                                                            SHA256

                                                                                                                                                            e8b3d92f9080fa32bc0646155d0a9b991c8af65a5f27375a529fb13c9af83372

                                                                                                                                                            SHA512

                                                                                                                                                            0e17a8b392e7696e52a8c6358a057932e65b3eda584f9cf8c0449b25acc2fbf1714d7360bfa39e4f4902e6239b86c78b65c65cccb5c98f6052942ced2a1c95ef

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                            Filesize

                                                                                                                                                            5KB

                                                                                                                                                            MD5

                                                                                                                                                            cf52dd82fa7f5d925f8103baaf8a7a2e

                                                                                                                                                            SHA1

                                                                                                                                                            cfea8004bab37b42b6d087674cf8442e2235f65b

                                                                                                                                                            SHA256

                                                                                                                                                            4132cdb96def3824076fc134a4d9fbe3d1fec064518e40762de3738baf9c2695

                                                                                                                                                            SHA512

                                                                                                                                                            e219fbe32eddffb4990bd09bd548e3c3c50d5afc2d7d7110ab98fe4214be1f7dbd35c1e7b6b27c8dffe3f29e40835351f55ae6d2d72f80ffd3a9a66146cc9ce1

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                            Filesize

                                                                                                                                                            319B

                                                                                                                                                            MD5

                                                                                                                                                            5275079e9bd410b78103c90d8212944c

                                                                                                                                                            SHA1

                                                                                                                                                            29553f83e72110c6e9077266990e7483e44c5bc7

                                                                                                                                                            SHA256

                                                                                                                                                            1a6b1cd013e13c813c3f3a192980ecf3d72dcb017fb3b3e1853514980fe2d310

                                                                                                                                                            SHA512

                                                                                                                                                            f626a1777c88eb7237609b91901b9d77f5fc83ae03d94103145c737f20739ded8f30fad06d7c09a61e093c411906db4b2cd6c6b40fbd4d5e7d1b2071abb38864

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                            Filesize

                                                                                                                                                            565B

                                                                                                                                                            MD5

                                                                                                                                                            1946874c4a2832e3142779c2954adb44

                                                                                                                                                            SHA1

                                                                                                                                                            032a9bf622565b3fb94305af3defdedf6408be6b

                                                                                                                                                            SHA256

                                                                                                                                                            fb63d6feb3f48cd9882493df3e5fcf8f512ee4e44ebbf9dec1fcc4f096113fcb

                                                                                                                                                            SHA512

                                                                                                                                                            787b34a5976d244ece201a65c1ddf23befae9a4537d0bb05b434a3791b1849f796752a8902b210898208010dd5eb57d7b8ceae64609147d528f650cd577dd636

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                            Filesize

                                                                                                                                                            337B

                                                                                                                                                            MD5

                                                                                                                                                            8300f847e05400defe36f5c7670c327b

                                                                                                                                                            SHA1

                                                                                                                                                            b868b7dece09e961886fc0e86714026a189db3f1

                                                                                                                                                            SHA256

                                                                                                                                                            ed3b869254634ff46fb414c4d9d794b79b1011de2b4d98f15ec2914b8303efbf

                                                                                                                                                            SHA512

                                                                                                                                                            47c3ac5353c376201b4b000a518e0a6065fe2f4ccf7e9d4d50c4a44ab991e9346d8b3b0c769b91dafe409aee2c79cf67e7768a5986abb5c682e947b83359f4f8

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                                                                                                                            Filesize

                                                                                                                                                            44KB

                                                                                                                                                            MD5

                                                                                                                                                            827abb8a49a5e55ff48533c8bf447ddf

                                                                                                                                                            SHA1

                                                                                                                                                            423eb89ae53ef2377ca800faf22160d6efd49b88

                                                                                                                                                            SHA256

                                                                                                                                                            46f59f3b4c54bd48eee4f71452e54dcc28543e4ccd9cc7a1826c9bb945dc54a0

                                                                                                                                                            SHA512

                                                                                                                                                            445908b25f8ec5b11754f39942307b89e8097345657fea66827c38d88a5c94d9dbfaf6b829a7e0ce161eb848541144e3b9201e7bc8c0009040e93d810991cdc4

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

                                                                                                                                                            Filesize

                                                                                                                                                            264KB

                                                                                                                                                            MD5

                                                                                                                                                            b217d0ed0a51e8fcbecad13dd718ef0d

                                                                                                                                                            SHA1

                                                                                                                                                            86314346ba40aeafbdab293d41def55381064272

                                                                                                                                                            SHA256

                                                                                                                                                            1b0418918a4de28af22699ffc6933db52f40f8ca1158a0feaaeef13d29f652c5

                                                                                                                                                            SHA512

                                                                                                                                                            7bb3904b518d534c5fb0972ea2a444a9b2e8003ea7356b91d06b134454c2fc625e59a1751aa1e6a546f0804b806fb23fd611226cee0a371b20a5851287f4e420

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                            Filesize

                                                                                                                                                            11B

                                                                                                                                                            MD5

                                                                                                                                                            838a7b32aefb618130392bc7d006aa2e

                                                                                                                                                            SHA1

                                                                                                                                                            5159e0f18c9e68f0e75e2239875aa994847b8290

                                                                                                                                                            SHA256

                                                                                                                                                            ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                                                                                                                            SHA512

                                                                                                                                                            9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                            Filesize

                                                                                                                                                            12KB

                                                                                                                                                            MD5

                                                                                                                                                            a36a3e8796ed4129185ac039187f0652

                                                                                                                                                            SHA1

                                                                                                                                                            b397ba04fc3872b578648dc161da22aff71820a1

                                                                                                                                                            SHA256

                                                                                                                                                            7362afffd7bf4a1bed35c3659e9a9e017740f9abd613b5f8ef40b147864da05f

                                                                                                                                                            SHA512

                                                                                                                                                            47bf73e6a1cac56c8b659a3da1bc2c4f6ec01f3005c1da88fd7aeae7b1190eb80f546cf99e7cfd14254421f5ca2da7591734fa495bbbfbb3c2fc82d0d5c8e8eb

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                            Filesize

                                                                                                                                                            12KB

                                                                                                                                                            MD5

                                                                                                                                                            06949332afc9f24d8bc890e7bd91504e

                                                                                                                                                            SHA1

                                                                                                                                                            099150626413889dbd228011ef3973b443fd6aae

                                                                                                                                                            SHA256

                                                                                                                                                            1502e107bf95f9462d89d8bd964ad52c4f7c5201009c5c03260c3ae8c2518ece

                                                                                                                                                            SHA512

                                                                                                                                                            295d5978dc30653418d26970c0b2a7a94751233fd1e2e67a201886459eb37aae0b7e1a9694b8ded3f988dcd02d3fc01958200664fd38fecb148f79e2d6ed950b

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                            Filesize

                                                                                                                                                            12KB

                                                                                                                                                            MD5

                                                                                                                                                            867e5d16e35784cfc71f86d6cc86b2ab

                                                                                                                                                            SHA1

                                                                                                                                                            f800e45b48292946d14794508c8f6bd3bffa6152

                                                                                                                                                            SHA256

                                                                                                                                                            8650a905c51051d47c8d5b3a2c05086bd8bc2b0e66cbaf71be13480ac0ad932a

                                                                                                                                                            SHA512

                                                                                                                                                            457e2d44510f892e3b7eb3d6c757815d784541b71691b6e3ea071981cf3571955014fd062dcd6a78f3cf00f5c9f1ceeb557a6c232d2eaf3ad686793b8c80bfe5

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                            Filesize

                                                                                                                                                            12KB

                                                                                                                                                            MD5

                                                                                                                                                            e97e995bea27393017a6dd8d350cd341

                                                                                                                                                            SHA1

                                                                                                                                                            60ce2737b68f102cce28537949193a5bcccebddf

                                                                                                                                                            SHA256

                                                                                                                                                            189ea017df7082ed9fe5bbf05f9de982dd69c0d909aa428f48bce4855a5caf86

                                                                                                                                                            SHA512

                                                                                                                                                            182c97a9b75fde8b64b41d2a57fa20fde5ad7d01c0aa54e2a7d8f1b106b4fb14945193a2f55cc9f29be1c6db10d100ce50f1302fda64f834db1f744d47fb7b88

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                            Filesize

                                                                                                                                                            11KB

                                                                                                                                                            MD5

                                                                                                                                                            069e818d0546b4fc7a991672bd62f6cf

                                                                                                                                                            SHA1

                                                                                                                                                            6b6ed8e50bd0b24c4c0c0c10c45c97389d74aee3

                                                                                                                                                            SHA256

                                                                                                                                                            3a51f92be2ef369731e91a66a76a52d505cbd5218060585d99184dcc0c6d926a

                                                                                                                                                            SHA512

                                                                                                                                                            6969e834607d55884d500f5f8c6a7c05732399ae713de1a292046cca8d69a4e6feb8fc391ecdd44187aae0354669def56e873d636b21e4ac1be95885d43d914a

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                            Filesize

                                                                                                                                                            12KB

                                                                                                                                                            MD5

                                                                                                                                                            8f0fc62cfa2d4cf4ac21e0feb889013e

                                                                                                                                                            SHA1

                                                                                                                                                            255084dd57363a606be7f33a4af871e5acf64fa9

                                                                                                                                                            SHA256

                                                                                                                                                            a63b99b590b3280b00535581175a45296bc0520dda97e56942aac4abd42e1a26

                                                                                                                                                            SHA512

                                                                                                                                                            2d2dae288e9d9660a6f0618b310f7e2fc4b6323d8ef50d11e6f8dd47f6df8ff2182bf950d5da843fc184fd3278672a883b4b4df1b35023eda5a1511188eb8bd1

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                                                                                                                            Filesize

                                                                                                                                                            264KB

                                                                                                                                                            MD5

                                                                                                                                                            319fc2ee3abf5d92696509cab78de7a3

                                                                                                                                                            SHA1

                                                                                                                                                            c6d40626640a8cbe139b04093d99cc71ea042428

                                                                                                                                                            SHA256

                                                                                                                                                            9ce719bb86c365f73320ddbbd9b15142de4a4db24addcbabd3bee3eb1bb4f75d

                                                                                                                                                            SHA512

                                                                                                                                                            81069200c3cce4b6dfff5d4edb8df2b4732d737fd868f39aae19845b460d5823e02b7179f6d4232064b538a5ba20ca9658d15784b419abc3c660474d9d51e114

                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                            MD5

                                                                                                                                                            faea0a493502da28d06bb7ed833edda6

                                                                                                                                                            SHA1

                                                                                                                                                            a6a5ca440e4f1524bd959f2c4341d8f089059cbe

                                                                                                                                                            SHA256

                                                                                                                                                            1fb0fee73a8cacace3ee150ffece7c24c1c208569fa40a98251d814a4fe2fa4f

                                                                                                                                                            SHA512

                                                                                                                                                            141434f133916a3563ee627ed58315393c5383b8ebb337d149a4b0c041d1cdaedf09126e08e58b1e651fe2d403ff3509744928f892a7edae89cdbadb2428c09d

                                                                                                                                                          • C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition.zip

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                            MD5

                                                                                                                                                            de0724e9b662c97a8131d593ae03e1e8

                                                                                                                                                            SHA1

                                                                                                                                                            2367807d0405ef6d7cef00f0b145c29823dd5128

                                                                                                                                                            SHA256

                                                                                                                                                            aac5b302910be9b2c904f039129d3c42eb1e4b1539ef6de621669793a95c7e69

                                                                                                                                                            SHA512

                                                                                                                                                            753baf929259237f987d1c8251c13a2d0c72ec34c332b1c103ea501c5ce68628d41092d404ff02b7c58709fb51c266489a96453e502533c2804a884446c18e64

                                                                                                                                                          • C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition.zip

                                                                                                                                                            Filesize

                                                                                                                                                            2.2MB

                                                                                                                                                            MD5

                                                                                                                                                            5e9879dfb0eb64e734c28f514f208418

                                                                                                                                                            SHA1

                                                                                                                                                            0b5e8d1f6c777a07b6da9de781e7525d6c0b7562

                                                                                                                                                            SHA256

                                                                                                                                                            72029d0005d9b3130cdbdba3d6d6129a817f073b5eaedd79345729042e586a25

                                                                                                                                                            SHA512

                                                                                                                                                            df9017285c26e528765e89f70d148f5654dad3797839aff610e017d2afe30b55f3df54a46633ce9dc8de8b984ab3b38db6bcabbb8adf3fb561fa36c9fd383bea

                                                                                                                                                          • C:\Users\Admin\Downloads\NjRat.0.7D.zip

                                                                                                                                                            Filesize

                                                                                                                                                            9.2MB

                                                                                                                                                            MD5

                                                                                                                                                            6a4984809b0b295b75d8a52095a70f73

                                                                                                                                                            SHA1

                                                                                                                                                            5b7fd2737d6f7c5541c17704534f7602f7465b8d

                                                                                                                                                            SHA256

                                                                                                                                                            902576f7f90174513a45bc82796b82c9264a57c82c0c72b7c9bf11e7da6bba96

                                                                                                                                                            SHA512

                                                                                                                                                            f54954b82b36c57604960c020e5674e413ca61a61111290c1712036d1f00175f1263967c5ce3674c5d28e606d3c06013d0d331faba24a3a1d77bd38429f22a1d

                                                                                                                                                          • C:\Users\Admin\Downloads\Quasar.v1.4.1.zip

                                                                                                                                                            Filesize

                                                                                                                                                            3.3MB

                                                                                                                                                            MD5

                                                                                                                                                            13aa4bf4f5ed1ac503c69470b1ede5c1

                                                                                                                                                            SHA1

                                                                                                                                                            c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

                                                                                                                                                            SHA256

                                                                                                                                                            4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

                                                                                                                                                            SHA512

                                                                                                                                                            767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

                                                                                                                                                          • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

                                                                                                                                                            Filesize

                                                                                                                                                            295B

                                                                                                                                                            MD5

                                                                                                                                                            974dd16df8c211da21a85a8e87259f7e

                                                                                                                                                            SHA1

                                                                                                                                                            83d7c063acdfd1aa5f266db4af03496f3b9b20c7

                                                                                                                                                            SHA256

                                                                                                                                                            3717ea0b89c1a37fd99d22dddf7ccd448cedf3bf88027f9eef76c8968b8292ac

                                                                                                                                                            SHA512

                                                                                                                                                            e22a6d250a1881e948e8c9606cddbd7489fd55956246475cdaf3260e9eff76bba392faaef5702dc6eb659b9fde9fe596ad69af7773eff0a0381322af39c380bd

                                                                                                                                                          • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

                                                                                                                                                            Filesize

                                                                                                                                                            1004B

                                                                                                                                                            MD5

                                                                                                                                                            ef1e8d1a915b5c7ac5f47a6b2fe70583

                                                                                                                                                            SHA1

                                                                                                                                                            be20868a7f6e5e7c27be6d1f2bb9dae37c4abb53

                                                                                                                                                            SHA256

                                                                                                                                                            3d15ad3a96ab972a9130cd522c492c914aa1960c4a1bbc3acd59b70226996212

                                                                                                                                                            SHA512

                                                                                                                                                            45cf45e10617221b9f345f95710b3a2bbb8432799d531752e057f90934465e49bbdd930b4cef137395fb250324135ec034d266239f4b0063ecc792135b22db37

                                                                                                                                                          • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                            MD5

                                                                                                                                                            c67f2ba9ff375923ff9f967c6c50d24e

                                                                                                                                                            SHA1

                                                                                                                                                            3f9c60480f9a2b452194647e88717dd9a7377626

                                                                                                                                                            SHA256

                                                                                                                                                            a599b504cfe502a1925efda741afa283d9bfa270aa62f85ad7b1e9beb3c91609

                                                                                                                                                            SHA512

                                                                                                                                                            ea20e6408aba722d9497630efe84f129f6579ff719805c8fbbe7b6bf1888de0203d1c68b0f78a2a15ee428251425cd473d5baaae985ffb30551c58244c34adc7

                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 816095.crdownload

                                                                                                                                                            Filesize

                                                                                                                                                            15.8MB

                                                                                                                                                            MD5

                                                                                                                                                            18b9e23e509ff221ebb1b8a0ce4bc82b

                                                                                                                                                            SHA1

                                                                                                                                                            bacab6a415515e94b3083c4f7ebda6a82e1d4c7f

                                                                                                                                                            SHA256

                                                                                                                                                            4b649c32035e383706673ffe6471d6c711989a206d6f96fdd905dda207a5f0cb

                                                                                                                                                            SHA512

                                                                                                                                                            26091095397f3b229439bb4838f3321de63b9084beab20391a3f85fa8038836d9d0a96a44c7de1d860b182d0b072e0c752494201eb50fd36444cfe742d310ca1

                                                                                                                                                          • memory/184-1145-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/184-1147-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/184-1159-0x0000000001C20000-0x0000000001C30000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/184-1170-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/1704-1185-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/1704-1181-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/1704-1176-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/1704-1177-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/1704-1178-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/1704-1179-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/1704-1180-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/1704-1184-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/1704-1183-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/1704-1182-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/2308-1173-0x0000000001620000-0x0000000001630000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/2308-1172-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/2956-1137-0x0000000000900000-0x0000000000910000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/2996-570-0x00000220D14E0000-0x00000220D14F0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/2996-573-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            10.8MB

                                                                                                                                                          • memory/2996-569-0x00000220D14E0000-0x00000220D14F0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/2996-566-0x00000220CF6A0000-0x00000220CF7D8000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.2MB

                                                                                                                                                          • memory/2996-568-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            10.8MB

                                                                                                                                                          • memory/2996-567-0x00000220CFBD0000-0x00000220CFBE6000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            88KB

                                                                                                                                                          • memory/2996-571-0x00000220D14E0000-0x00000220D14F0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/2996-577-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            10.8MB

                                                                                                                                                          • memory/2996-572-0x00000220ECF40000-0x00000220ED26E000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            3.2MB

                                                                                                                                                          • memory/3216-605-0x00000176FAD30000-0x00000176FAD80000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            320KB

                                                                                                                                                          • memory/3216-670-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            10.8MB

                                                                                                                                                          • memory/3216-578-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            10.8MB

                                                                                                                                                          • memory/3216-579-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/3216-580-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/3216-581-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/3216-587-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            10.8MB

                                                                                                                                                          • memory/3216-604-0x00000176FAAE0000-0x00000176FAAF8000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            96KB

                                                                                                                                                          • memory/3216-606-0x00000176FB690000-0x00000176FB742000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            712KB

                                                                                                                                                          • memory/3216-607-0x00000176FB5D0000-0x00000176FB61C000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            304KB

                                                                                                                                                          • memory/3216-608-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/3216-609-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/3216-610-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/3216-611-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4512-1189-0x0000000001170000-0x0000000001180000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4512-1188-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/4512-1186-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/4512-1187-0x0000000001170000-0x0000000001180000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1128-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1127-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1119-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/4580-1121-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1122-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1123-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1124-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1125-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/4580-1126-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/4580-1120-0x0000000074CF0000-0x00000000752A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            5.7MB

                                                                                                                                                          • memory/4580-1175-0x000000003CE40000-0x000000003CF40000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1024KB

                                                                                                                                                          • memory/4580-1135-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1129-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1171-0x000000003CE40000-0x000000003CF40000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1024KB

                                                                                                                                                          • memory/4580-1130-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1160-0x000000003CE40000-0x000000003CF40000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1024KB

                                                                                                                                                          • memory/4580-1131-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1132-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1133-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            64KB

                                                                                                                                                          • memory/4580-1134-0x000000003CE40000-0x000000003CF40000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1024KB