hxxps://github[.]com/pepeleaks/Zer0Day2-RAT-1[.]8-src

Analysis

max time kernel
679s
max time network
646s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21-11-2024 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pepeleaks/Zer0Day2-RAT-1.8-src

Score

7^/10

discovery phishing pyinstaller

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Zer0Day2.exebinder.exebinder.exebinder.exeZer0Day2.exeZer0Day2.exeZer0Day2.exeZer0Day2.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	Zer0Day2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	binder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	binder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	binder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	Zer0Day2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	Zer0Day2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	Zer0Day2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	Zer0Day2.exe

Executes dropped EXE 23 IoCs

Processes:

Zer0Day2.exeZer0Day2.exeZer0Day2.exeZer0Day2.execl.execl.exeZer0Day2.exeZer0Day2.exeZer0Day2.exeZer0Day2.exe123.exe123.exebinder.exebinder.exebinder.exebinder.execl.execl.exebinder.exebinder.exebinder.exebinder.exe123_SuperBooProtector.exe

pid	process
6136	Zer0Day2.exe
5392	Zer0Day2.exe
5372	Zer0Day2.exe
3212	Zer0Day2.exe
1120	cl.exe
6068	cl.exe
1424	Zer0Day2.exe
5156	Zer0Day2.exe
4312	Zer0Day2.exe
4948	Zer0Day2.exe
2328	123.exe
4276	123.exe
4084	binder.exe
2328	binder.exe
4328	binder.exe
5572	binder.exe
4236	cl.exe
5712	cl.exe
1556	binder.exe
4632	binder.exe
4260	binder.exe
4316	binder.exe
5704	123_SuperBooProtector.exe

Loads dropped DLL 61 IoCs

Processes:

Zer0Day2.exeZer0Day2.exeZer0Day2.exeZer0Day2.execl.exeZer0Day2.exeZer0Day2.exeZer0Day2.exeZer0Day2.exebinder.exebinder.exebinder.exebinder.execl.exebinder.exebinder.exebinder.exe

pid	process
6136	Zer0Day2.exe
5392	Zer0Day2.exe
5372	Zer0Day2.exe
3212	Zer0Day2.exe
5392	Zer0Day2.exe
5392	Zer0Day2.exe
5392	Zer0Day2.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
6068	cl.exe
1424	Zer0Day2.exe
5156	Zer0Day2.exe
4312	Zer0Day2.exe
4948	Zer0Day2.exe
4084	binder.exe
2328	binder.exe
4328	binder.exe
5572	binder.exe
2328	binder.exe
2328	binder.exe
2328	binder.exe
2328	binder.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
5712	cl.exe
1556	binder.exe
4260	binder.exe
4260	binder.exe
4260	binder.exe
4260	binder.exe
4260	binder.exe
4316	binder.exe
4316	binder.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241121135826.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\a0c0af36-40e0-44f8-b407-020b16e1c85e.tmp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 2 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\7zECBCABF1D\Zer0Day2 Binder\app\resources\app\Backend\cl.exe	pyinstaller
C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app\Backend\binder.exe	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

1240 2328 WerFault.exe 123.exe
2220 4276 WerFault.exe 123.exe
1852 5704 WerFault.exe 123_SuperBooProtector.exe

pid	pid_target	process	target process
1240	2328	WerFault.exe	123.exe
2220	4276	WerFault.exe	123.exe
1852	5704	WerFault.exe	123_SuperBooProtector.exe

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

123.exeSuperBoo Protector-cracked.exeDllHost.exe123_SuperBooProtector.exeFreeMasonryCrypter.execsc.execvtres.exe123.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SuperBoo Protector-cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	123_SuperBooProtector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreeMasonryCrypter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	123.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

SuperBoo Protector-cracked.exemsedge.exeFreeMasonryCrypter.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	SuperBoo Protector-cracked.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	FreeMasonryCrypter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SuperBoo Protector-cracked.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	SuperBoo Protector-cracked.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	FreeMasonryCrypter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	FreeMasonryCrypter.exe

Modifies registry class 64 IoCs

Processes:

FreeMasonryCrypter.exebinder.exeSuperBoo Protector-cracked.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	FreeMasonryCrypter.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	FreeMasonryCrypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\25\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	SuperBoo Protector-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\25\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	SuperBoo Protector-cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	FreeMasonryCrypter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	binder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202	binder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	FreeMasonryCrypter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	FreeMasonryCrypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\2\0\NodeSlot = "17"	binder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	binder.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\25\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	SuperBoo Protector-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	FreeMasonryCrypter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	FreeMasonryCrypter.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\2\0	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	binder.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	binder.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	binder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	binder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202020202020202	SuperBoo Protector-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	SuperBoo Protector-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	binder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	binder.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	FreeMasonryCrypter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\2\0\MRUListEx = ffffffff	binder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 000000000200000001000000ffffffff	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	FreeMasonryCrypter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 020000000100000000000000ffffffff	binder.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell	binder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	FreeMasonryCrypter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	FreeMasonryCrypter.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	FreeMasonryCrypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	FreeMasonryCrypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	FreeMasonryCrypter.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	SuperBoo Protector-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SuperBoo Protector-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	SuperBoo Protector-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1	FreeMasonryCrypter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	FreeMasonryCrypter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	binder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e80922b16d365937a46956b92703aca08af0000	SuperBoo Protector-cracked.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	binder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	SuperBoo Protector-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	SuperBoo Protector-cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 0100000000000000ffffffff	FreeMasonryCrypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	FreeMasonryCrypter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	FreeMasonryCrypter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	FreeMasonryCrypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	FreeMasonryCrypter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	FreeMasonryCrypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\3\NodeSlot = "19"	binder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	binder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\25\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	SuperBoo Protector-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	FreeMasonryCrypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	FreeMasonryCrypter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	binder.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Zer0Day2.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Zer0Day2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Zer0Day2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Zer0Day2.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exeZer0Day2.exeZer0Day2.exeWMIC.exeWMIC.exeWMIC.exeWMIC.exeWMIC.exeWMIC.exeWMIC.exeWMIC.exeWMIC.exeZer0Day2.exeZer0Day2.exemsedge.exeZer0Day2.exeZer0Day2.exemsedge.exe

pid	process
748	msedge.exe
748	msedge.exe
3404	msedge.exe
3404	msedge.exe
1932	identity_helper.exe
1932	identity_helper.exe
6076	msedge.exe
6076	msedge.exe
3212	Zer0Day2.exe
3212	Zer0Day2.exe
5372	Zer0Day2.exe
5372	Zer0Day2.exe
5080	WMIC.exe
5080	WMIC.exe
5080	WMIC.exe
5080	WMIC.exe
400	WMIC.exe
400	WMIC.exe
400	WMIC.exe
400	WMIC.exe
3296	WMIC.exe
3296	WMIC.exe
3296	WMIC.exe
3296	WMIC.exe
472	WMIC.exe
472	WMIC.exe
472	WMIC.exe
472	WMIC.exe
4236	WMIC.exe
4236	WMIC.exe
4236	WMIC.exe
4236	WMIC.exe
5440	WMIC.exe
5440	WMIC.exe
5440	WMIC.exe
5440	WMIC.exe
384	WMIC.exe
384	WMIC.exe
384	WMIC.exe
384	WMIC.exe
3628	WMIC.exe
3628	WMIC.exe
3628	WMIC.exe
3628	WMIC.exe
4892	WMIC.exe
4892	WMIC.exe
4892	WMIC.exe
4892	WMIC.exe
1424	Zer0Day2.exe
1424	Zer0Day2.exe
5156	Zer0Day2.exe
5156	Zer0Day2.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
4312	Zer0Day2.exe
4312	Zer0Day2.exe
4948	Zer0Day2.exe
4948	Zer0Day2.exe
4948	Zer0Day2.exe
4948	Zer0Day2.exe
4444	msedge.exe
4444	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

Processes:

7zFM.exeFreeMasonryCrypter.exe7zFM.exebinder.exeSuperBoo Protector-cracked.exe

pid process

5128 7zFM.exe
3716 FreeMasonryCrypter.exe
3260 7zFM.exe
4084 binder.exe
1160 SuperBoo Protector-cracked.exe

pid	process
5128	7zFM.exe
3716	FreeMasonryCrypter.exe
3260	7zFM.exe
4084	binder.exe
1160	SuperBoo Protector-cracked.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exeWMIC.exeWMIC.exe

description	pid	process
Token: SeRestorePrivilege	5128	7zFM.exe
Token: 35	5128	7zFM.exe
Token: SeSecurityPrivilege	5128	7zFM.exe
Token: SeIncreaseQuotaPrivilege	5080	WMIC.exe
Token: SeSecurityPrivilege	5080	WMIC.exe
Token: SeTakeOwnershipPrivilege	5080	WMIC.exe
Token: SeLoadDriverPrivilege	5080	WMIC.exe
Token: SeSystemProfilePrivilege	5080	WMIC.exe
Token: SeSystemtimePrivilege	5080	WMIC.exe
Token: SeProfSingleProcessPrivilege	5080	WMIC.exe
Token: SeIncBasePriorityPrivilege	5080	WMIC.exe
Token: SeCreatePagefilePrivilege	5080	WMIC.exe
Token: SeBackupPrivilege	5080	WMIC.exe
Token: SeRestorePrivilege	5080	WMIC.exe
Token: SeShutdownPrivilege	5080	WMIC.exe
Token: SeDebugPrivilege	5080	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5080	WMIC.exe
Token: SeRemoteShutdownPrivilege	5080	WMIC.exe
Token: SeUndockPrivilege	5080	WMIC.exe
Token: SeManageVolumePrivilege	5080	WMIC.exe
Token: 33	5080	WMIC.exe
Token: 34	5080	WMIC.exe
Token: 35	5080	WMIC.exe
Token: 36	5080	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5080	WMIC.exe
Token: SeSecurityPrivilege	5080	WMIC.exe
Token: SeTakeOwnershipPrivilege	5080	WMIC.exe
Token: SeLoadDriverPrivilege	5080	WMIC.exe
Token: SeSystemProfilePrivilege	5080	WMIC.exe
Token: SeSystemtimePrivilege	5080	WMIC.exe
Token: SeProfSingleProcessPrivilege	5080	WMIC.exe
Token: SeIncBasePriorityPrivilege	5080	WMIC.exe
Token: SeCreatePagefilePrivilege	5080	WMIC.exe
Token: SeBackupPrivilege	5080	WMIC.exe
Token: SeRestorePrivilege	5080	WMIC.exe
Token: SeShutdownPrivilege	5080	WMIC.exe
Token: SeDebugPrivilege	5080	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5080	WMIC.exe
Token: SeRemoteShutdownPrivilege	5080	WMIC.exe
Token: SeUndockPrivilege	5080	WMIC.exe
Token: SeManageVolumePrivilege	5080	WMIC.exe
Token: 33	5080	WMIC.exe
Token: 34	5080	WMIC.exe
Token: 35	5080	WMIC.exe
Token: 36	5080	WMIC.exe
Token: SeIncreaseQuotaPrivilege	400	WMIC.exe
Token: SeSecurityPrivilege	400	WMIC.exe
Token: SeTakeOwnershipPrivilege	400	WMIC.exe
Token: SeLoadDriverPrivilege	400	WMIC.exe
Token: SeSystemProfilePrivilege	400	WMIC.exe
Token: SeSystemtimePrivilege	400	WMIC.exe
Token: SeProfSingleProcessPrivilege	400	WMIC.exe
Token: SeIncBasePriorityPrivilege	400	WMIC.exe
Token: SeCreatePagefilePrivilege	400	WMIC.exe
Token: SeBackupPrivilege	400	WMIC.exe
Token: SeRestorePrivilege	400	WMIC.exe
Token: SeShutdownPrivilege	400	WMIC.exe
Token: SeDebugPrivilege	400	WMIC.exe
Token: SeSystemEnvironmentPrivilege	400	WMIC.exe
Token: SeRemoteShutdownPrivilege	400	WMIC.exe
Token: SeUndockPrivilege	400	WMIC.exe
Token: SeManageVolumePrivilege	400	WMIC.exe
Token: 33	400	WMIC.exe
Token: 34	400	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exebinder.exe

pid	process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

Processes:

OpenWith.exeFreeMasonryCrypter.exeOpenWith.exebinder.exeSuperBoo Protector-cracked.exe

pid	process
5568	OpenWith.exe
3716	FreeMasonryCrypter.exe
3716	FreeMasonryCrypter.exe
3504	OpenWith.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
4084	binder.exe
1160	SuperBoo Protector-cracked.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3404 wrote to memory of 1956	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 1956	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 3636	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 748	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 748	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe
PID 3404 wrote to memory of 2384	3404	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/pepeleaks/Zer0Day2-RAT-1.8-src
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x44,0x7ffac0ca46f8,0x7ffac0ca4708,0x7ffac0ca4718
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4636
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff695765460,0x7ff695765470,0x7ff695765480
    3⤵
    PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095971892327912562,14105774749462851506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5028

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5568

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\Zer0Day2 Rat.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:5128

C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe
"C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:6136
- C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe
  "C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe" --type=gpu-process --field-trial-handle=1656,17630963889324419778,12918938484854171679,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1664 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5392
- C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe
  "C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1656,17630963889324419778,12918938484854171679,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:5372
- C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe
  "C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe" --type=renderer --field-trial-handle=1656,17630963889324419778,12918938484854171679,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- - C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\Backend\cl.exe
    C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\Backend\cl.exe --username 123 --password 123
    3⤵
    - Executes dropped EXE
    PID:1120
  - - C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\Backend\cl.exe
      C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\Backend\cl.exe --username 123 --password 123
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6068
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC BIOS GET SERIALNUMBER"
        5⤵
        
        PID:6092
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC BIOS GET SERIALNUMBER
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5080
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MODEL"
        5⤵
        
        PID:900
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MODEL
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:400
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MANUFACTURER"
        5⤵
        
        PID:4944
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MANUFACTURER
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3296
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC BIOS GET SERIALNUMBER"
        5⤵
        
        PID:5400
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC BIOS GET SERIALNUMBER
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:472
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MODEL"
        5⤵
        
        PID:2400
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MODEL
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4236
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MANUFACTURER"
        5⤵
        
        PID:5428
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MANUFACTURER
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5440
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC BIOS GET SERIALNUMBER"
        5⤵
        
        PID:5480
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC BIOS GET SERIALNUMBER
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:384
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MODEL"
        5⤵
        
        PID:1660
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MODEL
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3628
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MANUFACTURER"
        5⤵
        
        PID:228
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MANUFACTURER
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4892
- C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe
  "C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe" --type=renderer --field-trial-handle=1656,17630963889324419778,12918938484854171679,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe
  "C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe" --type=renderer --field-trial-handle=1656,17630963889324419778,12918938484854171679,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5156
- C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe
  "C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe" --type=renderer --field-trial-handle=1656,17630963889324419778,12918938484854171679,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2788 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe
  "C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe" --type=gpu-process --field-trial-handle=1656,17630963889324419778,12918938484854171679,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2340 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5480

C:\Users\Admin\Desktop\FreeMasonryCrypter-src-main\FreeMasonryCrypter.exe
"C:\Users\Admin\Desktop\FreeMasonryCrypter-src-main\FreeMasonryCrypter.exe"
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3716
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kow1d21m\kow1d21m.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:780
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES41E.tmp" "c:\Users\Admin\Desktop\CSCF155A92CDF7444F8BDCD37E076AD6D3.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3264

C:\Users\Admin\Desktop\123.exe
"C:\Users\Admin\Desktop\123.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 1140
  2⤵
  - Program crash
  PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2328 -ip 2328
1⤵
PID:4992

C:\Users\Admin\Desktop\123.exe
"C:\Users\Admin\Desktop\123.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4276
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 1112
  2⤵
  - Program crash
  PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4276 -ip 4276
1⤵
PID:3096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3504

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Zer0Day2-Binder-1.2-src-main\Zer0Day2 Binder.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:3260

C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe
"C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4084
- C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe
  "C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\binder" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1768,i,7530709702296380266,8936339540632652130,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2328
- C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe
  "C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\binder" --mojo-platform-channel-handle=2064 --field-trial-handle=1768,i,7530709702296380266,8936339540632652130,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4328
- C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe
  "C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\binder" --app-path="C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2488 --field-trial-handle=1768,i,7530709702296380266,8936339540632652130,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5572
- - C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app\Backend\cl.exe
    "C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app\Backend\cl.exe" --username 123 --password 123
    3⤵
    - Executes dropped EXE
    PID:4236
  - - C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app\Backend\cl.exe
      "C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app\Backend\cl.exe" --username 123 --password 123
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5712
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC BIOS GET SERIALNUMBER"
        5⤵
        
        PID:5532
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC BIOS GET SERIALNUMBER
        6⤵
        
        PID:5240
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MODEL"
        5⤵
        
        PID:3960
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MODEL
        6⤵
        
        PID:3540
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MANUFACTURER"
        5⤵
        
        PID:4672
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MANUFACTURER
        6⤵
        
        PID:1620
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC BIOS GET SERIALNUMBER"
        5⤵
        
        PID:5392
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC BIOS GET SERIALNUMBER
        6⤵
        
        PID:4632
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MODEL"
        5⤵
        
        PID:5084
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MODEL
        6⤵
        
        PID:2676
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MANUFACTURER"
        5⤵
        
        PID:6064
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MANUFACTURER
        6⤵
        
        PID:1524
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC BIOS GET SERIALNUMBER"
        5⤵
        
        PID:5276
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC BIOS GET SERIALNUMBER
        6⤵
        
        PID:5576
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MODEL"
        5⤵
        
        PID:3548
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MODEL
        6⤵
        
        PID:4228
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MANUFACTURER"
        5⤵
        
        PID:6060
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MANUFACTURER
        6⤵
        
        PID:4036
- C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe
  "C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\binder" --app-path="C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3352 --field-trial-handle=1768,i,7530709702296380266,8936339540632652130,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1556
- - C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app\Backend\binder.exe
    "C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app\Backend\binder.exe" --file1 C:\Users\Admin\Desktop\FreeMasonryCrypter-src-main\FreeMasonryCrypter.exe --file2 C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe --outputBaseName 123 --icon C:\Users\Admin\Desktop\nogga.ico --isWin true --pyVar py
    3⤵
    - Executes dropped EXE
    PID:4632
  - - C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app\Backend\binder.exe
      "C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app\Backend\binder.exe" --file1 C:\Users\Admin\Desktop\FreeMasonryCrypter-src-main\FreeMasonryCrypter.exe --file2 C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\Zer0Day2.exe --outputBaseName 123 --icon C:\Users\Admin\Desktop\nogga.ico --isWin true --pyVar py
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4260
- C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe
  "C:\Users\Admin\Desktop\Zer0Day2 Binder\app\binder.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-data-dir="C:\Users\Admin\AppData\Roaming\binder" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 --field-trial-handle=1768,i,7530709702296380266,8936339540632652130,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4316

C:\Users\Admin\Desktop\SuperBoo-Protector-cracked-main\SuperBoo Protector-cracked.exe
"C:\Users\Admin\Desktop\SuperBoo-Protector-cracked-main\SuperBoo Protector-cracked.exe"
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pepeleaks.github.io/
  2⤵
  PID:2568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffac0ca46f8,0x7ffac0ca4708,0x7ffac0ca4718
    3⤵
    PID:3816

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:716

C:\Users\Admin\Desktop\SuperBooProtector\123_SuperBooProtector.exe
"C:\Users\Admin\Desktop\SuperBooProtector\123_SuperBooProtector.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 828
  2⤵
  - Program crash
  PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5704 -ip 5704
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5d9c9a841c4d3c390d06a3cc8d508ae6

SHA1
052145bf6c75ab8d907fc83b33ef0af2173a313f

SHA256
915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d

SHA512
8243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0903db66b25c8761bafaf4584cc2538c

SHA1
14824b188d7a2cd2e2ff17fadb86638dfacb93d2

SHA256
fcdfe286ed1200c211ebf2aa2ae900ebb04f64f69a9e30a8c879088fb9a3daf2

SHA512
8780a9e4bdcdc3aa1de68521afc70b4e04699fa9a20d48c473966f7bba4050591711e07d4e0c5e3923a2006dd36897d2f1198f01aeab152fb58528ff4f05c8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e87625b4a77de67df5a963bf1f1b9f24

SHA1
727c79941debbd77b12d0a016164bae1dd3f127c

SHA256
07ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e

SHA512
000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
b701fd5ce841ce90ff569c641bf0cbfd

SHA1
923ef9dff528ad65b6f135828aa39340be591a9c

SHA256
26ac894bd46903e9b8d08bf85cf4c7795e88f7c9dd85717b7560e16acc007fe3

SHA512
67d8cbd5ca9334aa5c784bb73b2057d28e2a3687341cd62358b5c5211ba833e10909dada2069b49b0ef328c1a40d8e02b58d27385e3d944eacde240a4bcf2fde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
38KB

MD5
1806db26c5d614e263c1cefdbb1211b1

SHA1
412443dfdf346d3dc2d68e30cf717b402443f939

SHA256
5c191b166a2ad5f70572dea7fd656306623e3274a544d8e084a3c5f28b9acfa2

SHA512
43ffd45fafc2063328297193a992dea6e8d389943b3d39fb393e74d8bc64ffd50017be0978cc9b1c1e1242b88486e36d5b33840008e2482098c79814de4ab2fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
37KB

MD5
d34875fe1c47517f4081a1e2c5bc91f9

SHA1
204fed3cda5eea26388e139dd1600682e7665cf6

SHA256
aff6fc26fb0c69a279bdf9b32b4d2560cd47039470cca8248534daf8d0876186

SHA512
aa164260951708910e1cc3d83c17f2d176427dcbe53e1e13cb539d65317a1750bd1e482850049e9c126aa5e70fbdd72db13d50367b90c8b8b37f01a264ecb148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
17KB

MD5
aa9d4b0371cd9ae330d7b131493f54c5

SHA1
e83c2b6b6f023a6e00d18f0c9ed6b8ae9bab1459

SHA256
1ffe9b8b344a25a19f33e5900aadb00e53b8bf1a22210ab66c7b50bbcbea45a1

SHA512
337e27650c4b534683c8589dc4787eb9bcfecae020bcb1a507a1530b1fd7562ba8d185157e8af23b06e80cc70136f51bbc0fc0ac63e581e34e410c6d08d398e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
16KB

MD5
da4fb15960b623d2d1e45e712eab4e9e

SHA1
4daa448effcf03190d1a8b38b4cd377d8a1bf0b8

SHA256
04a50722e2d7f3138fb002ddfd8dab1b0bf44803960fae3dd1f336118d8940db

SHA512
05a0acdcee52bc0708da2ee4a1da468e07ae8ed525e0d4552f36fa9bd3f465d5f982e2d58f07cecfe78b0834003754f1d0adacdfac70b3b1bc2a85973e4f1ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
22KB

MD5
ef29bfb1387b586ae8255ea38b4dfac1

SHA1
9bf4210a476cc3e71cd86807d3bf43cf7fd552b9

SHA256
725ee295a00aee811955b7c9648e3f4cd0076d546c304e9d74ef78f61401b120

SHA512
198d95651bdb8161dba4eee700e392e37d80a5c34e6264e3bc141ca216597698c584e6461c0ac40c02c9359136bdea98e5d35dd846b2961724019048873a55d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
58KB

MD5
217871a0796256bc350183f26e31aa31

SHA1
cdc2d6a070a8f7c14c5ed894e6be498719c47f25

SHA256
386cd3c8b815278e62a698147f03c747a6b190c44e8afae55fc246767d88baf2

SHA512
059a7fa978a9ed8cd385c698177e9641abcfbef4601bc2e8aa3e484e2d5fb730af6686ecdb9167189627705123f217f5ed4007baadaf15a814c970cf4b564b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
38KB

MD5
f6c1297fae3fc10f55d4959d9dc771ce

SHA1
2df076464b94b7b06d771f3ef68e7a1403ec3d82

SHA256
9aa5a405e664c215a315b794668de2faf252ee0bc0694596d82a1c0e91564ae3

SHA512
d0d3e4a6fda2f9abb60d05befceaec9f1dec9d5dd4a31df5eeb94f0c1c545cfdbf70b862d0340a460e6d0cc62b8df16d3ea839683fa534c67030e70a181659db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
19KB

MD5
0b684c927d56c8f2a269fad2ce708bca

SHA1
b24881109b33ba68168308333840e1c7b03e7775

SHA256
0a1174c0168a1a056fc5a67ef229a4255b750131f9bfde84f8226f88a8f1f9fa

SHA512
68da39e77fde0e0e75a529e7452230230c99cebb61ac763d81136de4ee4b150442a076d96d0f9c4f431def094a225ec621b656c326e44e2b8e3d340278fba471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
101KB

MD5
9a861a6a772b86aaa2cc92e55adf3912

SHA1
85156e7eaf0d3bff66bd6119093610e8d9e8e5d2

SHA256
6e7cc83f3b23d5f48bafdd934321de60485eb8d9ced04c6299e07dc6bcbc0d1b

SHA512
b0a051e2e703227a55674fe235a97643ab1478af2384a5a974605cdd0e4ed79916d65e2adf61d19f59779da920699e74ac72cce05ec078f22f9b6678c5022a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
1e53408e78feddaa3dea2f0014d5dead

SHA1
3dbd20f4511465b8b18e4681ea24f9e0140307cf

SHA256
deb39cbf92259253ae2c5627f31489104612379e8d781a7b2bce775682c2d833

SHA512
601a7dd43d4e43ad479b4241d02652c5523b2bd900118bb2cfd579bfa451e96a6328723c61146ebc113e79c03bf718464504d43502836250fd6b3752e13d6467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
37KB

MD5
ca429d52eb942847aeefc853c4a26207

SHA1
6da56c997ec7eb0db3f2973d1c32c5e64ce3fed7

SHA256
15ea37e155765f7b68ceddc44e5889e03f5cda92f46461e409d55f1672dae576

SHA512
44563fdd00fb53d34995e692131985e64645bac6615d44bf5b84bbe38fec113238731ad24d9f908763da14d459c53cf071df5294e99d8815ac583def0e40d0be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
1024KB

MD5
01d99554d46c0492529d5001f817bfac

SHA1
02a263ba7700c6ef9130932520bf9e4acdb27d16

SHA256
5f7de05ab0417faa3e7cd9732a59441db0d7a05b2a421d717c1ddcd8d7b17a0c

SHA512
6ff2302a170ca01e99889bd6092845f4b6017d561a811cc268ad6d6bfcf117e4190bb5ff77a6124c84aa51866bce7217db88878155509a4f60a292204f3f123e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
2.6MB

MD5
277c927bc2e7a1a8bb6c2fba0910fe19

SHA1
0faa50b172942693fcf79702943a5b03cf9550e9

SHA256
0adb6afe6f60b030f1447249a28677ab16b52189cbbf36cef48fed22d3ca2776

SHA512
173ef5090df469611b5b744f9bdb47a9efe67d3b2807f1f84421c00bb13dbf1625af1def705519ef874e259fd8c2abcda0b6eddd86c8e77e885e840bc9a5e667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c2ca087b0d95fc8_0

Filesize
7KB

MD5
238580f2e43a3d13bd2fe864b15ae1b5

SHA1
9074bc177e349ac47c3b4db5637110a6fa743aef

SHA256
353da0ca6a622632951a1a52ce04ee775a202501d1ac9969d3658b67ad98652b

SHA512
33d6ca43ad2b516b921b50d55450bc6389290e0c93240d3d8908592168aa05fca363868084838cdcc20a4ed76b0ab9dc0538d14e4225fec164320b072b3af73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2847e26d26b11b3f_0

Filesize
1KB

MD5
9fc764e437d13941a92195872eed1817

SHA1
f0407609e246bd45b88239962a97be2517ee0a9c

SHA256
2572eff43ff4b4a71c2f6df40050bce3e0919688a46a58f3f4ea80bfc876d8e3

SHA512
aab53d171cc30780f837c821c47f4291c1d719a20edd340f6540890c23ac251bb40d5d73f9cd8214ff2b95cd9787d22f1d4bf6f7ff33fe65fdcd9ff62e0f0915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2884893817efcf39_0

Filesize
1KB

MD5
a16fd669ebbdff7942411f4b65256e26

SHA1
bf1faa328504bbada3e2dbd8f4adc5440a0f04b8

SHA256
bcb8827050883d06ba4f74dc379a8c62900b0d3d877563468be8d35497c2e0b1

SHA512
87f79da7acaefe2004e59f688c87c4eb59201171cf87a0a6f0f62e5d925c1a24413938cd82d9e31f3f644956b037f6801fc560ec478afe2e6e5744def14e6daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\495961e6a91a8ee0_0

Filesize
73KB

MD5
7eaee534bd9467ef65321eb931f91a6a

SHA1
3f069f0d3323509f15286dc60f93a63060aa97c9

SHA256
37b7e9a43cbb62d91b836436586cee86a37772d1dc0d334a6a129a34a007aac6

SHA512
2dc066d1506c584f21c6139d33d91bf21a4c29332a18e71f875815765a6cac9603a034582fb4a90df9e81b72d9e1c26b272ff27faaa692f0f33b9fc7f588f22e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63fe5347d1e9c95c_0

Filesize
1KB

MD5
7a41a51df6cac426e2a823a92e16a61d

SHA1
7abd0a622ac1b25eab4e79e2c1402a3f8ed6e3bb

SHA256
1d561357510f46fc32ed3d5bafa4a93275567af01f7d48aa108db261c5795f39

SHA512
8b84aa1a978e0a91944547bc0f00492133b1696a58ba6024ba5552ea091c2ac7ed8d4b5bf029932282050f62b5455eebe6c13b7fb2a2bb1b3f8e1424cc2caab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7da78d17f9ef47ce_0

Filesize
366B

MD5
7a76cbaec368c0c33801cddce4b35b5c

SHA1
e38b5636f3b47583cb7f31007d01ecc9cb910f3a

SHA256
ec84ed42f7e140eab69f166181dbaa05647e16b9c72e507288d05eab2e25cf3e

SHA512
c7a263116652188faef254c9cc8392e7aa0c822ccf174990686da9bfcec46463c6685330cef242939b04cfaf51ea1dbd3b219da79f42528b43c51682fabb7386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\975f984a3f0ac262_0

Filesize
8KB

MD5
20dda4c63a6b4ecd8ee10a01823a3f62

SHA1
4f1e29fb9514a818b38895b45ab9c95ac6a03f78

SHA256
6e223d34cb67718a77bf1da278cfd740e494a0ac8490745071accf156b6cfbf9

SHA512
8c7f8e41d3b77c4f0dea7cce4781a42c21893d0905f0f7c650c8d0734a2fcf022b1f52b37de1fdd284cb19154e845043cd4098f0dba1d0db4e64bc69150d5c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a3d983d057f91585_0

Filesize
2KB

MD5
7766c932f68d0dd26e3893ed2524671a

SHA1
b600203347da79af12eb2fc0d2eb10e7d89ec1b8

SHA256
2202320f751ddebbe726023eb38853bcaab223a78d3054fb58b1a1620a1f78c0

SHA512
0289fa9c1ea01cc43332703f6643c3e4236ac67ce9c1892653bf5de51782d0d8a5f23e9f69f02cd4b24f83d161241987f77eb4397673257cd00946e90defb017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa22ed8fc94af805_0

Filesize
11KB

MD5
7288bb408bded5fcec18bc9b74b44daf

SHA1
4c24ab5a8bf89fade998494dbcec38e502b0c151

SHA256
1159faff678e5a6a0dd5de62da8c6ea70893603901c2ca32ac12a51b6d7852db

SHA512
e1abe9b314e26b2b905f02b176849494255437326cbb797c9bf2fc2c370497891b41497abb9c0f2d576fdcf22dbd7692b433ea61d4a34dc16cb5acd1825aa221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab4927b351fa58f3_0

Filesize
1KB

MD5
5deed86fa028925d804407f36b75b79f

SHA1
940e1a8749adb4e6c87cba88304641a27d395d4e

SHA256
3f62ba4c8c70b8fda1048920bb3e81ef4f8da8d3a3f4483466783e1a9f391260

SHA512
0ab66337b838cded9d2d920290ebf1175c39d4eb313a9c9706255e02d55bca1b33e15b3da1437855bd2b94abd0d2442b4a97b5d15091c34bfe6d4f6de0d686cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad3da63b93fca116_0

Filesize
8KB

MD5
f7318422f08ad8f8349dc93095030790

SHA1
c4d4286d4126ccdf612bac4c6f9ff17d9d19c384

SHA256
2f3b6b7f95bd5d6bc6980ea151af5f7bdf89e90d421997c26c89f03f58f47979

SHA512
ebba24cd9a97cbeb8c8f2db26f686440e2cc92aea1f3f198becc7f92879e83e8848ef5df2d795944aca85bf453fc7105fd8276e5eabe04e56534eaaf7f1f8210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae7108eb825b27b9_0

Filesize
11KB

MD5
1a8b43d4a2c5996e1b7a93ed556389ae

SHA1
dd6ee53a2b0622322522eeff07999f02f234e4bc

SHA256
5c56a37fc10d911064ff13b693a9eaa4256c27b1aa60dda105a56767ce461bdd

SHA512
feef8cc889fc6a04860d6616d9541acc9b48e054b0b058483b085afb47359fb3df861ee388dec8d2a6ac584888e42e14b681b0f44f0166fc747a745a154a702e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4ba527aedd17fdf_0

Filesize
49KB

MD5
e2740143d66787eb0cea78d9c41bdc47

SHA1
aef7f4063ad37e28705ae498ad8139d888241e28

SHA256
06dd0b971fd9ff495c53aa6c1df5b965ab67523cbb4e612f0090647c98ff0674

SHA512
7c3cbf650f5e380b1dbdac2746fd4a6871b056f6f810a59b8fa7a5bded021a95266908ca7a44ad5f294dc561b8e7659f4f6fa0564b53ce97db1f0be3c48375b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

Filesize
34KB

MD5
6b13e03b2fc5e5c8099567947d39a2e5

SHA1
771aa89e61d8db3d80769566ea06768f7cc870d6

SHA256
ca36339ab8eb32407fdfade60410098d762c90f3aec38171236ab7d9352adcda

SHA512
feab173d86d6135d4484fec7d5e33e1f4bd9826007f9d29a47130a6b9703dbdb2d8951226624c8370aea7dde707339b0386aea6ff7cd57f7a6a239f6a50013f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf93877435dd915c_0

Filesize
5KB

MD5
d890c300d54e401e86791b79ed411445

SHA1
a87f77fe9dee00890db244e0e9b9f0ad8ea72e39

SHA256
ec84d95387e9c5c550f50587abcbb0ccab067d937cada8266fa920c0d138cba4

SHA512
706a274c1e7a2a96646e78216f1822ef2f551274114106800ae561f0d8aaa590b594e97512aca8eca8f132a2165b4836312ccf9ec8420d73d9493c284d922b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0

Filesize
1KB

MD5
512bc1d610e45b500f2f837666e4dd1a

SHA1
596ab460bab45f31cce6c5a6888638c94d87b731

SHA256
fc6ebc7fc3fbe78fb77849c4bff26ee94a50f1f63dbe00faf98e703d22395b44

SHA512
04fd05a603380ca7f3e4ef217a9c9f5010e2ece72b12d2ef77d2ea786d7d68fe4d10b1364dadd3aaf061bac3eb9ef0adfb262110b3e778c702738ff70e893273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0

Filesize
2KB

MD5
79add4d43e7afe93e0772c033bbff84a

SHA1
a041e45bc6de1b5de11ca104ae593ab433b7fe2d

SHA256
4c444099340ae2b099db2ee157c58c61fcd72862299dcc3329887493a5a2cd2c

SHA512
5c4e57d1cb889411af9771cab0def25b1c62e7b8ba410baedae3181571cc20ea1e974ec460aebcbce54b6436a7ce8c3852a9804b7001578384c8a60d0927a3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7db7a663f3d811f_0

Filesize
14KB

MD5
f313a96877a801862371eb3157d355e5

SHA1
869875c4ebd328efc09400cce841f21e32df5259

SHA256
4646c47b8745ad01bbab9dd846b43b45b2517993b6e95d553113a00b9c1d5cca

SHA512
13af853628cf99289efcf7f420b00bdc86c0c30512806c59b52bdc4c3a5fa23c7483065f51aaa3456666b5793a75641d12c6f2afe10eecb76963bce179d997b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb77cdbeca77f865_0

Filesize
3KB

MD5
a64b21c8d6461896076673d85e489083

SHA1
4e707269d07fddeea78d4aa5cf7488095d1f17ef

SHA256
5bd85816127ecc42c3131769372738474593a10c6e051df4b7b842ecff9c18c3

SHA512
d153270b2ae488e65cfd4f586d1e31ead91a6a56361d9fc9b02f7b12c3dcf09bef4241376eb5cb803062a0c749d464628d38e2a59b1429dcb35f1648f1a20505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
a22bde4b9087144a6d03f1dd4a5b80c2

SHA1
8054045e2d9f75d7ab3381ffc54abcb594d8c651

SHA256
1dc5c0a047e79d5f5bc14f7f96fd3024ff2a436ffb32692c3ff2df1cae24d0aa

SHA512
07594349b00ae06e5fe8fd4f3d515de90708cd34ed1d09f73adeca213028ea844cd27acbb12da289c76c8c36f2b5ca274915a72f6f783ae24b01a7286783afac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
31e41aa42d1d47797b384546a7c2d3b5

SHA1
a32fb3e0cfebdc787f5c2b0a3130996b37c27b83

SHA256
aab6e7281b526db25632ff4f437dba8817a9274fab6b6ffa582fc425bc96d0dc

SHA512
43d041662ceca21f08ec106f3107ac6c946c55214309416f620902e24a886dff4304714267efe2da0b0816d81a912d94e0048a4244ffdbb38abe42af0ef8f3b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7b0f46f245c84057f17b57d2fd217857

SHA1
3207863524546c4fc093365ecdfe9aed8c4d6189

SHA256
8b342df1d0a736f6e67e15111609774a65795699246dc6f976de700a7e95b085

SHA512
57d0300c7bb2a3f76966eb2a372391912842ddbaee5ecb08a3e1e102f5e8e67240283b469c3e97c0803de0a8e6fe447bc2a9d1f2aa4464d0be964f26b9adac2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
770364aa8353559969a56fd02d822843

SHA1
6c7051ae2e35cf2588c5d521c5c9e4a3ed2a146d

SHA256
3fa18e4085c9d78936538665bdb7a984483cb3c447cfd2f2a6274f3887eeacc1

SHA512
23260c89bc78eb51829d4194dbaeff92effc068981b0f8d9f10af10ff00d45deac2fa5844b352c893716ce61dedbc8ab1bb64e76eb7e5b959c5e1f648cddf0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b8aa1f4385c699f875ffcec0b6bfc65f

SHA1
ce7860c3a34892cf8f02733963b6d7762bd1ceb8

SHA256
f5118ee3553d85089173180f14afeee1502f9dea95b535c8c6b778d156313f9e

SHA512
84e35c3255dd2c1d440773cfaf76fc73775f99b1e2892252cdf7ffb9728d8e00f571195b3cac8ee228bfd31f15959b567d8c2ee9ab361a93dd86b75a816b5964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
070034d31df49f23fbafc7ff6a9af7aa

SHA1
e0ad975ceebe638b322ef829e55803753b6ce969

SHA256
682edf0ce6bff452614aa086497c10ef1f3c92f3a16ffcda7f14bf21aeaa7932

SHA512
c1baac96dc2fcdb28e4ea42db37a3f2205ea45dfcfdb7eaea54e590d549bedae9093079f4621ce4c8889d730df113630ee421bf5d342cc25920bdc5eb25886ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
920B

MD5
2353c15eaad09b27698365bf01440070

SHA1
85f05df58fd59a22d3e4320eff0fc6dd51aa1ed0

SHA256
0c0cd89d7f840a9d44ef4bbf9ad44451ad6896a48e25ba807bf3389d66c1c44d

SHA512
ace6cd7ed2b7876df1f32bf687316d7c8fdd271d25a06fcee1ed40e9ffaccfe6d06dac31633f1f83e6da651c36f32a63f6d3af4d271bc2774e462d641d2afbb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
6108235c8e7e23ac960f57799726e6f5

SHA1
cd05e5ee201d6ba413766efc0dbb2b959e70ea33

SHA256
267e8bc3c244221d4e8c469b063118e259e2176afd86357fe4a190d921a197e3

SHA512
2d9552105250952bd35184f2f1738f46a8e2e88d75160cf88c787b338c91ff4a7369b3665cda86069928a0bae2d87df9c1a7081b150026348659b0937d8aaed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a057fced097ffc7375c043a73703ded0

SHA1
0b8ba2036a9ed4672ba04dde09f68df1a1a22677

SHA256
da3cded81a3698b9d21b9ad4f39716c253b88a32709dce3a20a5179954aad6be

SHA512
eb8372566b2966f0e918454f63a4657ca16cad88efd4c2b0166e8c506031d58b93badd43fac2e404971d19aa3e7427b777bae7829b0e30a3ed73404b34e6ef11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3712b7d0e71591c626db9f9a7e603df3

SHA1
dc004434a2b5710ebcc78743b18bbd270465d4e4

SHA256
41778b9f1855ad497fab6a45faa497636f5f304d44dfbce19738d20cfbebd516

SHA512
1b0eb10d6c19b2db25a20d6f3801c3dbefe6e71bf2ee534467fc90450a0c1b176a4f08fe164eab8122a7067722539b3060d740a5629cd8a1f958d50775a1529a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
761f6347c2f20f5c2d6f47eec1c561a6

SHA1
f839f20bffab70a4ef98140047533291a4053fd8

SHA256
792401719f16a8bd484e5bee230168f0eb21010d0669f17732bcaca6edbc9fd1

SHA512
2015cef9c1a26f95b2f8a89dfecaff12097dd83d9692ee450f5a6b35e42f1a48c473ead08488b865eeee5f40d1819354f2d8c71b8bf40e2582f5429f29702b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0ecf530119c7b714392ea7e447758ba

SHA1
6be2dc8c90e3929e58e372132f7e522cdd79dc5b

SHA256
4019a933ed75f5d473a80ce32ffcf09d7f6eefb0f46cb7a5020dc0727cac3929

SHA512
fe2526f2e082f56dfcee66942ae9b4fc5167870cc1a040df7f3c37843ee30116416ce4b16a72f01c271eb1dc8b7a0b8bb3b669fc2054cdb17752463e0110f8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1a8f1de6c64395928d90e28f6ca27bc4

SHA1
a56425d313939e453ca372fd353558153e400ab7

SHA256
1176bb415b27877dcbfa30642f10992c576967140044fcc67ebf758e383336cf

SHA512
8119406cb03bfc872d9f7a1a3f6292e336a1d895e14ab7715c5e79d6416becf04f5b44984bf86705e40c6d333eb656783a88658b12c2326a1c3bc13d401767e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bed39390edb1fcf1ad8c32aa815018d

SHA1
de51cdf6ab3460bd576ee201bb0408b7f3325ec2

SHA256
7f93833d57665b7393847d022cbe3260f2768e0ea1be1986ed5a4c44b3e9ab26

SHA512
3c9ece4d3dfb788109995e1b66b88d99c187e5e3430d855be23641ae6dff4fde0a5ad5f23275a45ae9190ab15ad2d8f823109c9a6e5a0f3802ad58c20e0edfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b83a19c7f9bcdcdcf3f597d33b3fa375

SHA1
284cf7fcf98347c3eab99f318a00c194845b191b

SHA256
29bbeb5ef9d82f316af09edaebc06e37cd8a5313c18aed78da5d3d12b9c8d2a5

SHA512
3f2f388db605d7e81040d8e448b8fff98c6c6b687403c40e2054ae92d94d4083a305122a7aa24857495ac0d2613046cc2d1195b8d2f7761de8d5cb96bd8e52a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e11d9512e182c82c98d0fe10b594a3da

SHA1
2395a185acec8284da7ed79cb2eb56457c62de90

SHA256
48a4be84e000797ac6228566f08bc081ff91e10945d20cb84508d0c29203ca37

SHA512
4aee502d3ced2206513530b6205ce26b5e47c338cceb7730b4d8874338a637ca8b149be902ad2911dfdf103807e3b3218662481c2344f61e0d6cfe90faaca4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9560cae90065a6ae66fc6d3f210df344

SHA1
32f724b4f326b16f45f619cb3dfb312697dd0750

SHA256
3671ca188059effe926c9cf05b42b0f57c044e90042776bc3fe9912047bd4533

SHA512
feb868bd2d629036b7c78e116eddaa8097d230740564889f9b09ca80d71149e313140b5339382e2796f7d8903b39386a766c647fc32ff3da24efa081d2277936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44d0b189241d13e4707830ac3377e511

SHA1
51ae9e5a43272158a99abd3a2396703744e877e3

SHA256
fc31942cc28845ea5da7f059eec483a32b747f13278f3f869450131dfa16de55

SHA512
22562aefd9872157295a7b0d49a9c39054107e61257f4f3a73ece94cb2b80f6a7aa6ce8a35fff4139dad969c17fed55a03a729f626053ff32f871a039839c4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b786a88cbb506fad601edf11b4940074

SHA1
35df78f8552d76cc2f9b6d733a9e09291d9e34b9

SHA256
a755477e5bc1b9cf840c7bba4c657addfe44dc24aa4edf40f279b839e56cd2f6

SHA512
3ce95290da9db88312a1eedeff414e1fa937bfe03dc4790d9f269d0acf65a4e4ea7644451e7d49c5c7a29d186a78861e1c5c7da1236db10e4c27293c3e1ca0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b419ef9dcaecef67766e91d9a4efb4b

SHA1
d4fd40dc3a60045f9c017f42a08da2d4f5757eea

SHA256
c25c2a71b151ea38b50cdbfd43215c11763339a87d6df2fdc3970ec91f135e46

SHA512
8483e58e180c0c31fe102b60752dfef91f923b6755dfa60180b0714408af292be9f3e613c0c04e7bc0cf6f1a2f566168e6df80397fb06e5b7813306975e07860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d41157489131987485f4e1b63cc7098

SHA1
ee25544edff4dfdd2b94c8324f2466d19ebcc164

SHA256
6c797cfcea8589bfcbb9f8406a4a11e546facb28fb0f42522e76e519e8179fe2

SHA512
d33624c7e5a2aee172037775e628db5a1bd539957222d4c1f8fbbd75ca9a6f72653f3d08c8c5bf86851ae59507b1aa33bc112685cb4b866acba25ff0640fec16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4123dc79b6b9f43864b31e23a3211965

SHA1
0c78b6156236d24ff5bb374af033d660ab62abf3

SHA256
f96690e80c209f1cf9aadb99a97868c27e4f1bf5a500cbda66262cac38e7e255

SHA512
7aef1d65ebfea31accb7fc6b26d5ea66ab660e94fafd0c2d5c51bc5ce51a6d3e270725d495b0938778be3c2566e3fc7706d4695793b1bebb8299cd045da49296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3eb34a76c2621b9caa74314fb38320be

SHA1
5e6c2a54f923b92589a30d4753bc9eefd74ecc3f

SHA256
18784a9e2ddd677c434d577e05f9b634aeee244c09c925a5268e5ecd4aec9d84

SHA512
d05ef148c927ba6da7150accca2b3c645153bb5d7e8b2114d423dc3eec780b6fee72b5b4446aff3e42799275d81885b56a26ac4d2f775728002ee5bd5c56fc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
068bdc015d131258310a1e5fb2b03639

SHA1
d4212ccdbfbdd9aee5794463ea7e0ed98723621e

SHA256
335d53af7d1109ab4b084531031bb1dc40efb8a760f3f7a19c625ad412efd37b

SHA512
f79c0cf3447f989161e4fcf0e10196bc1a877a7054d7a5479b27e798a0cd6dd7db27144bad4ae917002f5d4c2ba005092df87b82fbcfcf48b783c3e40f8ddf97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3a9ad6753cbf44f6c206c923e67b1cb

SHA1
3ed65e7ee8ef907f2c3ccbeea615493f3fa252dd

SHA256
2192490f80af0fd0a0629f77953d3a7f99c4b6ac1b8f3c3978626460b22b4828

SHA512
a5415c820db603f72333eed4793ffb77728ff4553443d4d6494920544b9fb710174cbdb78b39fb53f9ee119749bce2ddee4fd22e001ed9349fd6f8ea78b9a9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
137094a3453899bc0bc86df52edd9186

SHA1
66bc2c2b45b63826bb233156bab8ce31c593ba99

SHA256
72d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44

SHA512
f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
364592d2cc18adf665987584bf528cba

SHA1
d1225b2b8ee4038b0c42229833acc543deeab0f6

SHA256
bd97dd6797bb763681cfb1fc3cc21a44a273aab1d9a4f4f9332675c662d2136c

SHA512
0e852db825e451464cbcfda95eae2dfe780874bd20e7b467604962428007d1735ece752aa5901d468708a68d66d029271d5567b39c530d2d44b875abbff9aa40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0646a9ed5ffa3d48993f174ece42b265

SHA1
8fca00d676b9a23623edbe26c741a25628ca74af

SHA256
36b02207e0a7e228f1e554203e612121c3c35a090e130d42555496da92958917

SHA512
9d368f94fd6dadfcc604fd083c2e4210f228179cfb6e4524a10e65443b521b5a8697c3ca851c0065077829308343d5a9c072d67308b3bfafa15ecd3665fda0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3016612212c441bd6f8dda39238babab

SHA1
f5dee4b2c0c0ba92fc5fb264b16e301017016f66

SHA256
a1de9209af838d4003f7413472dd0c2866c44f3bf1a1d40199713df3c29850d6

SHA512
80cdc7b8dddfad8d9daf45c36002b99409d52640c0a02fddfb123a5f4e5c4343d03dc208b14649523dcf60b65efaa58f77a64479c5c2b027f9a6a73416f6d027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3d0f6b4b61b4113ced56ef361aace3a

SHA1
2bd99220b08f77aeb82cd823e0bf8dffa932dda6

SHA256
4322eebf922f3c04feaad50b397d2848f0ee426707e84e975c21df56992c3107

SHA512
f4218c992414ff4b7e4265335215389642a6d4a60c2c070ff98fa1f0eac58d0cfb4e54d639e273f785077e32d097f64251ea88ec6ea0307a7d4cd9595bfab1e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0518e8bd5d14f6ab743ce9298554568

SHA1
b096f6af63f81dce67c8c80ed83ee81e7d9cafbe

SHA256
82d0d832d2c4ea9596a3d525e49d11b17dd5b15c624173450db4caf755cde699

SHA512
4c99b904e2fb99f4898d76a6e8f8aeeb634fe427805644108a05b8962c789f5ca66eb0e322a1034d05a6aae33375f8e24b879dfe29e96b8a4a322a0d2b30f829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ce2102eed94025b09f1d849afec8a9e3

SHA1
a9a383b74882a3fbd3dfb1b0d3b09cdc08ac2c79

SHA256
ceecbd94e2cb57202758f47a7774d881abffc6a9efb46d6447a779bb67e73b52

SHA512
f8e1c4f9af76d1e8c13ed1e689f7d7ad2d81c627806b10aeacf0b4f4e1ffd2b571e147d3c00fb3489bffe81ec54333283c269f732cf30286474c80b9f3ab5cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9d4fea19b0a22db51cf25189cbda6c3d

SHA1
d9aacbf804d91842a2c5174a7679ecdf8acadb16

SHA256
6de9ed197ec70b894a9935017f8467ef81e02f1132a83038e6655394ecc2fd3d

SHA512
c6b298954f62080294d6aa51c4310d544b441b7eefd9a9d36198858fdcbea10ded17d0323a3f68924c999c06da89b44ef1dea0bf01d2773e05d3875d71f27284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8fc544bdeb79fc689eb1a8b36f4434d1

SHA1
9834db6fb5b6671b85ebdcd8d727430735e11a20

SHA256
c196511e87ff19c08884b3cabde58e6bae7d9c6376b92beb424690eb1d642f5c

SHA512
8d86e5e10547f6183ea14a79575b3ed1eb3013476b6ab072cff03621d72b399edd9112f4474692c39524e3768afb058d49d9a16bf86ce04169a2ed0071816ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64c0b3446648863a090df32eb0f7e14a

SHA1
7416639a29c645bfb0ee2f72ce2a88854ce10e4b

SHA256
c5db7ec4713dd9d36e3d6d2c82ba035ba7207d30a55841c765840c9c9dafdf3d

SHA512
26800aeea3a08547731970e830fc861030501f0f8e9c4db07efaa7d0cc792a9f1747045d9590afc0ce759775346f65b2f12301ff7024da83e39ac397317a5ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4f60e9a31d2d83fe031b14960345ad1f

SHA1
c21e9cf614503b9b2ed8df8665523a0ab912d9b6

SHA256
eadec4e79029cc8e2786c8c1c24cc0e96e1ad0c59f8f721b01864f74ccc61da0

SHA512
ae70752586a1cf963b61f90bc6b1d9772469f86fd8c73cd1b3857cb03a67266fa80e3aca049d2f199368720495d684c75518e588c18e13e4c7b206109fbd8b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91cf3e39ba0c3246f1afa5ba2185cda3

SHA1
3ac20a20f5346c9a51c7b70884d37e0b7fa45748

SHA256
3f025dd37f4fcdfb54b1e7e6c24bed0e2ce4e5b29d487b067c74deeaed1e808e

SHA512
6eb67a1ce3a8eab519d89c3d8f85543083656d6758858e9f2a72dd2d6c2153001a93864d553b156786e87802568c4a5b337420656ea3da2dc8b15df01eae71ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1ba1d5e3e40d8d216e941b035264c80a

SHA1
3e47bc95f9191aed61da4ac5552ec45f8fe4fda5

SHA256
bbc172897fa5746ee957b7474de1ed5c0e92a034e1bdc9bca61348d2d552756d

SHA512
87a21109921c9f138d2485155f4e79c4ec72d5a68590306659b4e00cfd5e03eca2e7246ef952195a5f287a96da00b8022b7985fdbb636dd5e6d198f141d771aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ff8a746103811eb4d9c1f759dfde062

SHA1
1677f1929ac4a30a48db0efe399fefd71d6c9ab7

SHA256
57d2175bd9812df13ee405e9c395d16ab3bb845b4ee7626327d32f4c659c693a

SHA512
614ebf6a1f810731faeb015da86e14d0ddd40e6dd6457a981ec312a4907e0c8b8cbf36b11684f1b833f1f8f25661a40a2dbe605689fdfd5b51effa3d2950e1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d2c38bfb9c8f30192eec3b05a0670f27

SHA1
d1a8e659879b0af3047e8067dbbb38c72f474602

SHA256
4f657e570103777de74fccbabbf057218d2123d4d219082374ffbb9577d986e8

SHA512
df78308d64194d1d975d9bcca979a1ed501f036c1465c84c4977176290b8ee89b0a32af2f1c3057a70d352ab0fc6d46268bcdd4b02a3fa0ce16320850cc9616c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f8f97297ed49e1d39eb1f602b9c07d61

SHA1
a609e8e2b10dba5ff53a9b89894fdc5c14f01083

SHA256
93a9479ef6921b659b76b5d599b287d8ca5289f372c6aad3072892b9e32ad437

SHA512
c6dc40aa761a23784c27d99f6a09b02b893af0ba4626034b483d64ea8433f5e236f29fc819cd0487dcda91f581847e578dacf91070b8370f8dfd250e8d940c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
73c2639994d1db2820b7c5e95786993a

SHA1
00c7149d0e2754deee5752604e5a98b0dd271182

SHA256
eecef6b94ae284e9d073f39b5207480177b67f0574d6260461f1634351cda5c6

SHA512
e1faa16c47c263b4b6eb63040cd676d3e7faec6fbf3a14b528e5c988dcb21593dbe1596a10e67df0f5fbc8098a3e35007d1b5d52ff09359d1c591268b9cd69b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2242092b594ce4a5e6c4bebde117b7b7

SHA1
ebfd9cd9fe949c9189de5561335fb11afcd63f6c

SHA256
828361bd963d80051347a4a8b0bc1a6df67bcd32ff2eb9f751996d6cad33b0d7

SHA512
2d226ef8d071d5641a61dddb5301b3605a506c81987bf58a09e29056b9938a07ade521f75ac5ab0f344a9ee4e0d3fcd9324f9ba3aadf7b02a41eaef1fb735308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
767441db1ac5186b1e5831dcce26f805

SHA1
48ddd95ca83130d4303868e506cfde05c666de88

SHA256
e357093537230f1aa5004e862944632306a69203b40b2a720166ef0f82596118

SHA512
569517b27492a5e72f7107486f03be0e3459d2a5a35e1801a1495124140c7425618dc1da48f7aa9b42709f883ea8d185ebd91ff9dc632c7744bab8f3f1aa56a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e04e.TMP

Filesize
1KB

MD5
1d4f85410f6a246b15b1d9bc5fedceb5

SHA1
add311685ffe738bf99082d47d861edba6762e8d

SHA256
022195a02517240821163e1c1a45b93075295ed125b08f7faffe653b53d7a7da

SHA512
75f213cdbf0a20afe6314058296ac2d0e2d809004d92d024f1ab086394130615d0f488e5d605f34a506e7ecb774f394a982f3f5f7fd415921bce12e9f68333c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
72ebbe271954a06775cde942ed013510

SHA1
c874329d51f8c87a9fef204260377e665fc6fd10

SHA256
b52a1d50be4794286d3d1d7512bfc39a1cbc582ebadf0ab8c270d9200a94b7ed

SHA512
0db19f8f5cb6a65b109628d33c3b1f4ae30e0f13d5cf7b62835d43485ca218222855d2352f337ed760caec377c1a8581219c4b8731243a84c017f9750b67747d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9dcf6868e90558890e771a582236321f

SHA1
7aff5d21adbad95b33312a3b56dd9a8792ca2504

SHA256
043b6c66fe3bb2c25554b3d418d4aec12a9cdcb70e3902951840d2a58a978535

SHA512
b52296b96f2ddce47643b19a6e09d6930d7ce18ffa4496a563222a3b6b2d25b328f3b8d61b1b640c49f32dc48178b34b21e49d42eb76dffd7b12ae3c6f40e465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
963ea32645c56c1739d8fbaa41fd9b4e

SHA1
3d7051376308fc1753afc6f557aacc1293f67574

SHA256
0d0286b1cb65d63e997c9de1b28305766659be3493fa7d77dbabaf63fd92e020

SHA512
40d63af314d36afe052187ccf2e9e58847caa00150d2c2ba7bc170a603d6efe2ddf00a8729aab7f842a1f38ffece4ee04dca6f5ec8a7acf13231678646d690eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
570798745d220628d80743dccf2332c6

SHA1
c0c3a23067672673ac632e7364b8872105e5d094

SHA256
83e9a36d6565aa76d3ca120638031dbb670882fe152c2be31aced61a63cc7d81

SHA512
13172ff21534a4ecdf9bfaa31fcb4ea3e27cdb6c18c3a93a5beb62c32ed061aab82b3cd3fde46884a66b785c8a110a9bdbc5875872db8e5c12ea0185747238ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ec978910fd76b276fe721542eac53dcb

SHA1
61ead9270fa006f01827add60b008011aeb7d1a5

SHA256
820bd7e5eda2205c4f5dae8cb297f37cdd2fdfc4beaef284217ed727b9659811

SHA512
4984742688e5e88cfa46b1e852294f7c34918a8df4593f71e5c3932dab755012715b96832d3dbdbef5696620def852ff8be6e2b682ab77fb8584e2c838a1453c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8043FF38\app\resources\app\node_modules\pg-protocol\dist\outbound-serializer.test.d.ts

Filesize
11B

MD5
e2ebd7ddedcadeeadbf819c35985c768

SHA1
b878c11a77128e74c3cf15c93ef2ceddf2aa0b38

SHA256
8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881

SHA512
4ee1c88f8c3f4e4cd34cb6c00339bf9d6d036ff4ade3af49e871cc8966b84c729d8b75492acc6413c9a664ac00a57958223ac13c4229da8c62ebe6a53e4f783f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8043FF38\app\resources\app\node_modules\postgres-date\license

Filesize
1KB

MD5
10fe968c1bab841cdadb1a572bd41e9f

SHA1
df2218fb8f21ea47bedfd5f9f692bbc7ed575ab4

SHA256
f057f36739d53d228a746de4440c1e0c644ecde06d6beab45337d39c9d12a393

SHA512
6a00e52aff992d0107cedb43eb66b39913910281525734dad700f2060408910d2940eb7fe32aadccc50f5c139112493d9811d86cd0a22d4d87312c2634a5a9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECBCABF1D\Zer0Day2 Binder\app\resources\app\Backend\cl.exe

Filesize
11.6MB

MD5
f51ce4680a9de7710d1928ede581407b

SHA1
79a724467611030cd1822f911a79a99736c4a890

SHA256
7a3129678e4162521ca703e3f04766369f96723bc4fd470da8bd7dc19820218b

SHA512
b3bd3d1a7af01532637447ea8539ace449f4cfd4450a039be0b9fc0f75a71f8ec3ff8ad7bfbfb81492a648f9267eeea2a0000880910dbc7f29c3b19b38550054

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECBCABF1D\Zer0Day2 Binder\app\resources\app\node_modules\pg\LICENSE

Filesize
1KB

MD5
dd2233d6471fc21ded072d6dd0ab589a

SHA1
96b1d36854fdaf0b630369f46c93f53e3057c307

SHA256
192b8f5c96900f04a1271dec39688655d7416c1c6ea84a508e18b50d2b6751f3

SHA512
75e2175bd327d5de78c422724233300dab9e00e1f52ba0e5bdc261736e16d7935bfdc851f15a8776222b41cc90669aaabcc93f1ad1e4af179b111106cfd31d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECBCABF1D\Zer0Day2 Binder\source_code\.idea\inspectionProfiles\profiles_settings.xml

Filesize
174B

MD5
05dbe611f5bdb7a801adb3f064d4bfa9

SHA1
123097fe0d1ca811d1a355725d7066386ed490ec

SHA256
6172c5997eeb3cd19c9ca2b5b97d6e2983cdd1fa60b2460d7bbb74055edcaa46

SHA512
8fb573819562cbe9d19dd413ec282e92d65553d1eb43ce501679fb7bb78e50d58d25ba2a8190641aa3d7273fcc7dc0f882911c216f7b6ed3795d92ad5fe328af

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECBCABF1D\Zer0Day2 Binder\source_code\external_libs\customScrollBar\customScroll.css

Filesize
41KB

MD5
f59e3f4c0087b4d8ddc27bdd9c9ab92b

SHA1
fac9b521062feb5250c04d62128a8c3ddb312632

SHA256
247184981eb6f698a94e431a83d68c6b0df623cce57b6e29dc5a6c11e23aa195

SHA512
eaa92f05b0f29794c326d349882f1fa32115b81ea0c4c064acacbaed7a6a9c80f1caf2cb3c9ce64e3023d5d4497cd7665d6a83d7455b26878de29390a83c2f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECBCABF1D\Zer0Day2 Binder\source_code\external_libs\customScrollBar\customScroll.js

Filesize
44KB

MD5
56d10aee5c58fed71577e91fb2cb26f6

SHA1
93ad76c36376ff9aab648fcf2a5b4ca20ad5e882

SHA256
647f789efb82f655d75c028cd74268ad433f25164c11ced13770d62f6983762d

SHA512
66b6507a33a0f29fd2362d1478b5d00344c0634cbd3069ee24be25ae95de72388379cfe44e29f7ebb5b1aff68ca7af6994c4c3105ee210dc9e966c92b253243c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECBCABF1D\Zer0Day2 Binder\source_code\external_libs\initVector\appendInitVect.js

Filesize
412B

MD5
f0693deaf97ba4328b361043ca7fe60c

SHA1
e0ad24f1a5da3d74b55d835bc3f0c28804e2cadc

SHA256
47d33754192349a81a03a93aea489472275349ab71b70b8235ba135f581f8bc7

SHA512
39a19479a6ec591e494b86a1f1c184d7b5b301744dc6dd0b3820c337d26f278baf41f7af538102b066123b4769a879fef34b968bf0c52347381bcbe9a8c4ce95

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECBCABF1D\Zer0Day2 Binder\source_code\res\QF.ico

Filesize
32KB

MD5
abc75b718c5f16ef9caaba7ce6c0b327

SHA1
d3289dd726e17e167c20393da980b8bff5d53dd9

SHA256
b7c292a95de9d234fc139e88828f74412ff97f2eb047c4d286a4eb331013071e

SHA512
d6723dd95d6f8e4fb964913dc731b73fc1eb5fbb74581fa4d5114dce625b47f9a9482e939f928d3d082b08d3e7971163454c2a84986d11fd3b6e89aefe412504

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECBCABF1D\Zer0Day2 Binder\source_code\res\splash.gif

Filesize
84KB

MD5
9fc20806c005d0c8556a16036c8f39a3

SHA1
a42d7e2242fe6ca4089464541eee86925bfa6027

SHA256
72bf321083aafd536961d4c70c9bd8f975a5d004af3cde1a4f07883079b1d28e

SHA512
a3a909189da409e202450c229b631cf1de2dd3ce02d909fb89732d8a7bef74cd43091f0ebc7a440866e19ff6b3aa63ef99a7b6d5b8db530ce458954ed7248359

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
65b5938aef8d2f1c62501b3287cde231

SHA1
d017d1dd7c3f3244c415a7d58795740faa351bf9

SHA256
57d7b4dc2647d92c0d1d11ecee5d5f5c87100ed9bac944560fb92541f11101db

SHA512
b9eadbff84914cca1b4488c89497405c4048d86b02fd247dbb3d74d00a5d8cdd70687734c2cd41667aa8c565048430c1223f5952220b2f5e1ac787f4dcbd153e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4980ad23d6ec1f4cba9bf96d0d48b4fd

SHA1
6a10b0ab26ec2a9ce757bfc068812be192cf94d0

SHA256
18f4e1db8d4fe83a522fff8a1cf1ee808bb400be343f199f5da822c7853bc05d

SHA512
43e5e999f30c9c4cf5d7231df1a514a831ccf75a3e5ebb94fa8208a894fae849de8eaadd7b72c9054dda349c3d49bda8776443e9afc3bfaa38e165576bf4d269

Download Submit
C:\Users\Admin\AppData\Roaming\binder\Network\Network Persistent State

Filesize
881B

MD5
d6a4d88694cccfbec10a163077a24841

SHA1
9fcdc1282fb4f74f079900c93452e42fcda5e449

SHA256
67c3eb7a2875d7aff67bb8a08f0fc763aa056b702e0d644aef5dec8253f3b64a

SHA512
fcad47d352dbae4b4951d90eb0547689f911c2b3322c1b1b4dceda56779d4533daf9a82bc029b2d943131206cf9a850b88a271973d35c8d32c880b87c62b7b03

Download Submit
C:\Users\Admin\AppData\Roaming\zeroday\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\zeroday\Cache\f_000001

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Roaming\zeroday\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\zeroday\GPUCache\data_1

Filesize
264KB

MD5
451bc113006ca2d1c3f267ab87f6e876

SHA1
ebceeb29aef61ae1f5859f632a0c7d14cbd35800

SHA256
373db71983ee5b611b24501ed1f60b45b3da9e3d6a76ef73b3fd16165e298242

SHA512
e563a1e383f5ed9499a3d7710ccc3c5a0fb8b1f3f1a0c049e38a965a260ca8b3e01d88a8a41c0b7dd48fba9f2150262c6003755c4ecaadbe1e408df13d0ff0f0

Download Submit
C:\Users\Admin\AppData\Roaming\zeroday\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\zeroday\Network Persistent State

Filesize
341B

MD5
a12713a0cc12451fe64f3cd5ce6f1f7f

SHA1
09860a188ba66fdddcc4a8a034f3f7fa4b60efcb

SHA256
0a00613556cfcf32dcf250b97c53bb0232df54370fef9f577b693a47cf32b48a

SHA512
2e8178ebdee044a9e358a5a030b6a821f825090cbb26628f92878ad1f6ebc9a39e3f6358264f471d382489abfb6073898204708cf39cdd44e1e527428c98e12b

Download Submit
C:\Users\Admin\AppData\Roaming\zeroday\Network Persistent State~RFe59b76f.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\Desktop\Zer0Day2 Binder\app\resources\app\Backend\binder.exe

Filesize
6.3MB

MD5
0c74649ea24807bce9e8ce5335ba0bc0

SHA1
7a618fe9a859151701e148b45c76c01b8ec378b5

SHA256
bad75b9fc7161071d0e15d43b20313eeac6737e0dc41c80212b8510935d2c23e

SHA512
aed5e5110d44a6f6341e8857b8b95734019a418747c639eb2ec237f8796cca12a445fd4eb0602d25a916e93f9d3ca3b705ef590f8b2a33a901690cd52c3336fc

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\ffmpeg.dll

Filesize
2.7MB

MD5
f42db9b6aab90c9793443758dfbdd81c

SHA1
70c88c7e612d7af4a3427b3c7f3d780dbab27458

SHA256
39133cd9234b0a5209e6b6927f1dae4d14c779b4946357d23d712347a5223d35

SHA512
35207134cc5539c5ab18d17589a7a5eb7ed169f25d11cd704ce006ada7881ea097b9b339ee1c1908102b5e352099aab57b19f858cc4644bb24d6cec163c62d78

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\icudtl.dat

Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\libEGL.dll

Filesize
436KB

MD5
2df43c537453b453b6d4ced3317a6f03

SHA1
1a8b1fca2664fe530663c18bf8ee2e84ade96380

SHA256
67b1befb289b59fff5c28989b6643672823b85b900eca0aa4000a01ac9b9d346

SHA512
bef72725fe03cca6794c0cfc81fbaa1c858c68457ca83a4ebc98bab576b0c2544b4e02af203e43cb8bb75826e39f543fbff640c73548ab396fb1e60c610b0126

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\libGLESv2.dll

Filesize
7.5MB

MD5
ade7df9a58109ca404d7b83c19408b58

SHA1
949ce097cc71cff54afd2866700bc19a4abca214

SHA256
c8722d94f5e7bf23796764d993dc26d809db5a1a037edd6c4575e16ff2e46e5e

SHA512
dd446417c3caa8ee67eba29aecf19beb39305adf9332613b4004459c3bc856906040c608620ecef30bd3aa9a41dfd4791c7d549358a6c079de5ec86e9c36f532

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\locales\en-US.pak

Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources.pak

Filesize
4.9MB

MD5
5507bc28022b806ea7a3c3bc65a1c256

SHA1
9f8d3a56fef7374c46cd3557f73855d585692b54

SHA256
367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df

SHA512
ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\css\splash.css

Filesize
525B

MD5
c6927ba6d440d3a938c1725c78b283b8

SHA1
19f6d3a3aa59bef661d932f0eea7f3eb980ce60f

SHA256
50e13cb9a24c9b27278e8d6705829ff9a8107eda1c3e71389175c5312ba38070

SHA512
6aabbee85cfa904837dfd4f9b0c95fed8681fa20bee031d1e1008bce295e71ce3dd64f72e182f4f615b8c199d37b22845e3a3125ab13715a28f15545c6c27802

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\external_libs\bootstrap\bootstrap.min.css

Filesize
152KB

MD5
a15c2ac3234aa8f6064ef9c1f7383c37

SHA1
6e10354828454898fda80f55f3decb347fd9ed21

SHA256
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

SHA512
b435cf71a9ae66c59677a3ac285c87ea702a87f32367fe5893cf13e68f9a31fca0a8d14f6a7d692f23c5027751ce63961ca4fe8d20f35a926ff24ae3eb1d4b30

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\external_libs\bootstrap\bootstrap.min.js

Filesize
56KB

MD5
e1d98d47689e00f8ecbc5d9f61bdb42e

SHA1
6778fed3cf095a318141a31f455c8f4663885bde

SHA256
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

SHA512
021e615983f30ec5477fd8b611e8c5045ac6d9900f9a9bb8649b56e0c7d282965a727f8cf501c3b7e1ddff02f5b44924d5481bcea7a926be8a9e166314a07ed0

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\external_libs\crypto\crypto.js

Filesize
13KB

MD5
11c5114e2a1face42de239b2b17943fb

SHA1
a56ff0cb2cafaa41bc5a892cc780bbbfd5d8452a

SHA256
a0a28d71883d6791d7feb6c8ba3ca3fb089994f4cf111a34ed78ae803a638c3b

SHA512
52f9342ee4b90909498f9c52e9ca90c3af09c8b277086159150adc6580bc91e1ee3f42e185e733d1dd2425f65765769af32f32227d587185ebdfb3f73d70e8e8

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\external_libs\jquery\jquery.js

Filesize
87KB

MD5
b61aa6e2d68d21b3546b5b418bf0e9c3

SHA1
9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7

SHA256
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

SHA512
5882735d9a0239c5c63c5c87b81618e3c8dc09d7d743c3444c535b9547b9b65defa509d7804552c581cb84b61dd1225e2add5dca6b120868ec201fa979504f4b

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\external_libs\owl\owl.css

Filesize
3KB

MD5
b9755c9c2613c455154caf065bd1a94d

SHA1
aa3c316b4e2ab55bcb3d8e3d186677739b0cfd64

SHA256
062368677bcefd9495e8b320e0cf22c4faca9f1bc04666efeb9cd5307cd591a4

SHA512
dc35560a766631f3b508d0e280fb95f746d9940b48565487932ea6c1ac97f5436d0ecf3b59ebc2ba2c4f21f7c5b963b4671a7f3e56745860cd1244d207fbcc6a

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\external_libs\owl\pageStyle.css

Filesize
9KB

MD5
f9575cadc5f9b6e077994345c625b792

SHA1
6f8a00253202accd4200f27bab230c4d5aa4d114

SHA256
3a00f3943487d0194dc98817b2dab69f999c179783588613e63c8c2d1b950a7a

SHA512
c72f836f7c3c990596506d552f7efaacfe90e048c8de3c81c7f99f84191da87eb6fc0abb78a9aaeb28b4abeab48d3b7124727fe64e30be2bfcab9fbc2ca86fe0

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\external_libs\popper\popper.js

Filesize
17KB

MD5
4d315a4749ba8f99d25bf095f1e0bb47

SHA1
eaec4f117a18f2501e2e017f9fd31eef7dd2fc93

SHA256
299a520e01287726061a0f47be40782e70632a9d609c53af14c09e333fe9e014

SHA512
bdd5e0b3b43c15ff06b7bf9a26c6498cb9d7604ab62746d3d99d777d208a54cc78907cf15bf8af3bd02332205c9bc228dbb8ee067a81f3034bfa664f3569f3ab

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\external_libs\sidenav\sidenav.js

Filesize
733B

MD5
2aaaf2f0bf7c82863e3bd9df91d304cd

SHA1
332f62f841b52f32e9a7a729f67dc16fd7ceb1a6

SHA256
7ca1e23672dcfef7f0abde1065aad4668159a78a45613d8861b5af2df9a48e03

SHA512
ba0d3dd5c870a070f39880df704087f920db20f24dc3dc0f4ce027765711615e1a9131c19dcdc1942f300072e20112453d4fe1fe44909787ab4265e07abed186

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\html\splash.html

Filesize
3KB

MD5
8ff92c77cbbb709c14acd5d87f2ead03

SHA1
806f06737dd01ec4ceadc4d5057f2441655363d8

SHA256
3dbb437ecc81766500aae41d626708eff7defbb497576169a8283e7f45a072fe

SHA512
461cbb1cafa56a054499473f757baebff452f54499e706a8666aa8822c53f4a6e9fc5afc06ea54db03e40998315e52ef9decf6409b42c173b01f617af1aac4ec

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\main.js

Filesize
29KB

MD5
6afec2907fbb9d9b930c890d43d4c6b6

SHA1
13a4d5135b0917e7c061c28b74c9b478554c0fbe

SHA256
da163ce7270be7343c98a0c40c9bb3abd95395d03c5063b7d55ab130d8aa3fc9

SHA512
c8ab60f4d9447e6ac02666a2c82c6cf39af7f9e9dee66af9bebddb02e38a65e518cd02ac6ccbda7e9f0bc0dad900c8b51a0cd04b81f1217fee6ef1c723548751

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\electron-prompt\lib\index.js

Filesize
3KB

MD5
de58d6aa451625ba433a46a9d12a3c56

SHA1
6a9f66054e0965b22fe122c9a2787a0b470cfb22

SHA256
cde7b1ee4d5f82c8c8c3e6583dc06e1bca7a3ce65ef7ba92a865877316c55978

SHA512
0f7409db836f451102bbd93c9daace3bcd94254f98fa3a2806deb43eea98cebafb51ab53a30532e00a75c32450da4989204e1965f5e2a6b516c89c1beb310d7e

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\electron-prompt\package.json

Filesize
1KB

MD5
98a3bd4eb9a8a4fe08adada566fd526b

SHA1
4f1fc09de82f644e5db850f66bd09e0f6204b2ec

SHA256
47644049e85e11c3682fa1a0706500ba83c67b7bd2c9091cd71fbb5349271310

SHA512
83d3c5e6abf1a54c782dba5b3732d721749486d90dd947f970854d2c095e82d4c72b6f3b9a632dc0abcca5de2c6b340f89e66bbda2061fde06cbad47bbc5e704

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\pg-types\index.js

Filesize
1KB

MD5
81cf525e738acfb2d62ba8b318791b59

SHA1
7c7c53e82b69856cbc8399f3361bbe36d3de4054

SHA256
ece6d549270ba55d08126b10c9997324d808ee828ef00dad236e84e54d9d556d

SHA512
8f2b5fba9b20357c272d42f72c8758057ba5e07656327417ab323ea9f8b6b60161c7cd4db405204001f410f9bf0da73ba8c0eba4a5dec7b1de9b0cb448c064d7

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\pg-types\lib\arrayParser.js

Filesize
208B

MD5
5af64a9e28fd4ea5c9ce52d84df9575a

SHA1
6b1961fc478d5e6be4ac06046fad816f1ff47602

SHA256
cad20b20e6312125b45f74480eba3ef46b456997da4f53bbec56356d66edd730

SHA512
b145f55e82f71b31b552b459ac5ebb813e5950ca88fdd7f25db7acc326949e99da4a04881696c3ca3093d45e52d5e022a3bab2b94fcc41bbe5737d881da12704

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\pg-types\lib\textParsers.js

Filesize
5KB

MD5
6e031a697f8becbed9b3edb49b487476

SHA1
3888c75438ddca67b49fc09dbf91d0b28bc904ec

SHA256
bd811a530000508b6b90c1db462078e122f0404769d73f57ad41fe90aca159bd

SHA512
0ee41816f5675b9b558fe044119dfb7ca7703ade1bf2cfbbc945581df81256896517b0a7a1e4fbb36ae26a56bfc18a34c669e45bd3c03b0dd0794b3cd8ce456b

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\pg-types\package.json

Filesize
1KB

MD5
d1a5d0ebe5b9aab311e0653031640cff

SHA1
938c65e83c03e8a497e5697964e7948a553a68ff

SHA256
45bbff9c29b8bc2792bf78057dc1ded606d1083bb3a859c37f7e6551aa408d06

SHA512
0f7b6c73840b87c4c93470d3da7b40cafaeb2516f50a414c4d2d48cae71b0c8ad2c547e0e2a2a52454afda6392a62365639c8e68f5bd8614aea5045a18dc5b81

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\pg\lib\client.js

Filesize
17KB

MD5
b2ac0a8f87485aab59762a9e16fc77ab

SHA1
a155874015cf9cc5be65aaeb951a9f253badf640

SHA256
77afc3aa64e55065c09afebd88656659066780e415ee77e18f43c9b927a49159

SHA512
81098f803ecac2c37668c846b9a70651bb2ddae7ff3b3195d8149640636dc75dc400f05c01656d8d2b317a4c384a52420bb70d83be4c8533e956a3b3246205dd

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\pg\lib\defaults.js

Filesize
2KB

MD5
273d335e26185736d1f539f2dc5648fc

SHA1
a86992459921caeaa043a50c4a1a0b9498f523d8

SHA256
bb0ab577d2952aba9036885688dec09ab6d7292380e7f497bc9d3634326c3e3b

SHA512
3e99627e4a0715e2d483bc2b9d3aa98807d5c7d7abbe31aaa3b7f6c2f41912df91ddfc14253bee8539f84bb176bf2bd88cddd693bba95eec8728e1bc9275783b

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\pg\lib\index.js

Filesize
1KB

MD5
c2caa6aa3912d6ec792cdf19c78bb43c

SHA1
aff678137e33212b4ed4cf3753570d8619aab5ad

SHA256
aad4f40f9ef36d5e5d732171a4cb8edaad5e018b1a846dcfaad07e9b8411634f

SHA512
1dfedaa3ca2016c088433f05ba41bbddb59653234fcd6548547068a12f601a09da429af7c54824f7a38ce83cc6ab706aa69dc9afdef9a7e6ace044f12cb5a15d

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\pg\lib\utils.js

Filesize
4KB

MD5
a9175c0b6f829dcdb3366f589f9ebe4e

SHA1
eccde4d371a83fc99dcb524ae8e5ce091d75012e

SHA256
0a71839041d2cd0e659a47877da0dd4d1a0aafe349baefb93177ba46b4c23df9

SHA512
7d01ad66b5b7e2ed30ea0d12c232a04f8cb6aa1da60bee76c8f0b3479f4d88ddba2ac8c3e78a6ea0e94da6d54ceadf7daea938b9b6938077286d4e046d257435

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\pg\package.json

Filesize
2KB

MD5
d6f934ab6361a9171ad659ab028a5a5c

SHA1
c01fdc771277aaa7d80210085d3486d77f3ee0cb

SHA256
77f148a34be391c07cef3b68f00bce0567eae4f3d73414a0a26e66d80df4b3fe

SHA512
5f291a594c1752c727d2dd5551699b5a95284ba42bedc48a66735f249084aa5632caa53f71b05dd93135ac2f86b46938cfc216a7c8781fa8e2594305ad4d9f6d

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\postgres-array\index.js

Filesize
2KB

MD5
bdea857ccfef60c8e4101eec7323afd1

SHA1
2863c35db4d202ccc320309f00ac25464ce968f7

SHA256
807ba580ed423e518672c27b4022a56acb693be04349733ffc1fe6f324fbcee2

SHA512
1b9da9d94308c4145708c759520e6a3a5a29669843f633a2f33ecc786ab99e0044930b2aad56a92cb6d8d1937bfddd7e655283e1bf93a911eb37c9dc16d19893

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\postgres-array\package.json

Filesize
1KB

MD5
995d8cfc99e9ec97ea3438ca6a7893db

SHA1
5c9b0f909c4db8d6940d8a60c1853399c0673fb0

SHA256
73f89aae7c6ca651ee982857f39018985d1bd81ef6dbfda878c6572abaa1d8b4

SHA512
17080bd96daf3fab75ab1e775ccffac4b59c21f898053524cd3c92478ae7a1c87e17d64daf11174e4ea2afa535d0670eac436ddec81e5863bad1f2d674a829ea

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\postgres-date\index.js

Filesize
2KB

MD5
49bc6d34145d87a2746868617263c74b

SHA1
422500451648f658d8d545ddd29b62d97e5ad2f2

SHA256
9a09e3ec0775237576b1f6ff0fba0ed6171235aeded635a42c174b517e34cb1a

SHA512
33f7dcd3495797ac21a0cecf2f7704e43dbff6496cc24f05e153b1c6e2ea5e98b72f1602473d1584fdaaf212939184f21318e3f0226d08a2b5099daaf3a6b117

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\postgres-date\package.json

Filesize
1KB

MD5
2c98c562deda8256224ed2117bc40fd0

SHA1
a44f3690735c48c269a15f90b23283303483b446

SHA256
3e74c006186f931b5f4c282113ab1d7c4bc1d7570fea82250f6ff1eb6e667d0f

SHA512
15a95468eee1bf1b802147ae98ba3cc3f6d1665cbf93b13d353aa4313a7fda4ffb8435fbf53cf5449765842341ad3109c41779a9c4aa879063ae383f116620f7

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\node_modules\postgres-interval\package.json

Filesize
1KB

MD5
bab778c48d8f9b77dbc9ec0de1a86351

SHA1
84b76e8f3e9cc2b52e348fa472b72a3697463ae9

SHA256
e34fa19ac5842197c11202500d0dbe278972e2a18c173db4c98d4682f28681d2

SHA512
7416ab5c23689d4703f4a09c93133749f30f448add4faf6e58abf83fcc09f8077d75749727cfc0d3113aaaf7648c26a743f536294f7d8560828f219976d9f402

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\package.json

Filesize
641B

MD5
6f3f3555229b030a764ca8b5e026bee2

SHA1
b6d36f56debbe93832c981d211dba871250523ea

SHA256
3e828304e6955cbcccf3c68db57a801dce23592e8784dbfbcb896a7586f260eb

SHA512
4c3181dbc3f00f010fc4128b462cf3b542736bbed46997edd927b5bf222663fd78a3f030a32a22cc0158fae1088f2c04b2681dec172e0fece83949e8a9f869c2

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\resources\app\scripts\splashRenderer.js

Filesize
2KB

MD5
6850f65328641f682c3a803b2a4a38c5

SHA1
6e89fb670a623d18cdac57856c80e3fea4fa2b26

SHA256
e751db2349e41de84310107ee700ce88513b85b709a1076a6193d52e8ce339d4

SHA512
f3a613a47f107e2035ae3f30f5cc5e70c450d7cabb0e323e97f1d599b62865ab1b0e10cc31671196b359d5d7f9f588befec3e7fdb33dafd901aed114e793d6a4

Download Submit
C:\Users\Admin\Desktop\Zer0Day2-RAT-1.8-src-main\app\v8_context_snapshot.bin

Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 364648.crdownload

Filesize
873KB

MD5
c511cf3a337dd59ef92f524e15bea3d2

SHA1
60d5023e03f8ab1e430a08d84eb37f1eb02b6565

SHA256
6796d0e989152484f4356af4acc51c66ca84258883d876e6da8e3c9490af7150

SHA512
e7fb926c76bbf3895695e27edddddd0cf96440c6ce3d8c6b9e2fd4bfe44d358fec709445015ba5c9b0df93cdf4573be4ce5184843318464d88ba6f4fa8d576ae

Download Submit
\??\pipe\LOCAL\crashpad_3404_JKFCZRLBDSMMGOAK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1160-4016-0x0000000005EA0000-0x0000000005F0C000-memory.dmp

Filesize
432KB

Download
memory/1160-4005-0x000000000A630000-0x000000000A826000-memory.dmp

Filesize
2.0MB

Download
memory/1160-4004-0x0000000009EE0000-0x000000000A018000-memory.dmp

Filesize
1.2MB

Download
memory/1160-4003-0x0000000000DB0000-0x00000000010DC000-memory.dmp

Filesize
3.2MB

Download
memory/1160-4006-0x0000000005A70000-0x0000000005AD6000-memory.dmp

Filesize
408KB

Download
memory/1160-4018-0x0000000005D20000-0x0000000005D32000-memory.dmp

Filesize
72KB

Download
memory/1160-4017-0x0000000005C90000-0x0000000005CFA000-memory.dmp

Filesize
424KB

Download
memory/1160-4028-0x000000000D7A0000-0x000000000D7DC000-memory.dmp

Filesize
240KB

Download
memory/2328-2156-0x0000000026130000-0x0000000027130000-memory.dmp

Filesize
16.0MB

Download
memory/2328-2817-0x00007FFACEEE0000-0x00007FFACEEE1000-memory.dmp

Filesize
4KB

Download
memory/2328-2155-0x0000000000580000-0x0000000001580000-memory.dmp

Filesize
16.0MB

Download
memory/3716-2124-0x0000000005A10000-0x0000000005FB6000-memory.dmp

Filesize
5.6MB

Download
memory/3716-2125-0x0000000005340000-0x00000000053D2000-memory.dmp

Filesize
584KB

Download
memory/3716-2126-0x00000000052F0000-0x00000000052FA000-memory.dmp

Filesize
40KB

Download
memory/3716-2127-0x00000000057C0000-0x00000000059D6000-memory.dmp

Filesize
2.1MB

Download
memory/3716-2123-0x0000000000930000-0x0000000000944000-memory.dmp

Filesize
80KB

Download
memory/4316-3121-0x0000027AA0850000-0x0000027AA0851000-memory.dmp

Filesize
4KB

Download
memory/4316-3122-0x0000027AA0850000-0x0000027AA0851000-memory.dmp

Filesize
4KB

Download
memory/4316-3123-0x0000027AA0850000-0x0000027AA0851000-memory.dmp

Filesize
4KB

Download
memory/4316-3127-0x0000027AA0850000-0x0000027AA0851000-memory.dmp

Filesize
4KB

Download
memory/4316-3133-0x0000027AA0850000-0x0000027AA0851000-memory.dmp

Filesize
4KB

Download
memory/4316-3132-0x0000027AA0850000-0x0000027AA0851000-memory.dmp

Filesize
4KB

Download
memory/4316-3131-0x0000027AA0850000-0x0000027AA0851000-memory.dmp

Filesize
4KB

Download
memory/4316-3130-0x0000027AA0850000-0x0000027AA0851000-memory.dmp

Filesize
4KB

Download
memory/4316-3129-0x0000027AA0850000-0x0000027AA0851000-memory.dmp

Filesize
4KB

Download
memory/4316-3128-0x0000027AA0850000-0x0000027AA0851000-memory.dmp

Filesize
4KB

Download
memory/5392-1209-0x00007FFACEEE0000-0x00007FFACEEE1000-memory.dmp

Filesize
4KB

Download
memory/5704-4218-0x0000000000880000-0x0000000001880000-memory.dmp

Filesize
16.0MB

Download