Malware Analysis Report

2025-04-13 12:14

Sample ID 240329-2dl7ssbd6t
Target http://youtube.com
Tags
quasar spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://youtube.com was found to be: Known bad.

Malicious Activity Summary

quasar spyware trojan

Quasar RAT

Quasar payload

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Program crash

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-29 22:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-29 22:28

Reported

2024-03-29 22:36

Platform

win10v2004-20240226-en

Max time kernel

515s

Max time network

509s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D\dotNET_Reactor.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\MRUListEx = ffffffff C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\NodeSlot = "5" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 50003100000000005a589879100041646d696e003c0009000400efbe5a5841717d5888b32e00000084e1010000000100000000000000000000000000000029445800410064006d0069006e00000014000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "8" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3045580317-3728985860-206385570-1000\{3E6516E0-265F-4091-903D-87A91AA4BC59} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3045580317-3728985860-206385570-1000\{C1215A70-B147-4A7C-A9D3-0FC1F2C8C042} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 84003100000000007d58aeb31100444f574e4c4f7e3100006c0009000400efbe5a5841717d58aeb32e0000008ce10100000001000000000000000000420000000000d7e35c0044006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 = 66003100000000007d58aeb310005155415341527e312e3100004c0009000400efbe7d58aeb37d58aeb32e000000b4d80100000006000000000000000000000000000000705b53005100750061007300610072002e00760031002e0034002e00310000001a000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition\NjRat 0.7D Danger Edition.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition\NjRat 0.7D Danger Edition.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition\NjRat 0.7D Danger Edition.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2008 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8124c46f8,0x7ff8124c4708,0x7ff8124c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3312 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe

"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\b67c3cd428e9442f91949ad6c78c1f5b /t 1900 /p 2996

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe

"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ff8124c46f8,0x7ff8124c4708,0x7ff8124c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe

"C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4c8 0x418

C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Client.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C dotNET_Reactor.exe -file "C:\Users\Admin\Desktop\Client.exe" -admin 0 -shownagscreen 0 -showloadingscreen 0 -targetfile "C:\Users\Admin\Desktop\Client.exe" -antitamp 1 -compression 1 -control_flow_obfuscation 1 -flow_level 9 -nativeexe 0 -necrobit 1 -necrobit_comp 1 -prejit 0 -incremental_obfuscation 1 -obfuscate_public_types 1 -resourceencryption 1 -stringencryption 1 -antistrong 1

C:\Users\Admin\Downloads\NjRat.0.7D\dotNET_Reactor.exe

dotNET_Reactor.exe -file "C:\Users\Admin\Desktop\Client.exe" -admin 0 -shownagscreen 0 -showloadingscreen 0 -targetfile "C:\Users\Admin\Desktop\Client.exe" -antitamp 1 -compression 1 -control_flow_obfuscation 1 -flow_level 9 -nativeexe 0 -necrobit 1 -necrobit_comp 1 -prejit 0 -incremental_obfuscation 1 -obfuscate_public_types 1 -resourceencryption 1 -stringencryption 1 -antistrong 1

C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe

"C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2308 -ip 2308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 440

C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe

"C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe"

C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition\NjRat 0.7D Danger Edition.exe

"C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition\NjRat 0.7D Danger Edition.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8124c46f8,0x7ff8124c4708,0x7ff8124c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition\NjRat 0.7D Golden Edition - Rus.exe

"C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition\NjRat 0.7D Golden Edition - Rus.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
NL 172.217.23.206:80 youtube.com tcp
NL 172.217.23.206:80 youtube.com tcp
NL 172.217.23.206:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.179.142:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
BE 108.177.15.84:443 accounts.google.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.15.177.108.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 104.86.110.107:443 www.bing.com tcp
GB 104.86.110.107:443 www.bing.com tcp
GB 104.86.110.107:443 www.bing.com tcp
GB 104.86.110.107:443 www.bing.com tcp
GB 104.86.110.107:443 www.bing.com tcp
GB 104.86.110.107:443 www.bing.com tcp
US 8.8.8.8:53 107.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.18.66.179:443 r.bing.com tcp
GB 2.18.66.179:443 r.bing.com tcp
GB 2.18.66.42:443 th.bing.com tcp
GB 2.18.66.42:443 th.bing.com tcp
US 8.8.8.8:53 179.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 42.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 104.86.111.163:443 aefd.nelreports.net tcp
GB 104.86.111.163:443 aefd.nelreports.net udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 163.111.86.104.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 41.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 40.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.246.116.51.in-addr.arpa udp
GB 104.86.110.115:443 www.bing.com tcp
GB 104.86.110.115:443 www.bing.com tcp
GB 104.86.110.115:443 www.bing.com udp
US 8.8.8.8:53 115.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.18.66.163:443 r.bing.com tcp
GB 2.18.66.163:443 r.bing.com tcp
GB 2.18.66.88:443 r.bing.com tcp
GB 2.18.66.88:443 r.bing.com tcp
US 8.8.8.8:53 163.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.66.18.2.in-addr.arpa udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
GB 2.18.66.163:443 r.bing.com udp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
GB 2.18.66.48:443 www.bing.com udp
GB 2.18.66.48:443 www.bing.com tcp
US 8.8.8.8:53 48.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.18.66.170:443 th.bing.com udp
GB 104.86.110.123:443 r.bing.com udp
GB 2.18.66.170:443 th.bing.com udp
US 8.8.8.8:53 170.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 123.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.3:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0764f5481d3c05f5d391a36463484b49
SHA1 2c96194f04e768ac9d7134bc242808e4d8aeb149
SHA256 cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3
SHA512 a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

\??\pipe\LOCAL\crashpad_2008_ZPAPGHKHHHHIPPYK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e494d16e4b331d7fc483b3ae3b2e0973
SHA1 d13ca61b6404902b716f7b02f0070dec7f36edbf
SHA256 a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165
SHA512 016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 feb7172378569d1be7246273a4289004
SHA1 de58e3e5d5b9709a7fdf670c08177c878b3ecebc
SHA256 a2b5d1b213165e758e3045e907acd055ce4130363b493b3b35cb8505b4806f51
SHA512 dc38fcede493792025c4572f94dd52e6d3a7c7d51b653cb09b2513a692bb4cbdd117703f41e32079d7a83af89f819dff5691ea5c77351bbff49d9c634749e94c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 069e818d0546b4fc7a991672bd62f6cf
SHA1 6b6ed8e50bd0b24c4c0c0c10c45c97389d74aee3
SHA256 3a51f92be2ef369731e91a66a76a52d505cbd5218060585d99184dcc0c6d926a
SHA512 6969e834607d55884d500f5f8c6a7c05732399ae713de1a292046cca8d69a4e6feb8fc391ecdd44187aae0354669def56e873d636b21e4ac1be95885d43d914a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f111b043c6e8bc110df0c6246671a44
SHA1 4ee9a7de707ce14bf9530e00064375e68f7adcda
SHA256 cea2e2651750b9d6a67c45fdf7b1d1139031c481f74b3f7dad32e661e1d2f5e5
SHA512 0cd97763af50d1e3eba2201bd92d0325ae19fb46704c3e86b21ac97c1d7bddb4308f65c61d1c9f12b1459777e3259a5e47b81a4bbd9b7c1f676cea87591d3ae4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 146a345c9b33d01747b7046e1aa88a07
SHA1 b931cabb86a2da4f5a1538b0f43053f12ad1c463
SHA256 5805524f9ab560dab287b28ab38d8d4455c3d98ff31d1a4d5e3fae76952a8d7c
SHA512 7cd55d2a223dc3eeff579a042ab1f656d5fc500bb7a1c78a69dab41758360b0c6826d1f5c94dd8ff1f80ded945bcc004ec6a8518d3cbd341aedace68b1382173

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 79134cb25009d88633860be9e24f0a09
SHA1 307683c7d7b0a14bb04ba7febc5954b85f7d49d5
SHA256 8c9181f1b039c8496af72e04ee7f4a7201b3ee4dbeed9d642559530a7f881ace
SHA512 2d20bb2d30b28e6ddd2c182eee5e4e654061c138bf82ef84db46390c500763c2e8ea2db8a034086112f3893e3b8374b6958389fe299a72939372c1c3d93db09f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c388bd27751f7480797e0d43070bc95c
SHA1 86c3bfe96333f0f2f15f81db2f1b7a05fac67224
SHA256 b88451720c2fd14d1beba3870e9c115464ec91f602ab0f3a4a5f76f008f26a2a
SHA512 2ae6ba1900fa8a931c1378029e4d431e492a6e7ec8ca98208c95358e466731df9a245b93ec084309e3515d94e4fba0423366e51ac020ffd369ecd29a03d997f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d84f.TMP

MD5 39543b8f7fcbf574862cbd437e4bc6a8
SHA1 ba30bc3e0138af7443d0c7a2b702eeec5a510a29
SHA256 e3a0a0c72a957132da0cce60fb2528c255dbc3a7867add64e0f4266ad1d6f218
SHA512 94dd6365207ec01e28532c1c1ffd366637c838d49eea517c0b61fdf369fc366de8449281609de0be19062920a0b9ff1bc803358e98a106f9f73c1404fa0bb31e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1b5c48d42b96d6d074960064ff7e6ceb
SHA1 87c9ce753a187396a01edacd7e4a346785ac50b3
SHA256 21ce19536f992d9e8afaddaf91b06df5ea7a7ba6038c5d64688148a208c738da
SHA512 ce7763cfb7965e22f3d63499149ab377d2e81a76cc35f26ddcaf4c0f45da319ec6a8b39e24aa377a1295292029e2d7fd613676d909cedc1c3a8c2995959731b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc8ad49ecc291e332e5daab1e3b7cdab
SHA1 df0f50d413bf41e2b1812da424cfd2bccb654a49
SHA256 e7098f6dfb1501748a926dd902ed22d7bf0a6494597ffdce122878957ded6b6b
SHA512 07dac810192383e1e02a11dd7cc38ebc545ea058502db8c36d69c06eb3a5fa584adc5928e37a50eb8c72f204a24f658c4a03d0dc8ff9465a4f6324e8be31e00b

C:\Users\Admin\Downloads\Quasar.v1.4.1.zip

MD5 13aa4bf4f5ed1ac503c69470b1ede5c1
SHA1 c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA256 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512 767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b7976c8f82a12fd527de26a9f00a0a4e
SHA1 9949015f1488f8ced13b9a1a5bb021fed681e1ce
SHA256 acc44af8a0ad6f128c289dc668357d4859193db24e449bb10ba1c158f8b66104
SHA512 3128fd2f96dec140e788886fcfc972ca8c5ab3134f15fe4dc3ad857786e0e898e8818633dc5456eab98c2234f9140cda2dd2bd623b03d25d9a649b8c356385e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba6fdaa26275a02c502db9f1c2165f41
SHA1 c1a2835f7bc9fb2952ed6f9d8ef9e1e6dad74679
SHA256 e58e9f117e42b18685de5e12041834807d9210a7d53fdf392f298747be324e43
SHA512 0d61b1e2d8c0e3425eb493e86d1e885d247b59f168f30a96e67475fb83d11107912d7175abfdab83c16367f8bba9cc7e510c8049d60b4ef392a9e9f39820a0ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a36a3e8796ed4129185ac039187f0652
SHA1 b397ba04fc3872b578648dc161da22aff71820a1
SHA256 7362afffd7bf4a1bed35c3659e9a9e017740f9abd613b5f8ef40b147864da05f
SHA512 47bf73e6a1cac56c8b659a3da1bc2c4f6ec01f3005c1da88fd7aeae7b1190eb80f546cf99e7cfd14254421f5ca2da7591734fa495bbbfbb3c2fc82d0d5c8e8eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3faea36ea9405658e67301c3c64a58df
SHA1 d6645337816737f3c9babc7d376c9c6962d1e601
SHA256 a53e8315c78016175f197450de5cc1bdc9b34ced4bca12897031ad21e8fd945e
SHA512 d7248fa24489f0144de978c63a397f25755f1af166961292d4263ee987d63daaeab865dee569d9737875ddb06c35687381d9c206094e8b48a700b0c724344337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b6c5b545f822ffa407b754fda059a680
SHA1 801d166ef94a2f247b080dc275a259c844d1f6bd
SHA256 326a738a80198977c3e95927603b7deda8273492a9581df982e91e5f6734ea50
SHA512 e0a6db322da4a7e0f612ef1920263f057d1867f52c832f11eaaedf08e9137cac640be09770f14ba5dc566988c3df9742362a59d1b4bf4e4d9b57b99611c26094

memory/2996-566-0x00000220CF6A0000-0x00000220CF7D8000-memory.dmp

memory/2996-567-0x00000220CFBD0000-0x00000220CFBE6000-memory.dmp

memory/2996-568-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

memory/2996-569-0x00000220D14E0000-0x00000220D14F0000-memory.dmp

memory/2996-570-0x00000220D14E0000-0x00000220D14F0000-memory.dmp

memory/2996-571-0x00000220D14E0000-0x00000220D14F0000-memory.dmp

memory/2996-572-0x00000220ECF40000-0x00000220ED26E000-memory.dmp

memory/2996-573-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

memory/2996-577-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

memory/3216-578-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

memory/3216-579-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

memory/3216-580-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

memory/3216-581-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

memory/3216-587-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

MD5 c67f2ba9ff375923ff9f967c6c50d24e
SHA1 3f9c60480f9a2b452194647e88717dd9a7377626
SHA256 a599b504cfe502a1925efda741afa283d9bfa270aa62f85ad7b1e9beb3c91609
SHA512 ea20e6408aba722d9497630efe84f129f6579ff719805c8fbbe7b6bf1888de0203d1c68b0f78a2a15ee428251425cd473d5baaae985ffb30551c58244c34adc7

memory/3216-604-0x00000176FAAE0000-0x00000176FAAF8000-memory.dmp

memory/3216-605-0x00000176FAD30000-0x00000176FAD80000-memory.dmp

memory/3216-606-0x00000176FB690000-0x00000176FB742000-memory.dmp

memory/3216-607-0x00000176FB5D0000-0x00000176FB61C000-memory.dmp

memory/3216-608-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

memory/3216-609-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

memory/3216-610-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

memory/3216-611-0x00000176F7D10000-0x00000176F7D20000-memory.dmp

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

MD5 974dd16df8c211da21a85a8e87259f7e
SHA1 83d7c063acdfd1aa5f266db4af03496f3b9b20c7
SHA256 3717ea0b89c1a37fd99d22dddf7ccd448cedf3bf88027f9eef76c8968b8292ac
SHA512 e22a6d250a1881e948e8c9606cddbd7489fd55956246475cdaf3260e9eff76bba392faaef5702dc6eb659b9fde9fe596ad69af7773eff0a0381322af39c380bd

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

MD5 ef1e8d1a915b5c7ac5f47a6b2fe70583
SHA1 be20868a7f6e5e7c27be6d1f2bb9dae37c4abb53
SHA256 3d15ad3a96ab972a9130cd522c492c914aa1960c4a1bbc3acd59b70226996212
SHA512 45cf45e10617221b9f345f95710b3a2bbb8432799d531752e057f90934465e49bbdd930b4cef137395fb250324135ec034d266239f4b0063ecc792135b22db37

memory/3216-670-0x00007FF8024E0000-0x00007FF802FA1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f921deacd4aadfc57ccc8c1106a5f43d
SHA1 f0269013da565761c40753477efd01aba81627b0
SHA256 820f4ec228f1e95fb3596250960fac9120802466350ed5dd4aa563bfd61f30ad
SHA512 fe738df869398635eecccd5d5b2c5e8f6d328e73454faaf4fde8f08500369faff91546bafd4962b4e1be01bf11d24ee1915801db9582490a4e97e156a56a8816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 319fc2ee3abf5d92696509cab78de7a3
SHA1 c6d40626640a8cbe139b04093d99cc71ea042428
SHA256 9ce719bb86c365f73320ddbbd9b15142de4a4db24addcbabd3bee3eb1bb4f75d
SHA512 81069200c3cce4b6dfff5d4edb8df2b4732d737fd868f39aae19845b460d5823e02b7179f6d4232064b538a5ba20ca9658d15784b419abc3c660474d9d51e114

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 c6a28ea0ec00c71fa90087a2d311338a
SHA1 501e3d72c554894831d9766154b5404d6b82cdf4
SHA256 e6ce62b2eedd45ea2f85f9fdf9feb1b099544c58ebf555f56656fa565f6b358f
SHA512 33366ba8e14697e9011e0deb2b4014ae1b97d998b0e6f53fbad6981920b9e2d46515451893cbafa3aa343080575ff249f7814e2459a1398afcba58d8a0787a39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 df5222ebfc64c0b71d600fe0a21c3907
SHA1 c96b9d41aa98eff0debd5294c88ed7670cab6192
SHA256 67fa6698c93f87d460ab7ce1809a49d1f7eebbf4847c0538a24f8681e106fd07
SHA512 7a8f3933e628e01a3b6a1a43685b06da68a6a03b3981f76ebd733cfbee3626c3e001716fec166511e4a0eec566ef7d5c1ba47eb935c5d56e8ae9494605dfc2ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 8a7521356ea40cd0525ef86363185838
SHA1 dbbee265f1898297b68e7598f8ed6b6fafb938c5
SHA256 feb666a3ed7c5843b6d3fa21629584dbd3ced7f5cfd9b3ee9c4ab070195d2d14
SHA512 f8db68627fe5a42a31c082506f553cbd370bebd5667f5802e297297f81119195ca76d61238191ad02be969addf8219ace12c1326ff7160ea1305ff32d22f717d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 2665fea7d62ff709f57f2d94e3aeff74
SHA1 627ee3f9cd9b8a1d34bb2ba961f8a4b3eaa6419e
SHA256 c1eea45bd4a83d33c6e2ca75922403c84327067eadd15455cf9dec1c731060ca
SHA512 616e746b16592f8cf7c68cce7634cf5d69c7bc4e385697b56ed9f2204f09ad0dfe879e698b166dddce2d0a725b77f1f787d98c766baafe07352cb68bebe1c2fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 e44397f99eba53634478397bba9035b4
SHA1 aee08aa8b3d3177024992d0cea348eab743369e6
SHA256 c9c0313c319b3461cc05923632430992fe3637b7217d560995e0c2a9cd8ee2d6
SHA512 95ecbcd31a648c1cf318286cc8f968ecd425212d190efe1cb5c8b1d4d86ecadb28e4917e0812ac289a4decec6b5463acb22da4769e7bfc3dae280fe976d1a8cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 134137762075405075c246306f6bc245
SHA1 d91989d90d11bccdd07edd028712c0cebdebf257
SHA256 d667233865bab9de545fd9c4444df3b527859d8e71fa11971d6003d9f8bee7c9
SHA512 0e0c111dcdf0e77f08e9c637c00f50f772b6d001d28b3d82c6165d6c721f3cd50ad925d2510a340320d7af1d2d41d643d299ab4d1aa6a97b66073b20f9dea501

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 f1b2807a7bed05c091329684fafef512
SHA1 0547a04bd8bfbe7440a6a3ae7108564380e1f123
SHA256 44a7b4eea27bfed80186eb0dd39681de09369061fd0a764f6415ee2ba7a0d382
SHA512 2c98161272f8ac6a936e7ff49480e92924d9622fabc7ec859e087e7ed8ef8345e987acf351b55569970cd46aaa4161c59d976741225ed2ce0edcf3686a1c7d1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0f13d8fc079b2105c3d2d36ef3903cde
SHA1 241c045694faeab6cfcbb199aaeaa02d4ed87bc5
SHA256 56e2729409a4b1712f5caa058cda65888545a54e0f6403f2be5aee1b7a6b04b0
SHA512 d1938a6ad89229ff3bd2ae304afa17e6ae92a48d3d22a03a961cb6ce5269e1d95c4a81f5efb54fa1f56dd3aa908f83d00cd0fd8da3c53fbc1c5aa41dd5e83048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 405b147fefd860e61bab6d24d1821240
SHA1 dbfd2a6dcd8a29161e2e70256574f8d14b53f9cf
SHA256 fdf5f2cf498409240c4bec6ab7def9a598dc3ef178edae921e1a1156cc2cb1a1
SHA512 95eae11679f70a356fea5f748b0485fc03f427ffd92142d29362b7aba822e09f3cd3bd749e61108b020c462946f91cc3c6d4927e42770644a03aad23b69d0063

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 130251f6fc4dcd68c6fd45dc7c33bbfe
SHA1 92fbdbc2098dfb7a3a838302234f7703470d9f9f
SHA256 7510661410f4ff32bf80e65ee535eed51ff5ef61b80d9faf099f561aa06e9fad
SHA512 c98a921e2b905373bb659dfb668f2b38aa927cafdb136c9d1fabb70e165eb1e662489bf1204e571e8298d025698615ba13d2f2411de8dc7c50fc53000f29511f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 c5e7bb526beeedaf7ce2129ff4333fa3
SHA1 79da94f088c9e55e5b7ffaf5147c4c109d1a53a6
SHA256 ddba73042729fe2d1328b1ddf577bc84374fd8d03504893f905103c74fe2f92c
SHA512 012efa5edf60f4ded3bcc740558b398435692a6337c84bc016ce90baa156dd5b63f65aa9a6a734672d6898d4a65600bb9efcc3b421a84d398121083143355c22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 2f06d1f1cdbaade27962845afba96c9a
SHA1 da2837a03542948fccd61389cc303755bb8a3600
SHA256 3fd9f7d7e9994879e096385192d17f14787956ae2cadf1df71e25537cb563244
SHA512 1aa07ca7fd46d0bca95e4e0884562091b06803948160760cd499f02fbfd7df1f7324b77fe68cf08ebeb7a954868a6a514123ddef03bea4b31995e2a080f15ac0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 a78d8a277a17d1983e69c78c3d7b2575
SHA1 b099a101ba477827b5c08e05ce2a2dbd516f8c2b
SHA256 995399286ad575f9a20e112a15ad2b31b35bc928252c9fc199f7c24c7dc9e818
SHA512 167f04fdc73d2914c1f72a0c24f00993f4851afc81dc5ac6ea08b2d8d1cad7f4e0072375a7a8efd2b62cf9e2c3ca138eedee0970e2e92a765751a04d2a227ae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 03b7742aa4b55bf4e6878472c8389470
SHA1 f4b365f0f267950cfac438cb339a10ba90bc2137
SHA256 28ece82f58884eab6dfa4eb8d00a5e9a62a7f2797405f668b5b266386e075d44
SHA512 d4fca73118c632e2ec5d2104e3d6e523bd6c7aac6da1bc247811638252f7fd834390a2d0fd1a824e4210fde41a4abb2d89b381cbe327ac68726139eb385b8de5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 4fa9818f3b491d2e2545a1c6184ae513
SHA1 84e3cc0f3739edef8bc1ae0114e61c5709227f74
SHA256 7540484caf3b0a200c740cebf539fd9f50d54fe3c18ddeb5f053fbffc04ec8ea
SHA512 274dfa716ce55e84a2a8d5978658e042f8c889eabcff26e0efa0a652996993521836a9b2e436fb3b8d4da29d993ba531da29ac47f353103500449fecaaeec25c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 ff76f0cbd21ec49567cd22dbd6aaac64
SHA1 6ec5b15f2bc98370ea56fb608c6adc7c4de0c6ff
SHA256 81e9c4de41bd8cf564c844528edfce862f0897306e6ec854b680e3db8b179a69
SHA512 97a57c2b91cf8f11bc973ee6310f6e68899e7570f68bc0ff6468ed29846d8c45ece36ff2ffbcd6eb34d9960bc7ed16d0809c8eb4ac5a87d70012a05bcd647110

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 8d3233c38ccdf151f216c5eb2eaca08a
SHA1 52d8f0063924646e6e52aee1b271e99a98ef44ff
SHA256 721a7151bcfddf8d7ee1cd025b40b05f06c605f71d97f3c9b16b7bbb05b50aee
SHA512 9792ea5dc60c6d85acca31e1e3e92050466747b2b13b796bb11e86813413e7e87f5f7942b76eff28a0a78fc78e16de8ccb30b4996e767b1f07a23454b6ad3bdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 b217d0ed0a51e8fcbecad13dd718ef0d
SHA1 86314346ba40aeafbdab293d41def55381064272
SHA256 1b0418918a4de28af22699ffc6933db52f40f8ca1158a0feaaeef13d29f652c5
SHA512 7bb3904b518d534c5fb0972ea2a444a9b2e8003ea7356b91d06b134454c2fc625e59a1751aa1e6a546f0804b806fb23fd611226cee0a371b20a5851287f4e420

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 827abb8a49a5e55ff48533c8bf447ddf
SHA1 423eb89ae53ef2377ca800faf22160d6efd49b88
SHA256 46f59f3b4c54bd48eee4f71452e54dcc28543e4ccd9cc7a1826c9bb945dc54a0
SHA512 445908b25f8ec5b11754f39942307b89e8097345657fea66827c38d88a5c94d9dbfaf6b829a7e0ce161eb848541144e3b9201e7bc8c0009040e93d810991cdc4

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 faea0a493502da28d06bb7ed833edda6
SHA1 a6a5ca440e4f1524bd959f2c4341d8f089059cbe
SHA256 1fb0fee73a8cacace3ee150ffece7c24c1c208569fa40a98251d814a4fe2fa4f
SHA512 141434f133916a3563ee627ed58315393c5383b8ebb337d149a4b0c041d1cdaedf09126e08e58b1e651fe2d403ff3509744928f892a7edae89cdbadb2428c09d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 a655eb8caadc6149fc3988833bfce462
SHA1 bd34fdddd85201b13c72cd31cfa3e6d868af0315
SHA256 8b7905598332c694c4a15db50a0b4beb9f403f221a7c2d40743330b3643a841b
SHA512 4460a97032222d53ccaea504d9e4f124d36a442e25273aec36c8b30cbad2328057616f928f8e5f04cbcf16e6ec945858d4b24cf81562cfc32a872c6c4f179329

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 c6c444bd888cdb8a55bbdca14d4663ea
SHA1 09094da29984fc8a1d9215cd3106b9f1b6706eb8
SHA256 c4a1d52a73dba87c564fa611691e5a692daeb2ae64a68c471b8a7454e97860a5
SHA512 3a6880cef63dbc3331c61dc1a2d57dae5ce6f1dc07bb64a1ff138012c4c95c9d3420db0dd94992021c50dea5435fec87ff8c2491654e88eba74be1d4a8f9b8ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 cf52dd82fa7f5d925f8103baaf8a7a2e
SHA1 cfea8004bab37b42b6d087674cf8442e2235f65b
SHA256 4132cdb96def3824076fc134a4d9fbe3d1fec064518e40762de3738baf9c2695
SHA512 e219fbe32eddffb4990bd09bd548e3c3c50d5afc2d7d7110ab98fe4214be1f7dbd35c1e7b6b27c8dffe3f29e40835351f55ae6d2d72f80ffd3a9a66146cc9ce1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 5275079e9bd410b78103c90d8212944c
SHA1 29553f83e72110c6e9077266990e7483e44c5bc7
SHA256 1a6b1cd013e13c813c3f3a192980ecf3d72dcb017fb3b3e1853514980fe2d310
SHA512 f626a1777c88eb7237609b91901b9d77f5fc83ae03d94103145c737f20739ded8f30fad06d7c09a61e093c411906db4b2cd6c6b40fbd4d5e7d1b2071abb38864

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 1946874c4a2832e3142779c2954adb44
SHA1 032a9bf622565b3fb94305af3defdedf6408be6b
SHA256 fb63d6feb3f48cd9882493df3e5fcf8f512ee4e44ebbf9dec1fcc4f096113fcb
SHA512 787b34a5976d244ece201a65c1ddf23befae9a4537d0bb05b434a3791b1849f796752a8902b210898208010dd5eb57d7b8ceae64609147d528f650cd577dd636

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 8300f847e05400defe36f5c7670c327b
SHA1 b868b7dece09e961886fc0e86714026a189db3f1
SHA256 ed3b869254634ff46fb414c4d9d794b79b1011de2b4d98f15ec2914b8303efbf
SHA512 47c3ac5353c376201b4b000a518e0a6065fe2f4ccf7e9d4d50c4a44ab991e9346d8b3b0c769b91dafe409aee2c79cf67e7768a5986abb5c682e947b83359f4f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 e700dcee1be8197e9ce67d9e1962da91
SHA1 6f0fc76088d35cd3723af19eb0ca6fc8744f97ee
SHA256 5a7a65fa7b9b5a34c5c7f821cab10ec2470cf0758ef9f30d76d4acc6472a1541
SHA512 4e489502d7405941db058d6cf0ed130a5c12efedf1c6d6c5cb57b39258fa0f834f2aef4c87507cbbeae10f4b166926a1f6131e31c081a560b326f8e3fc2ba40c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 9d988f36de8d7279f04e9b4c65e5cc74
SHA1 09d2a5da6509dca3c215e4c1479a333e7443f756
SHA256 e8b3d92f9080fa32bc0646155d0a9b991c8af65a5f27375a529fb13c9af83372
SHA512 0e17a8b392e7696e52a8c6358a057932e65b3eda584f9cf8c0449b25acc2fbf1714d7360bfa39e4f4902e6239b86c78b65c65cccb5c98f6052942ced2a1c95ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 e65b29f9b179ad5865b21da9eedfcf59
SHA1 9bd82439e367e8c15f460fcf999d9da141bbcc41
SHA256 6d74e525e78b0e8954d53f031a891812329dab1e9ee848f3699e7ee480d12134
SHA512 42635ca86bc8bd7de5471c7014f09aa92902dc7bb0968ae70acc3cf13d3fdac8eaf8c7fc0b9b346e9f8f5574cf78c668d70744f9f04ed4d69be5892bdb9f2367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13356224898644269

MD5 4aff28fa5b30831678320ee917b87a05
SHA1 f6cc6c16830bca63bb67c1c7834966f78186afde
SHA256 e7f8dc7f2d4fc6b8c55b7677679154f534897cc0e8b2894cdb62f4417fbd65bb
SHA512 18da65c6daaeaf70fe9f3f44667400c21a998a0fa552e4bd40b8e8579dac04eb2ec66496beb1c49433112dbc3f2e95c10feae5460b1334621f5ddc0543adb896

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a8dc772879f13338b557d0a2d91403cc
SHA1 6a7418a096ed11f5747fd92bec5e5a5708da4a08
SHA256 106d191ff6435168ce0d38cf3cd781df602d079ce5b4d34502cf9093ba5fb05a
SHA512 886caa45536792663afac4507412c20cafec06c8ceb6ffc6cfb358166d6d4d368765e797768e5c52077ff22b61ce80a2ed0b4fe478171ea525cc156401375a0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1b5bcb1bd27b9713d7f55858ea001b9c
SHA1 9325bb6f16bfb72d3dc897b61f81af3780b8e6c6
SHA256 3a28ee2840fba700fae36b459aa746a235914388f2230a332f9676f971c54d7f
SHA512 5773a09537ce7bfae1218677959c7d1b76d06379ae1b04dfce444127cee66ce1615b64e96c4e48e649e7af8e5373c85846fa4c31d2474ee0e5b99b498406c405

C:\Users\Admin\Downloads\NjRat.0.7D.zip

MD5 6a4984809b0b295b75d8a52095a70f73
SHA1 5b7fd2737d6f7c5541c17704534f7602f7465b8d
SHA256 902576f7f90174513a45bc82796b82c9264a57c82c0c72b7c9bf11e7da6bba96
SHA512 f54954b82b36c57604960c020e5674e413ca61a61111290c1712036d1f00175f1263967c5ce3674c5d28e606d3c06013d0d331faba24a3a1d77bd38429f22a1d

C:\Users\Admin\Downloads\Unconfirmed 816095.crdownload

MD5 18b9e23e509ff221ebb1b8a0ce4bc82b
SHA1 bacab6a415515e94b3083c4f7ebda6a82e1d4c7f
SHA256 4b649c32035e383706673ffe6471d6c711989a206d6f96fdd905dda207a5f0cb
SHA512 26091095397f3b229439bb4838f3321de63b9084beab20391a3f85fa8038836d9d0a96a44c7de1d860b182d0b072e0c752494201eb50fd36444cfe742d310ca1

C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition.zip

MD5 5e9879dfb0eb64e734c28f514f208418
SHA1 0b5e8d1f6c777a07b6da9de781e7525d6c0b7562
SHA256 72029d0005d9b3130cdbdba3d6d6129a817f073b5eaedd79345729042e586a25
SHA512 df9017285c26e528765e89f70d148f5654dad3797839aff610e017d2afe30b55f3df54a46633ce9dc8de8b984ab3b38db6bcabbb8adf3fb561fa36c9fd383bea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f1ff6a5d182133589e95d9d7a4301f27
SHA1 a30bcc72b888aa80c9f9d789503885a4b59dae7e
SHA256 b6bd0fef18565a0596c6400e44f45da90f7d7e3de4708e9688ee67672b831962
SHA512 9c63e151d7d6cc27ebad265790aaa4016b89e3079fb4c46cac86223ef1768576aef5c0e84969bb5e6f05d99ebe352110c704a209ef296b198cd087cfd24fbc42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f0fc62cfa2d4cf4ac21e0feb889013e
SHA1 255084dd57363a606be7f33a4af871e5acf64fa9
SHA256 a63b99b590b3280b00535581175a45296bc0520dda97e56942aac4abd42e1a26
SHA512 2d2dae288e9d9660a6f0618b310f7e2fc4b6323d8ef50d11e6f8dd47f6df8ff2182bf950d5da843fc184fd3278672a883b4b4df1b35023eda5a1511188eb8bd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 752b3cf7365a767aef6fa012f657e7a3
SHA1 f6979ea148333a408a8863c3e7babdf32cfb3871
SHA256 7b7036f6f4076c945ea551bdc6d6243feaf43155ee20d5d1a0fa78077dffa5c9
SHA512 ef5cac4eb9b6f5d87e5bdc9b9760739554659103eaa0dd991e4626b51dfeee07c0b810ffdf2b4ba0eff5584fd89a2820b89a3a44ca9c4ed61e9cc40385c2a02a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 48f022f6decede7ec66fa7576689b92c
SHA1 e109fe751292c0edd78eba216aa00ced19c78874
SHA256 c40d63f68f506b0f047f377cb8188c98c3fe6c127ff4b0d130242fe3dbd23491
SHA512 770d550b5eb14d14e9ea8df5a8af7f4fc91aff8888e9361d3784ddfa4735c7a4a72ccfca9ff02b2ac2214c55f4378eeef47571c29015ea27cc6feebf37ce8fde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e97e995bea27393017a6dd8d350cd341
SHA1 60ce2737b68f102cce28537949193a5bcccebddf
SHA256 189ea017df7082ed9fe5bbf05f9de982dd69c0d909aa428f48bce4855a5caf86
SHA512 182c97a9b75fde8b64b41d2a57fa20fde5ad7d01c0aa54e2a7d8f1b106b4fb14945193a2f55cc9f29be1c6db10d100ce50f1302fda64f834db1f744d47fb7b88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fcccff7eee516fcf0e0ddcaf9b5bcedb
SHA1 cb60d4f1237f156d1dd07b9ab2c75646b5ff82c7
SHA256 b36aebbedd2e1153989d91b78fdc2465180c55f9800628272265838a0932d129
SHA512 a33eed5e4caa78f52074eb23196ee3d681d88e2b68a9b68cef62b5f55088075d68b850393b3bdf7f0e3a48cdf52ef00a0230496fdeac3103aaf3ba47d3fee1fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 3f4a15f73a2c38df14cfdba2d3382250
SHA1 1044b3bac6491b0f5669359cadd4b0dd94808260
SHA256 5445016a75267edcd8839419171f5ff187b5d33a5ffb5066654656fb6e4fe188
SHA512 90f1feb4433a38db4e91d50a4df52bce30c003726b10bf923cb09a633ef0d5dbd621bb30f331eb49a5d11d103979cfa324ad541d26c4faf4b444d3cf9b181d8b

memory/4580-1119-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/4580-1120-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/4580-1121-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1122-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1123-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1124-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1125-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/4580-1126-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/4580-1127-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1128-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1129-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1130-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1131-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1132-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1133-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/4580-1134-0x000000003CE40000-0x000000003CF40000-memory.dmp

memory/4580-1135-0x0000000001DD0000-0x0000000001DE0000-memory.dmp

memory/2956-1137-0x0000000000900000-0x0000000000910000-memory.dmp

memory/184-1145-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/184-1147-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/184-1159-0x0000000001C20000-0x0000000001C30000-memory.dmp

memory/4580-1160-0x000000003CE40000-0x000000003CF40000-memory.dmp

memory/184-1170-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/4580-1171-0x000000003CE40000-0x000000003CF40000-memory.dmp

memory/2308-1172-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/2308-1173-0x0000000001620000-0x0000000001630000-memory.dmp

memory/4580-1175-0x000000003CE40000-0x000000003CF40000-memory.dmp

memory/1704-1176-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/1704-1177-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/1704-1178-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

memory/1704-1179-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

memory/1704-1180-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/1704-1181-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/1704-1182-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

memory/1704-1183-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

memory/1704-1184-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

memory/1704-1185-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

memory/4512-1187-0x0000000001170000-0x0000000001180000-memory.dmp

memory/4512-1186-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/4512-1188-0x0000000074CF0000-0x00000000752A1000-memory.dmp

memory/4512-1189-0x0000000001170000-0x0000000001180000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\560d3e94-607a-49d9-ad6f-2c725745959b.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a4f8b1f2f9fb6536c7354509fbf35948
SHA1 6c2e6476b1bb8b451312006755f6ef1bf647e083
SHA256 146fd5fbf625d3e9f3899725231fe6369ed2985d3d7934b1cc39aa6a7a760bfe
SHA512 24cb003b78f6f046c75fd4e2d86bb38f0f0bb1c5df994e4e507d97d18c5e8c1f9fcec731f60c6b7a967458828197fc54014b70e902330965a52852f643ca5757

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4e684cc146836cc222acd6925e1b0a8
SHA1 b571de7d5ebc4e1dd1ea2cc87e31dc5aff591197
SHA256 5dd3beb7ddc06b0ec91daccd3e4937ec7a7c0284accada92d197a5e61e87d219
SHA512 71d8c57f9fb0c7530444af16aad441eeb387875b05ca41372fa7bb7b65084e484eb72952c09b6a442573b376d287b4726ba9d66a1c86729a8c70205acf5fea40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b51c75c0b9ad2c09777687ca5e7a7c85
SHA1 28dde6fcc2b0c6ec6104d515a6732f2ab3bca708
SHA256 ad4d0c4a9d53bf931a44e071ffd41c18504fadcdf80b962c3df76909d371616f
SHA512 13208282f7567f3db575edf049860958b67915debacf8ea112e0179adefff6242b45e3316437f638c86de50492ef8e8333a4bcb730e2896d275133fdbb97b394

C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition.zip

MD5 de0724e9b662c97a8131d593ae03e1e8
SHA1 2367807d0405ef6d7cef00f0b145c29823dd5128
SHA256 aac5b302910be9b2c904f039129d3c42eb1e4b1539ef6de621669793a95c7e69
SHA512 753baf929259237f987d1c8251c13a2d0c72ec34c332b1c103ea501c5ce68628d41092d404ff02b7c58709fb51c266489a96453e502533c2804a884446c18e64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 59c2b2c7eb335b6e0932a5c7b7c8330d
SHA1 f96c1448eb0a5171762bc375b78a0b7acc572b47
SHA256 5634b8c3459a8498045a531537eeebf524fcaa0e47901b003c9abb22161e005e
SHA512 ec4e777072c3f6161d9f54682d0603050ab017d35d92d7c3368ab626a5e8a99235b2dc749e0ebb6979477bfe8a2d93042a202ec9052cadfda7379319bd922f26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 06949332afc9f24d8bc890e7bd91504e
SHA1 099150626413889dbd228011ef3973b443fd6aae
SHA256 1502e107bf95f9462d89d8bd964ad52c4f7c5201009c5c03260c3ae8c2518ece
SHA512 295d5978dc30653418d26970c0b2a7a94751233fd1e2e67a201886459eb37aae0b7e1a9694b8ded3f988dcd02d3fc01958200664fd38fecb148f79e2d6ed950b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 32ea72892a3e601e8dd6311cff6f4957
SHA1 ace8da6e9ceb1f057b0ea58877d01e932615a583
SHA256 343e7cf1115519e71188e385bcbc1a1c90802c19f86b78fcd2187ade339e204f
SHA512 0cd1e3cc0089ffc4bed43e3a0d76a50620ac0f64ef0b99eca7e770b8d794c863f05b17e9ab71807ab26dc0dcae5a43ac8b40b11a06ff7f998b92d0d26d55e022

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 867e5d16e35784cfc71f86d6cc86b2ab
SHA1 f800e45b48292946d14794508c8f6bd3bffa6152
SHA256 8650a905c51051d47c8d5b3a2c05086bd8bc2b0e66cbaf71be13480ac0ad932a
SHA512 457e2d44510f892e3b7eb3d6c757815d784541b71691b6e3ea071981cf3571955014fd062dcd6a78f3cf00f5c9f1ceeb557a6c232d2eaf3ad686793b8c80bfe5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f40232f580cabc8d58118b6f478f313
SHA1 701a6062168fae842198a2c636bf2f990f3aff46
SHA256 a022cf0f373c017d564e3a0bd1f0eb0f637641c7dbb0f6f6732427af761b206b
SHA512 e06db384ebb432156438fbd0ae9a10ff318710a9d36cd5fad82d5e9f5ae4158ed63cc4925184c7c3c46f44928d99b6fdea0bde229592f847030c7339beb8fd9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a9a133ed5bf91f2199fa4666e584be29
SHA1 fe856876d3a782885e8098f5ed7413dc87ba4e81
SHA256 370718b51b5196926f235290bf95f110e8011bad0413212cbf05acdf23988fbf
SHA512 5ea76dd309c83248ffad4978ac1409af1a1ecd217c5212bfe2bed006850ef6238963b07d15f4bbbaffffa703c3b464034be73ca44f2f064a05e14297b9d6e56a