quasar | 6dfff4c60b32f6e841b1e7cf4ea99831820f4aa2dd81421d7257bdfedcd28365

Analysis

max time kernel
1799s
max time network
1803s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-02-2025 12:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sorillas.jar
Size

10.0MB
MD5

7e3c3eadd00b0903f1fcc806536cf406
SHA1

efe17275ac9ffc91fb1ce25f579fbfa1f8dc6095
SHA256

6dfff4c60b32f6e841b1e7cf4ea99831820f4aa2dd81421d7257bdfedcd28365
SHA512

9dcd295c96f6beab8fb5af447fa759bbf7ff1154f345affeff1b06e2f205e561cd6eb31db23f3656e751d0892c4b766112684068b43bb4e70a075c1a909a2abc
SSDEEP

196608:ulloD+JyfJIFFM0rT/mpDni/Mcd8qAbPeGmeIWvhAn9QrmE:uHoz0FM02JiEQ/kGdeIWJC9Qrx

Score

10^/10

quasar defense_evasion discovery persistence privilege_escalation spyware trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/5976-3559-0x0000026336E70000-0x0000026336FA8000-memory.dmp	family_quasar
behavioral1/memory/5976-3560-0x0000026337400000-0x0000026337416000-memory.dmp	family_quasar

Downloads MZ/PE file 1 IoCs

flow	pid	Process
29	1300	msedge.exe

Modifies Windows Firewall 2 TTPs 2 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4540	netsh.exe
4496	netsh.exe

Drops startup file 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\772d3e1cf411932582ba4607caf9d2f7.exe	Explorer.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\772d3e1cf411932582ba4607caf9d2f7.exe	Explorer.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\772d3e1cf411932582ba4607caf9d2f7.exe	Explorer.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 22 IoCs

pid	Process
2728	7z2409-x64.exe
2716	7z2409-x64.exe
5544	7zFM.exe
6004	njRAT v0.8d.exe
4040	Explorer.exe
1592	Explorer.exe
4076	7zFM.exe
4496	7zFM.exe
4540	Exeplorer.exe
392	Experlorer.exe
868	Explorer.exe
1552	7zFM.exe
5848	7zFM.exe
4240	7zFM.exe
4996	DDoSeR.exe
2480	7zFM.exe
5392	DaRKDDoSeR.exe
4776	7zFM.exe
3460	7zFM.exe
5356	яσσтRAT.exe
4040	7zFM.exe
5976	Quasar.exe

Loads dropped DLL 20 IoCs

pid	Process
3264	Process not Found
3264	Process not Found
5544	7zFM.exe
6004	njRAT v0.8d.exe
6004	njRAT v0.8d.exe
6004	njRAT v0.8d.exe
6004	njRAT v0.8d.exe
4076	7zFM.exe
4496	7zFM.exe
1552	7zFM.exe
5848	7zFM.exe
4240	7zFM.exe
2480	7zFM.exe
4776	7zFM.exe
3460	7zFM.exe
5356	яσσтRAT.exe
5356	яσσтRAT.exe
5356	яσσтRAT.exe
5356	яσσтRAT.exe
4040	7zFM.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Windows\CurrentVersion\Run\772d3e1cf411932582ba4607caf9d2f7 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\ Explorer.exe\" .."	Explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\772d3e1cf411932582ba4607caf9d2f7 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\ Explorer.exe\" .."	Explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Windows\CurrentVersion\Run\772d3e1cf411932582ba4607caf9d2f7 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\ Explorer.exe\" .."	Explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\772d3e1cf411932582ba4607caf9d2f7 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\ Explorer.exe\" .."	Explorer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
52	raw.githubusercontent.com
1	camo.githubusercontent.com
9	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
79	www.formyip.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2409-x64.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2409-x64.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4832	5392	WerFault.exe	175

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	njRAT v0.8d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DDoSeR.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DaRKDDoSeR.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	яσσтRAT.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Experlorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Exeplorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	njRAT v0.8d.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	DaRKDDoSeR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5000310000000000445a49611000372d5a6970003c0009000400efbe47598560445a49612e000000d69e02000000040000000000000000000000000000001350200137002d005a0069007000000014000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	njRAT v0.8d.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	njRAT v0.8d.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0\0 = 8400310000000000445a2d641100444f574e4c4f7e3100006c0009000400efbe4759495e445a2d642e00000031570200000001000000000000000000420000000000b19ae80044006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	DaRKDDoSeR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	njRAT v0.8d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	DaRKDDoSeR.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	njRAT v0.8d.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DaRKDDoSeR.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	DaRKDDoSeR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	DaRKDDoSeR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	njRAT v0.8d.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	DaRKDDoSeR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	DaRKDDoSeR.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	DaRKDDoSeR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	njRAT v0.8d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	DaRKDDoSeR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	DaRKDDoSeR.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0\0\0	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	njRAT v0.8d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	njRAT v0.8d.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	njRAT v0.8d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	njRAT v0.8d.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "4"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	njRAT v0.8d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe

NTFS ADS 14 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\DaRK DDoSeR v5.6c.7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\яσσтRAT.7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\яσσтRAT (4).7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Quasar.v1.4.1.7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 131114.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\DDoSeR 3.4.7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\яσσтRAT (3).7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\njRAT v0.8d.7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\яσσтRAT (1).7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\яσσтRAT (2).7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Sorillus.7z.006:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\888 Rat V1.2.6.7z.008:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\яσσтRAT (5).7z:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4504	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
3852	msedge.exe
3852	msedge.exe
4916	msedge.exe
4916	msedge.exe
448	identity_helper.exe
448	identity_helper.exe
3388	msedge.exe
3388	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
2184	msedge.exe
2184	msedge.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe
1592	Explorer.exe

Suspicious behavior: GetForegroundWindowSpam 13 IoCs

pid	Process
2568	OpenWith.exe
5360	OpenWith.exe
5544	7zFM.exe
6004	njRAT v0.8d.exe
5496	OpenWith.exe
868	Explorer.exe
4240	7zFM.exe
4996	DDoSeR.exe
2480	7zFM.exe
5392	DaRKDDoSeR.exe
3460	7zFM.exe
4040	7zFM.exe
5976	Quasar.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeRestorePrivilege	5544	7zFM.exe
Token: 35	5544	7zFM.exe
Token: SeSecurityPrivilege	5544	7zFM.exe
Token: SeDebugPrivilege	1592	Explorer.exe
Token: SeRestorePrivilege	4076	7zFM.exe
Token: 35	4076	7zFM.exe
Token: SeRestorePrivilege	4496	7zFM.exe
Token: 35	4496	7zFM.exe
Token: SeDebugPrivilege	868	Explorer.exe
Token: SeRestorePrivilege	1552	7zFM.exe
Token: 35	1552	7zFM.exe
Token: SeRestorePrivilege	5848	7zFM.exe
Token: 35	5848	7zFM.exe
Token: SeRestorePrivilege	4240	7zFM.exe
Token: 35	4240	7zFM.exe
Token: SeSecurityPrivilege	4240	7zFM.exe
Token: SeRestorePrivilege	2480	7zFM.exe
Token: 35	2480	7zFM.exe
Token: SeSecurityPrivilege	2480	7zFM.exe
Token: SeRestorePrivilege	4776	7zFM.exe
Token: 35	4776	7zFM.exe
Token: SeRestorePrivilege	3460	7zFM.exe
Token: 35	3460	7zFM.exe
Token: SeSecurityPrivilege	3460	7zFM.exe
Token: 33	6008	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6008	AUDIODG.EXE
Token: SeRestorePrivilege	4040	7zFM.exe
Token: 35	4040	7zFM.exe
Token: SeSecurityPrivilege	4040	7zFM.exe
Token: SeDebugPrivilege	5976	Quasar.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
5544	7zFM.exe
5544	7zFM.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
4076	7zFM.exe
4496	7zFM.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
1552	7zFM.exe

Suspicious use of SendNotifyMessage 19 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
5392	DaRKDDoSeR.exe
5392	DaRKDDoSeR.exe
5356	яσσтRAT.exe
5356	яσσтRAT.exe
5356	яσσтRAT.exe
5356	яσσтRAT.exe
5976	Quasar.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4288	TextInputHost.exe
4288	TextInputHost.exe
4288	TextInputHost.exe
2728	7z2409-x64.exe
1264	MiniSearchHost.exe
2568	OpenWith.exe
2568	OpenWith.exe
2568	OpenWith.exe
2568	OpenWith.exe
2568	OpenWith.exe
2568	OpenWith.exe
2568	OpenWith.exe
2568	OpenWith.exe
2568	OpenWith.exe
2568	OpenWith.exe
2568	OpenWith.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
2716	7z2409-x64.exe
5360	OpenWith.exe
5360	OpenWith.exe
5360	OpenWith.exe
5360	OpenWith.exe
5360	OpenWith.exe
5360	OpenWith.exe
5360	OpenWith.exe
5360	OpenWith.exe
5360	OpenWith.exe
5360	OpenWith.exe
6004	njRAT v0.8d.exe
6004	njRAT v0.8d.exe
6004	njRAT v0.8d.exe
5496	OpenWith.exe
5496	OpenWith.exe
5496	OpenWith.exe
5496	OpenWith.exe
5496	OpenWith.exe
5496	OpenWith.exe
5496	OpenWith.exe
5496	OpenWith.exe
5496	OpenWith.exe
5496	OpenWith.exe
5496	OpenWith.exe
6004	njRAT v0.8d.exe
6004	njRAT v0.8d.exe
6004	njRAT v0.8d.exe
6004	njRAT v0.8d.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
5600	OpenWith.exe
4996	DDoSeR.exe
5392	DaRKDDoSeR.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 3984	3852	msedge.exe	81
PID 3852 wrote to memory of 3984	3852	msedge.exe	81
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 3108	3852	msedge.exe	82
PID 3852 wrote to memory of 1300	3852	msedge.exe	83
PID 3852 wrote to memory of 1300	3852	msedge.exe	83
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84
PID 3852 wrote to memory of 3892	3852	msedge.exe	84

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Sorillas.jar
1⤵
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbba7f3cb8,0x7ffbba7f3cc8,0x7ffbba7f3cd8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Users\Admin\Downloads\7z2409-x64.exe
  "C:\Users\Admin\Downloads\7z2409-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7140 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  - NTFS ADS
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7304 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1824,16181644309348414021,11329187476777774930,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  PID:5124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4936

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:4288

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2568
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\njRAT v0.8d.7z"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3348
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:872
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=05C954470FC260890F208BC641416F45 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3508
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EB3C3A6259CDD8A598A4411F3F2E25A7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EB3C3A6259CDD8A598A4411F3F2E25A7 --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:1456
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=44F8158121893991DFC3FFAF806C68C3 --mojo-platform-channel-handle=2356 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1592
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=334773F2ABAC09BF9C6346F189A0FD10 --mojo-platform-channel-handle=1880 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

C:\Users\Admin\Downloads\7z2409-x64.exe
"C:\Users\Admin\Downloads\7z2409-x64.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5360
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\njRAT v0.8d.7z"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:5544

C:\Users\Admin\Downloads\njRAT v0.8d\njRAT v0.8d.exe
"C:\Users\Admin\Downloads\njRAT v0.8d\njRAT v0.8d.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6004

C:\Users\Admin\Downloads\Explorer.exe
"C:\Users\Admin\Downloads\Explorer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4040
- C:\Users\Admin\AppData\Local\Temp\ Explorer.exe
  "C:\Users\Admin\AppData\Local\Temp\ Explorer.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1592
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\ Explorer.exe" " Explorer.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4540

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5496
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Sorillus.7z.006"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4076

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Sorillus.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4496

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Explorer.jar"
1⤵
PID:3604

C:\Users\Admin\Downloads\Exeplorer.exe
"C:\Users\Admin\Downloads\Exeplorer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4540
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\ Explorer.jar"
  2⤵
  PID:5552

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Explorer.jar"
1⤵
PID:5420

C:\Users\Admin\Downloads\Experlorer.exe
"C:\Users\Admin\Downloads\Experlorer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:392
- C:\Users\Admin\AppData\Local\Temp\ Explorer.exe
  "C:\Users\Admin\AppData\Local\Temp\ Explorer.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:868
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\ Explorer.exe" " Explorer.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4496

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5600
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\888 Rat V1.2.6.7z.008"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1552

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\888 Rat V1.2.6.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:5848

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\DDoSeR 3.4.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4240

C:\Users\Admin\Downloads\DDoSeR 3.4\DDoSeR.exe
"C:\Users\Admin\Downloads\DDoSeR 3.4\DDoSeR.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4996

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\DaRK DDoSeR v5.6c.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2480

C:\Users\Admin\Downloads\DaRK DDoSeR v5.6c\DaRKDDoSeR.exe
"C:\Users\Admin\Downloads\DaRK DDoSeR v5.6c\DaRKDDoSeR.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 1616
  2⤵
  - Program crash
  PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5392 -ip 5392
1⤵
PID:5844

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Sorillus.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4776

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\яσσтRAT.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3460

C:\Users\Admin\Downloads\яσσтRAT\яσσтRAT.exe
"C:\Users\Admin\Downloads\яσσтRAT\яσσтRAT.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SendNotifyMessage
PID:5356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004B4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6008

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Quasar.v1.4.1.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4040

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5976
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:2360

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:4504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004B4
1⤵
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
121KB

MD5
a7ba50e8a23bf4a17f827c69bdb8f6ab

SHA1
17db88d7fa4bdb042897cf1b8a8d6620dc4f3b07

SHA256
94561a6dd2e91b42d566846270b9d8915c30dd9200e7aab3a4e37547c0042491

SHA512
16598f7fe5dbad5abac11bbf84fce5a26dd686c1786ddeea7b86ea239fd1fd06587755eee7d376f4ca01a0c61f8b8babf5928222009160949a332fe5e985964a

Download Submit
C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
88518dec90d627d9d455d8159cf660c5

SHA1
e13c305d35385e5fb7f6d95bb457b944a1d5a2ca

SHA256
f39996ab8eabdffe4f9a22abb1a97665816ec77b64440e0a20a80a41f0810ced

SHA512
7c9d7bd455064d09307d42935c57de687764cf77d3c9ba417c448f4f2c4b87bcd6fea66354dfe80842a2fa3f96c81cc25e8bf77307b4ace1bbe1346cbe68435f

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
967KB

MD5
4eaae49d718451ec5442d4c8ef42b88b

SHA1
bbac4f5d69a0a778db567e6978d4dabf2d763167

SHA256
dc4fdcd96efe7b41e123c4cba19059162b08449627d908570b534e7d6ec7bf58

SHA512
41595b67c8506c054c28ce2b5dec9d304651449464c6e1eb092a049d49326594584900cff4e9b8210ca3ad8a23e9c22d8df1ae8af15f44a69f784cc546fcced3

Download Submit
C:\Program Files\7-Zip\History.txt

Filesize
8KB

MD5
ccad44b829868fc155d11387f09c4f4b

SHA1
980dc6ceffd5c852f117034da08e14a34a36897b

SHA256
7d6a3d181b5166ffe08f2779903edd2749c3ef78fd3c0174bdc4380f4a7511b8

SHA512
97a0b4ad774a5ea008c67acd094e4c09261f759f82878f770d90d9fa63d2c283e231249815d6fca7fc12690edc55cdad76720125a403a3aa9237493ef0de942f

Download Submit
C:\Program Files\7-Zip\Lang\af.txt

Filesize
4KB

MD5
df216fae5b13d3c3afe87e405fd34b97

SHA1
787ccb4e18fc2f12a6528adbb7d428397fc4678a

SHA256
9cf684ea88ea5a479f510750e4089aee60bbb2452aa85285312bafcc02c10a34

SHA512
a6eee3d60b88f9676200b40ca9c44cc4e64cf555d9b8788d4fde05e05b8ca5da1d2c7a72114a18358829858d10f2beff094afd3bc12b370460800040537cff68

Download Submit
C:\Program Files\7-Zip\Lang\an.txt

Filesize
7KB

MD5
f16218139e027338a16c3199091d0600

SHA1
da48140a4c033eea217e97118f595394195a15d5

SHA256
3ab9f7aacd38c4cde814f86bc37eec2b9df8d0dddb95fc1d09a5f5bcb11f0eeb

SHA512
b2e99d70d1a7a2a1bfa2ffb61f3ca2d1b18591c4707e4c6c5efb9becdd205d646b3baa0e8cbd28ce297d7830d3dfb8f737266c66e53a83bdbe58b117f8e3ae14

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt

Filesize
12KB

MD5
5747381dc970306051432b18fb2236f2

SHA1
20c65850073308e498b63e5937af68b2e21c66f3

SHA256
85a26c7b59d6d9932f71518ccd03eceeba42043cb1707719b72bfc348c1c1d72

SHA512
3306e15b2c9bb2751b626f6f726de0bcafdc41487ba11fabfcef0a6a798572b29f2ee95384ff347b3b83b310444aaeec23e12bb3ddd7567222a0dd275b0180ff

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt

Filesize
4KB

MD5
1cf6411ff9154a34afb512901ba3ee02

SHA1
958f7ff322475f16ca44728349934bc2f7309423

SHA256
f5f2174daf36e65790c7f0e9a4496b12e14816dad2ee5b1d48a52307076be35f

SHA512
b554c1ab165a6344982533cceed316d7f73b5b94ce483b5dc6fb1f492c6b1914773027d31c35d60ab9408669520ea0785dc0d934d3b2eb4d78570ff7ccbfcf9c

Download Submit
C:\Program Files\7-Zip\Lang\az.txt

Filesize
10KB

MD5
9cd3a23ca6f66f570607f63be6aa0001

SHA1
912837c29c0e07470e257c21775b7513e9af4475

SHA256
1da941116e20e69f61a4a68481797e302c11fcf462ca7203a565588b26011615

SHA512
c90ead15096009b626b06f9eae1b004f4adba5d18ccdb5c7d92694d36903760541f8aa7352be96466f2b0775c69f850605988fa4ef86f3de4fca34f7b645457e

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt

Filesize
10KB

MD5
387ff78cf5f524fc44640f3025746145

SHA1
8480e549d00003de262b54bc342af66049c43d3b

SHA256
8a85c3fcb5f81157490971ee4f5e6b9e4f80be69a802ebed04e6724ce859713f

SHA512
7851633ee62c00fa2c68f6f59220a836307e6dde37eae5e5dca3ca254d167e305fe1eb342f93112032dadafe9e9608c97036ac489761f7bdc776a98337152344

Download Submit
C:\Program Files\7-Zip\Lang\be.txt

Filesize
11KB

MD5
b1dd654e9d8c8c1b001f7b3a15d7b5d3

SHA1
5a933ae8204163c90c00d97ba0c589f4d9f3f532

SHA256
32071222af04465a3d98bb30e253579aa4beceaeb6b21ac7c15b25f46620bf30

SHA512
0137900aeb21f53e4af4027ea15eed7696ed0156577fe6194c2b2097f5fb9d201e7e9d52a51a26ae9a426f8137692154d80676f8705f335fed9ae7e0e1d0a10e

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt

Filesize
17KB

MD5
2d0c8197d84a083ef904f8f5608afe46

SHA1
5ae918d2bb3e9337538ef204342c5a1d690c7b02

SHA256
62c6f410d011a109abecb79caa24d8aeb98b0046d329d611a4d07e66460eef3f

SHA512
3243d24bc9fdb59e1964e4be353c10b6e9d4229ef903a5ace9c0cb6e1689403173b11db022ca2244c1ef0f568be95f21915083a8c5b016f07752026d332878a4

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt

Filesize
14KB

MD5
771c8b73a374cb30df4df682d9c40edf

SHA1
46aa892c3553bddc159a2c470bd317d1f7b8af2a

SHA256
3f55b2ec5033c39c159593c6f5ece667b92f32938b38fcaf58b4b2a98176c1fc

SHA512
8dcc9cc13322c4504ee49111e1f674809892900709290e58a4e219053b1f78747780e1266e1f4128c0c526c8c37b1a5d1a452eefba2890e3a5190eebe30657ba

Download Submit
C:\Program Files\7-Zip\Lang\br.txt

Filesize
4KB

MD5
07504a4edab058c2f67c8bcb95c605dd

SHA1
3e2ae05865fb474f10b396bfefd453c074f822fa

SHA256
432bdb3eaa9953b084ee14eee8fe0abbc1b384cbdd984ccf35f0415d45aabba8

SHA512
b3f54d695c2a12e97c93af4df09ce1800b49e40302bec7071a151f13866edfdfafc56f70de07686650a46a8664608d8d3ea38c2939f2f1630ce0bf968d669ccc

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt

Filesize
9KB

MD5
a77210be2527533d1eceb8f0ea49607a

SHA1
807e36fce4dbe269601939a8579ffb43fe43f381

SHA256
da4df6490c7bc8afd804509f696f9afa6f709b7a327044e2781fa6c95770b239

SHA512
54096f332f2a9bd5690c973eae19ef4199a6acb5243133b9065f433830984f91b62a9f1d71efeed5952cff0bbcb1befdce321cbb090c620bfc13a98bcc1dc14e

Download Submit
C:\Program Files\7-Zip\Lang\co.txt

Filesize
11KB

MD5
de64842f09051e3af6792930a0456b16

SHA1
498b92a35f2a14101183ebe8a22c381610794465

SHA256
dcfb95b47a4435eb7504b804da47302d8a62bbe450dadf1a34baea51c7f60c77

SHA512
5dabeed739a753fd20807400dfc84f7bf1eb544704660a74afcf4e0205b7c71f1ddcf9f79ac2f7b63579735a38e224685b0125c49568cbde2d9d6add4c7d0ed8

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt

Filesize
9KB

MD5
1130abf0e51093dc7edd2c0c334be5d8

SHA1
260a373c4df2ec71dcd343ce4cd97b65d18efa82

SHA256
da788d30aa74b3f8b3d920e98c535e4544756e9e4e235ed0221654f3177d3d2a

SHA512
0f7242992c990085b8332c7e072928a17f4fa4e729451600f1abf58158eb1b782ac4a3c200c1db510bf70f13e6790dadf897e1d1c6effb77187ad41b02e16dbc

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt

Filesize
4KB

MD5
6bdf25354b531370754506223b146600

SHA1
c2487c59eeeaa5c0bdb19d826fb1e926d691358e

SHA256
470eaf5e67f5ead5b8c3ecc1b5b21b29d16c73591eb0047b681660346e25b3fb

SHA512
c357b07c176175cc36a85c42d91b0cada79dbfb584bdf57f22a6cb11898f88aecf4392037d5cea3e1bc02df7493bb27b9509226f810f1875105bbc33c6ae3f20

Download Submit
C:\Program Files\7-Zip\Lang\da.txt

Filesize
7KB

MD5
c397e8ac4b966e1476adbce006bb49e4

SHA1
3e473e3bc11bd828a1e60225273d47c8121f3f2c

SHA256
5ccd481367f7d8c544de6177187aff53f1143ae451ae755ce9ed9b52c5f5d478

SHA512
cbbece415d16b9984c82bd8fa4c03dbd1fec58ed04e9ef0a860b74d451d03d1c7e07b23b3e652374a3b9128a7987414074c2a281087f24a77873cc45ec5aadd2

Download Submit
C:\Program Files\7-Zip\Lang\de.txt

Filesize
9KB

MD5
1e30a705da680aaeceaec26dcf2981de

SHA1
965c8ed225fb3a914f63164e0df2d5a24255c3d0

SHA256
895f76bfa4b1165e4c5a11bdab70a774e7d05d4bbdaec0230f29dcc85d5d3563

SHA512
ff96e6578a1ee38db309e72a33f5de7960edcc260ca1f5d899a822c78595cc761fedbdcdd10050378c02d8a36718d76c18c6796498e2574501011f9d988da701

Download Submit
C:\Program Files\7-Zip\Lang\el.txt

Filesize
17KB

MD5
5894a446df1321fbdda52a11ff402295

SHA1
a08bf21d20f8ec0fc305c87c71e2c94b98a075a4

SHA256
2dd2130f94d31262b12680c080c96b38ad55c1007f9e610ec8473d4bb13d2908

SHA512
0a2c3d24e7e9add3ca583c09a63ba130d0088ed36947b9f7b02bb48be4d30ef8dc6b8d788535a941f74a7992566b969adf3bd729665e61bfe22b67075766f8de

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt

Filesize
7KB

MD5
bf2e140e9d30d6c51d372638ba7f4bd9

SHA1
a4358379a21a050252d738f6987df587c0bd373d

SHA256
c218145bb039e1fd042fb1f5425b634a4bdc1f40b13801e33ed36cfdbda063ed

SHA512
b524388f7476c9a43e841746764ff59bdb1f8a1b4299353156081a854ee4435b94b34b1a87c299ec23f8909e0652222595b3177ee0392e3b8c0ff0a818db7f9a

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt

Filesize
4KB

MD5
29caad3b73f6557f0306f4f6c6338235

SHA1
d4b3147f23c75de84287ad501e7403e0fce69921

SHA256
a6ef5a5a1e28d406fd78079d9cacf819b047a296adc7083d34f2bfb3d071e5af

SHA512
77618995d9cf90603c5d4ad60262832d8ad64c91a5e6944efd447a5cc082a381666d986bb294d7982c8721b0113f867b86490ca11bb3d46980132c9e4df1bd92

Download Submit
C:\Program Files\7-Zip\Lang\es.txt

Filesize
10KB

MD5
ed230f9f52ef20a79c4bed8a9fefdf21

SHA1
ec0153260b58438ad17faf1a506b22ad0fec1bdc

SHA256
7199b362f43e9dca2049c0eeb8b1bb443488ca87e12d7dda0f717b2adbdb7f95

SHA512
32f0e954235420a535291cf58b823baacf4a84723231a8636c093061a8c64fcd0952c414fc5bc7080fd8e93f050505d308e834fea44b8ab84802d8449f076bc9

Download Submit
C:\Program Files\7-Zip\Lang\et.txt

Filesize
6KB

MD5
d6a50c4139d0973776fc294ee775c2ac

SHA1
1881d68ae10d7eb53291b80bd527a856304078a0

SHA256
6b2718882bb47e905f1fdd7b75ece5cc233904203c1407c6f0dcdc5e08e276da

SHA512
0fd14b4fd9b613d04ef8747dcd6a47f6f7777ac35c847387c0ea4b217f198aa8ac54ea1698419d4122b808f852e9110d1780edcb61a4057c1e2774aa5382e727

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt

Filesize
8KB

MD5
c90cd9f1e3d05b80aba527eb765cbf13

SHA1
66d1e1b250e2288f1e81322edc3a272fc4d0fffc

SHA256
a1c9d46b0639878951538f531bba69aeddd61e6ad5229e3bf9c458196851c7d8

SHA512
439375d01799da3500dfa48c54eb46f7b971a299dfebff31492f39887d53ed83df284ef196eb8bc07d99d0ec92be08a1bf1a7dbf0ce9823c85449cc6f948f24c

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt

Filesize
7KB

MD5
459b9c72a423304ffbc7901f81588337

SHA1
0ba0a0d9668c53f0184c99e9580b90ff308d79be

SHA256
8075fd31b4ebb54603f69abb59d383dcef2f5b66a9f63bb9554027fd2949671c

SHA512
033ced457609563e0f98c66493f665b557ddd26fab9a603e9de97978d9f28465c5ac09e96f5f8e0ecd502d73df29305a7e2b8a0ad4ee50777a75d6ab8d996d7f

Download Submit
C:\Program Files\7-Zip\descript.ion

Filesize
366B

MD5
eb7e322bdc62614e49ded60e0fb23845

SHA1
1bb477811ecdb01457790c46217b61cb53153b75

SHA256
1da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f

SHA512
8160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
e580283a2015072bac6b880355fe117e

SHA1
0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe

SHA256
be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee

SHA512
65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
37KB

MD5
9fc4f3c0ec97d39f8a936972c9caed48

SHA1
a9546ee2354cdff39f10fb32cc9495745c14a875

SHA256
9e86376f729620fd1970d3931cba62626108e41f6962e6b84a13bd8c0bd641b5

SHA512
6e1cd676423da9bc7aa523ab56b45f0343721bcd859fb0e7b0061ff940f27a5db6119e5dde37d397e189177ab80444d38091a31d0e6c354840d083bf1bbf8445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
d8e280973cc708c5ab15f393bc63396a

SHA1
e5ed496d8bcd7b16832c2412f5610de426529ce8

SHA256
95498d8a14b76949c4c3adc70aa7e5583e2f57ad2c0a49e6b631aff2d9a3cd06

SHA512
7b62d75d904710845244f8707e7e15f3f98dac46a2dea848c69080d2bc24d137ea136f3b03c22605cc46e66e3ef40c8562f19a0a2002379c5012111f767ce773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
21KB

MD5
d141a6f6f1f714737b9121b00fc34f8c

SHA1
a151b8ae9b99e23d2a264e97f38e0fcce2e9ba4b

SHA256
e83fabb2fb694dcd82143d1f67e23b46caf85a50fef6c178d9ea38a0809f4e3c

SHA512
b2d7a92848a9aefb245783ea0d142d3fe987b551eaee0e37f68070775dfc35866c295702da092fbf266a273755036228f26cf6090414e2325fdc2d06047e5f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
16KB

MD5
686cd4e029335cb803ea8b47ea727bd5

SHA1
acb03acb24c943d81a8e4822466201cc4114692c

SHA256
785ffc242cb18f8e9ccb9ab96c37df3cdf1612a38a325a2a9bcf8164eac6488d

SHA512
a54e055ca8e021757102aa6c7f9045959fa32a7db215595cda8419ac96f75f44e1f5846037e14b6a20d0db51c4b1e974aff1718e16ff5d7650e0b667ca09721c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
31KB

MD5
03af249b12f4c9b04c73d1b70d6c13d5

SHA1
c41c69ef07af68929843e3ff026e8614570743dc

SHA256
c86f5c419d30e0ed550ba4979408895dca3c9ed1106716a65f9ce8d667319f1e

SHA512
4880ba83a11cee20096ca8dbd7382b142d88d363570311942e4b387a80f7e3aa521e7c510817fda758fe0307bc063a3dcb018f808cfcd9ef7fbc21ec35133a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
8.6MB

MD5
1a810888a1aba4f025aa323b7039707f

SHA1
2560641b3910435c3f4224b5459ffae8bc717517

SHA256
408345dedac14a7e9495daa76bc46b6cd84731e8adeb0844c3a1ed73f72c7bc2

SHA512
21f6b434d615e0eee60d471153a13bac77b312c36f466cd8547a9dac10e449a2c326ac2d28937c1371cfea2d1e0df2886f4ccbc987501acbde0c8655a3ca6644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
d3c822d903f5d4964e42d1edc3b06ac7

SHA1
e179626aaaa9204d50dea2dd399053cdbfc0af36

SHA256
6c5dd36d747a6f43223cce386b45d700e3e0408aff40db3c6b1a92326c65feeb

SHA512
e64706b69c0351180802a8f5f2058379afa15c10ccbcb92f3ebf69f8c27afa8db0b1f3b47ae5deea30980c8d09f0e2df3200239d4398e5c58e3a43f98363724b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
4cd009eeb947119d73acd1be64c826af

SHA1
86c8793bd6c2c9aa2727c00336c9a4081ec1bdef

SHA256
5a9370505432ce3fb925c8351ec8d4d09a85decd00727fe83c037761bf804e08

SHA512
56f0831bfd9ee1a5dc68d118646c554a57bdadfc3630b3ee9a1dce34df6f0064d07ddb8720e75fa57eafef859844d41d35ee7387cf97e4e879d2541233d3c342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
d45941a294d9587fc92833da5fe5f87c

SHA1
48c6ab09540f9c9f9e166fa0adda34a8feff62ba

SHA256
f39726919d66f3cad41e48f130d3aa7adaecaa470ef7a41327d837dc7e7ee316

SHA512
f58da6cab6342376c32d9e22442723b4ead602512d1dd19f7246fff467942834e1ecc054f0b8072279bb7178800176af89086311345fec3a645953fe046eeaa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4b3be2a7e68cab0_0

Filesize
1KB

MD5
6835bae638189925e9c3f0c8d19c6361

SHA1
2dde10a8be4e596822f6e09c08f0e2c7baa547d3

SHA256
e40b2689499010781568b08b2e1c040e4fd4d5951e84189544fe7ddb7731c67c

SHA512
fc5f4be047a76c2ea28632763cecb7d24c5b6ae746b57a4f97393f4c4efe6b0605ab20cd0747e0e4c0e4633bda3fb417abcd47a44b9e6bcda2c3cf0afdf10dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f5d0507accb4b28b1800e571d6dfa0d4

SHA1
8412ef35fc6b015ab3538f4994c966c60119d709

SHA256
24bec7ec27cad87ec9e967d055d3c29a88ddc98e5283ca083cbf03ecf4811cfa

SHA512
3134301c1a77f38a18d80cb3854ebc9a19d8ebe7210113f9c42afbb5c8ba4119c24b9732ab12f5b40beef3bbd6ab0701477e836fae5f216fb65c5546dfae9c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4a56fe9010e6d61332f3b17c59c0a762

SHA1
60a745fef6d15a1958a24c923e68fbb372c0c32f

SHA256
0128f108d3c1b59b1c0b474c7ce879d66de50f05338205f3bc13395b5fab8bee

SHA512
d7a8d0a04d98bcfab8d84149a4164e4a8325f6ce78fad566e945f75f2a72ca6f98c75cb041699266c9b22d3019a95de7fb0d7ffee0d700a74e37e200a1bd6c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6062aea98666bcfac9f3d03fa358d6c5

SHA1
133769cdc81309bfcdc206198e89e0394d25ce34

SHA256
35ebdd7e405a76bec208b1a9c0cec541ee49d38129e73e74d19ee6ce46cc1115

SHA512
4404df94f71575bd92a2a550b2a2c83d593796a78efe91a3e0afcf58f4647a5eae105c11224f4f47d1a03a7332d88a35383c74ba940954f268fe94a6e2d31c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
011b8ce07efc472a1508c255bb8a7082

SHA1
455e3143a318c4447fa02d6e361728953542cf7a

SHA256
e9f55d74b5c38a7ccfdc9f24fe01331be52904a85de31b3972fdf161f992f947

SHA512
ed01eb8722e47a41c3f34eb6998372541211a6ee57154c166447cac62f23975a162fe92d90eedf26bb6b04593cfb4e3f27112423ddc92df637ef972ed77ec305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
29defbd6bd4b2281b9ec2dd3fbc5b252

SHA1
44d3a038d39aae833b38287f34ec179e680a0cd1

SHA256
2a6f0d266cccaf49c59bc1197debf707865b8cfa3cc45a464bdb8b5becab3dab

SHA512
9d748a662810162b385ab07b6d5e2993a7d744a7be4039dd4806aa4c92536ab22b1cecb4bd354bf1bc3aa86f1fb7646274a43e7cb49a5fdacdb76a531ae1701e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e2de9035a75c6be0bb9a736b9e325731

SHA1
4c11b6cc21e9b19320bef436216606d16c86103d

SHA256
6ac9983273e99e965b358b22fcec07636d5368463e55dd74fff0489372482970

SHA512
d499e10eac09fdb89bcfa0e9879b764fc46e4798abe7a63f1f027ee1fb7457c9f753e5b6d09fe2707d56cd64d50194f75421b8ed23e322b7a24c73e219d501a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
937B

MD5
dac2acf7d7799eaa6601534862a16c5e

SHA1
d0e3d28e18d706e495c140658a3568579f04d705

SHA256
58f6a9d6ae6e0db1755f1547609d70ce1bf900150be8aadd841ac92122ebbde4

SHA512
87d4c776d5f7f27535abfc070d84ef01e894143b15fbacf2e943eb42a886dc4cd550db37f43e51063824a85e40f95a1b9aae4f6b1b8aaa74424a638550b5bbb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a687aad73c5b23ebda879808ec3b0bd2

SHA1
37d12bf95ae23be417d292c79dba9de68a1a711f

SHA256
f16e1270eb832f5a5196f8e001748430aca8fe77e7117866cb2b2ce31370a6bf

SHA512
e5035665311028de58fa618445dab4e1496e670ac364c09b600d2c4e13b92958f6dfcc1dd079edb27385b46a497ac4c5c598dca5caa6542e72934c49d7ad1fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f2e357c43a866ccfd7926b0d71744de6

SHA1
7357719ad45eec4ea12074f3e05fce8690427481

SHA256
7cb70ad94d95fca6b9dd7fe7debc5d1583ee6815fd508525e60a2eda1729eac6

SHA512
a5c0f3b9b8ed88115cc22c7604f9f74e98a9ddcf67ee97e457c38782b01a2c12adde33880f89d1a83fddd5f93a72a9d3ddbd095d7c5c06971e9d25ed24514ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
854B

MD5
d13d3188877b43fbb9e8bd214982b4cd

SHA1
d599761f830043c6b7c74f4699e58d74414f1f6d

SHA256
2b118fc2e71819c37ffe7bcbd0a160f3a9be14270cd4df97c67468f62663cf28

SHA512
334bb87fe0a1c1d3cacb7bfe146279bd0ae3b5b7c91fec099c71919757653cee7e1c967c406341ff54d36bc904228b73a7fbc5f6d1881ed46c0f0c9e9b972bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
af9826c424e610d6567e64b992fb4197

SHA1
286702deef0ba4b25319f10bcdf44a2d8f56f104

SHA256
12bbf7433c6fd61a1d2f2649ba8cd0472ef70581ee91f206180115cdec3fc1a3

SHA512
e9420144e803c8f63d0e66f33fe8839980bd05a739d4ab38a585dbd1740ac21ca46a5110e384544f64b1995281166ba9180510e894834f482a6093098c483da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
54617e6ce5e4e47a9cdf400576c957de

SHA1
65c655bf146490889dd268a6917ad3237a3e76fc

SHA256
bf3e0d364399108a214226f51505a3bd8bac36f2f3c0fb39a2f137a50dbfa399

SHA512
900dbe977ab27269f7c150dc68e799a847a79acc0abca7e6f9258421e0ae538dc169510fc80dfad016c6aaed11394b8acd388d6f96244d863dffa6d13f44455c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c7fa693aed0fb5703778ba8437a4290e

SHA1
7a1b2cd55a4c9ffcac21340060821fd0bf5f2269

SHA256
033f3e6920b1d7ca073e69b3eeb544e0cd6d5175b8c6b3e694c6d4c22850f634

SHA512
badfcb2c5647330aeabbf1501415200e24cc66d39495422101579d4ef1a4abd7a26122e63dbf2ab435fdbd96584298500a51968fae127295d3083e3922d00f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2c237576115bf318e097135b925ef37f

SHA1
47a41dec50c505db0ca8807faf5023de8ef5ba01

SHA256
9bbc62ca4c75251f7c0fb263607a44e7766d12448afa6a4d6736c175f7d32d1f

SHA512
ae08e1b76cb28a7f864444c1ba1f51027dd6d78719398ba20ab45d6b9b6be384564cd36611c32e660a73c92f08c8196ac03f979f3b2e03b3be8708aab67b9318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4a4a2ea7ff1d51f59cb28866d989b46

SHA1
89ff061cd5f73d608567610b52f30005c78d2c5c

SHA256
a64d777efe7bd807a5884dd47c1df8267cd472d19026b5d9676db4a9fa44aa56

SHA512
55e3c5a762af17422f6f6ba415a704468dbf4ee96ec3532eedd31bff491de577dd8fedd11f6c591cb3200c3da8aa40b2c708282899200fc8e509f2442fac664d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0da169790bb0fd6dfa77b41da03ba79

SHA1
6c10da111894609829be9e9f5d16b9db124a94de

SHA256
8fd6343486eb275d5fc969416f452060f67c319a44b13a042eba881398e0c129

SHA512
12cbdf751d94a4f1c4a33cff93126dca7baa2577700725fbc79beceee957bd3870fc0e51e39d3371d0abc82996b33ea28bdae4653955127afbbc7e55ebdff5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
16bde61c16b2c9abf13f6df4b89bcd33

SHA1
705acf32dc4b7bd9283beca85513963f4fa5df46

SHA256
35ac75dfd013b252d47b3d4b466cad2a3b5578cf5b2b55ebcc4a3aa63b237013

SHA512
d16f78b7a5b26eec6248019162fe363f6460963d8a83ec963f97d36c4ce97fc203c35f434a424cb9fafa56df06fbc5d92de9f2bf6070b81d45aa33b39a560e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58b7d85fd9d712659bbbc0f706db7928

SHA1
5c5ba6a7ee1252dc16762734d235bdaa2994bb6a

SHA256
e24618fcd340b49b28f8f91777e5a179e3d792cd07d702e8799031d672cc45b7

SHA512
34707d7043e140d6500353ecf8b793daa6119953a1afe6b84d17622b273a8d21d53230fce73826b6a1f15a89fa1c4a7d3ffdae6573e52737e0fa7ded84bef41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7786e34e585ae428e28208e8f0196730

SHA1
350682aab3c3a294baa0f0471b20cfc6164ebfee

SHA256
f0f94888edf9e9f2be2ad9c02486a2bc6f4089088e8b0effd2dea615eea829d2

SHA512
5425a2589075d375492c85c62d5e2dc8625510f4ccf29f4f2c03974611e82fbe9f9c59224a7f89490033fa37d304c446898a8ae3358223e8becb8f3333c20b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
513cbbaa5b1a88a0157ba9735e6090a2

SHA1
850340309b168ee5cb258e1b50b8d73f52af6370

SHA256
2e617d682392745508454245936780d41055db2b0bacf82d23cc81f0fae2677b

SHA512
fe93dba3d715e5f5fd9a4b08ec4192a08e44c12abe5c3e3171e5254f54945e6c9e10744a0e6550f71622f051fd32b2ff8f5c157b06302ca36a50da426f169a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
083e9d0d33bd9b83e1d40b93985b6761

SHA1
18bd881919b9f32e63e929c00932d38cc0bdfe05

SHA256
961c2ef6817d6cb6e96a6790200252ac460f50c76629349543f96a4776ae65f4

SHA512
4edbd8f1d185e5fa86d4e0e536529685ea245eb70ad96a234fb5d79c160c7929316f6a33d64e72514d982786c06c4bf04569aaa212b7f7c02326ec8c93ef336a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6578ff960b5a873353115230e0e5bb67

SHA1
4b223f601a4b8d5d40f4b791791efd78b648c269

SHA256
1902ceb8702aa93242532d4cf157b5f9a9d278c72395daf8ba9cf8fa0622f153

SHA512
499597da0de0f5d45e007636bdc95e2b5336b9fea1c952a96b2e7f1482a33b9f0f77a7257cec53ba78de1aa56a3b5858dfcd77ab91606b2311044c37f6432494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8e11d226295e2026ef7a6cdf384e2453

SHA1
a8cce838d4baa9bd61c98f7df94e0dfb48893356

SHA256
24bfae1acd49e300b7237fab9f5f08ab1df3969f2cc8ea2d306b401e7940663e

SHA512
dc2dc95c5b7617de733b5c6d0983f5f5fa2c68c44bcae8d3468a96a66943a38ddb61ed52679e463ceb53268f815368b96a70dfe7cad4c5aebbd060f6eff3b93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
81c188f7e8e24f30a7541ec58fa272e3

SHA1
a267568beeec1c8d7e384c21505f154763733aee

SHA256
319453ab68f3d1acd93c1e7ea343b2590bca15a14537c0392df9df9d404edf17

SHA512
12c8a032fe8100053e355dac5f5e339621b018a3ad74d6a741139b7f9f4eafcbedcddb353671a9e16252c243727ecb86abddd98b0b7e2d29660098bdb6d45deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc289e673baf7eaeffe190a0997f7a46

SHA1
f5e18f8ed0c55362b7a84756e9c1a3885e4eaff9

SHA256
89f14ecf52d13d737dff4735d4dfd69231f13a68f266f5845f0513bb74b987df

SHA512
efa2eda38f8e624c06ed8dd99010663926cb5c37e8b0179ff756f741679ccb5abf8e3e992947312e0f3e31d5a477651e17c9973ad17a3c0744043091a443fd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
81a057c0f5d7052615f7b30f8117f0bd

SHA1
988a707a3abbb0b1ecfd221f1779bb408972afa8

SHA256
bb81f1585d45f15ab2a4bb927e720469ae79706481fc17f494d5fafbf8384083

SHA512
e3ed590254a60686533dfc8bc89be8c26762806916afc19f468ff4433c97fe41ab2e5a51048a1d149c30a4acb96198ca063a550c11519d68ffcda7d01dadd1cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d846f59ca04c6023e7be7ae074ea2af

SHA1
fe39948366361f58d72abced2d028cdb24aa227a

SHA256
a67f56edac7964eb1c9cfea2967f06e62d225d3de6943c4d4709da76f4385f2a

SHA512
4204da4687641c148a4920e9e97994f2b0d89648aaa7ca8c270d87e6c054681dc097e2e1be3000715440f03247160056b2b601c0e3e5fd5f40e9e660edc2dde1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac8eb81cac4e39f106a693b48dbd4288

SHA1
8b97d4e5ae4adc9809d374b233973d9449ce99a1

SHA256
edcd09d9500f0b9be877442655302cd7fab8120d502aacab07ff54a5af5cf297

SHA512
e7bda05177b209659e40ec66f040ed2b5beb59f08dd57f0694de597c852288dbf2516e68ae8b4523030e6f3af8cf218248a47f5820bae4664326292a3fa005bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
579ea972b79314ee04524cb9a3e51f89

SHA1
5bf36d84097e5dde52472a824ca40bc32f87cb6d

SHA256
cae10424c3254300850e498c5b78a872baf8889d1df2ca85c3e4b961f71e767f

SHA512
ffc8c9a1888806684971bcfc1a44d545ef6f79f69823e3faa7bfe57f483bde36c104b7a6d6b9e055afecf5a96c9afc5ab4b5a1385bf297068bd667b611435312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
809c9e661516d51834eff26850cbb044

SHA1
80b1594f68db27277b1bb5017e482616b9bc96bf

SHA256
fbbe47f62bd52bb36a5d3f7979a61ade986651866a6402044c4545d8070351a7

SHA512
c2846cd1682fbddfecc6b47b1f070db8580a5b345d41ae0e7f5576628d5d0298a5ded28e6655e8be9262f208ae21036884dfa25b7a8e40b06f7ef0b50d9c9bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a50cbd0f9fa268a8bd6f67341ef3238a

SHA1
6d78c3a7b7aa1c8c9ae6d0e07a2740a51341905b

SHA256
12b89cec4131ff2f9207b7efcba11e567b0d4143e9faf4785b0503c276c1a8bd

SHA512
645e8b8707aaf9be977485fdec88de477111f046e555d4ae844b32531831dd29003294f53499b3a67a49f43a52aae00935fd7b3035c29b45b83cd434748d410c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ef651fc43470f7a2e6accf6cfe3e91f

SHA1
69f196a68914a41f7f2f5c9113e72aa2a95e639c

SHA256
3c448f6aa412289bcb4a18757e149d5fc6858b230b465996e8ae31b21f4ea021

SHA512
20814471d8c3d02598077b4c8a651727054fad8b608eef11c544d91fda94a52a0c149ef45b729d6e4e5ed53cded218435eebf9d26c0da0b89cb729256d84f767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
30dac99bc3e7fb311dbe833a8cfa3925

SHA1
14e63e447c522c3ee46b19bf88a4256fb65b7fb8

SHA256
8c6b345108a58cfb1570e8361cc3664cd26164b2741f10672be8248471ffd6c8

SHA512
cde165eab0c8006bd5d70e1319ee066f71f0297c18e4e5e631a64c9426c3d337f267fa1e9fdf668a7e4f96d9e0b350a07e5aefe4845fb5e6133e45c930a2cc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
50d583d2ffcfc1b7d8781879c2f5bc1a

SHA1
47ee4e663926cdd4b72c7482261c275763599c13

SHA256
b287f38b66ed1140a85cdd7ab56f4df2e2338eba60715e487c948ab6b110535c

SHA512
03cf245ec4f07b3eca395cf2ea77db3b476fdc9494d993617954f3d594463f27bc9c9697a7ea35006055cd99fabe80e1331c7bfcd23b36f89028fa37a4c4d53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bdab60d97ae62c9ff08465491ed5fa29

SHA1
e88b7cce6100b7c3fccf999aa4195d14206035c1

SHA256
a10cbc39b031f8d7f7d10a939ea47564a5ca0fdd035bb00339dcf446163c2740

SHA512
6143d6290bdd9fbda03da31c5e583b91314cdf93853eab40bf9a6a6390f5c52ff435aa51aaa729309ce46983e52168bd93653b5ff2f95b78f9dbe7f9cbcf212e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
deb404ed1ecfb90e60d95f3b99074d81

SHA1
abcc075c709b9ab6231e1996c354e6b2eeb0950c

SHA256
4cc038d8fee5a2a5dbce4379eed4e1e7485d70c530656371a9d3b4569ac3ab95

SHA512
9fa11a6605913c813d20b87b8adddc072fb7d2d960df4addc4558934f51e8a0207e21339500c382e91422b966d379fffd25acdebcd488a471bc0f820364e4106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7e0ee092f497edf983e8b14d16878d23

SHA1
c2341d125c5e4d67a10876ee52fe2e749bb52837

SHA256
c8f476a63704e58126fed6207b18c7e18192a8e3839978f4a5ff9fdd1464ac6e

SHA512
6a3c544e8815bbf9f5a4bd9ea71a1c2287b47d37c549021d8f3bd30fe843fdf42309537887041019e5be9a36892895a1f20bbb58bc974ffb259f0de641856589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1d45438ca8769cde7ab772b1c11a84a9

SHA1
df52e5cc9323079a3c3853d83b44ebdde104840a

SHA256
40167aad2fe42f09ed4b5dd02cb740f4479f91380ed2b75f2628bf7191b5287a

SHA512
817683146b1f8f639751a236b229fd5daf8823db273cae87d815eef3350905a7109596a613c9479f9634402e25e4863edd038e5285aea5e69b0e7d29bc61601a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a53a26d480ebc7015aa4a661049a6f79

SHA1
00e086614360db2eb39eb648cb9fc6f5a0e5d492

SHA256
6289e51dc5dede7ef182e31e66a2ee21e9373d7c853175b9a97967de0c3f0cb8

SHA512
6addc858b0e95eecbebf285136d70ca94a22f2f03b8f4b66485fa9ff3fa96181d80eb7c3f2fdf969fb482f3cd8976f5196c9ca7639aab6e1a70f6085c81be90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38867cc71417b3445116f32778454e34

SHA1
57f523ff5941f30615b15aad2c7f622031ade74d

SHA256
793c6f46e7b51a428f71cd5342fc02f53308c2bca4081b833a4c562e9b3d6e3f

SHA512
b5cb138d1028c8ad4855d246eaf2236f7586e2e3dd584bd18c2bfaa28fafdd3fbb97d7edebf34aafe49868b51c683affdda8b755e2c049967940321ba2bf61e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d38f1fa7d48a7aa0b7d74922f902810b

SHA1
ecc5869faf3547485d49374bd78fbbf1b1714b01

SHA256
937bc2385685e0ae314036adc7740e3bdd6ab9f351d739b98c2df39a5cb7f67d

SHA512
66a5ce66b6eb5a74a812f097ff6bc7da7e25da62ebe818e92a5d49542dec1bd2b86f7b196309c5e4bb6563597a694cb42476443aca2db8f852d54bdedb6f760a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6af25b36f3f618e31a2098a3783c2e07

SHA1
8a9f4be45116ba853469b3e2744dded29d837881

SHA256
bb6a3e9ebc80ddb34f012a21a35394a4b90297aa296aa77aa03bdab06ad8e2ce

SHA512
a391d0a653462e50c141db1842eedd58a9b205effbccfa4ab5bad78a7e7027e928fadb315a4d3a1a524ab76a081f2f7728c865ede923397782c34cc23a25f327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bdb0b1e234069871b210889556ad0b4d

SHA1
139c35f4cb87a8b9007bfcbaa6004a6340c9f994

SHA256
39c9d7f173427cd479841647059a0749b06ab9c8ecafe7d250e12abfc602ce54

SHA512
c17c71bfc764f7987cf6de4bc6022f77ea363ef5a4f44446ca080b798448334ec5c81fda0ec2f72a971c1d80689af056003fc6cbc774b4578600db1e7c7dd126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd32efd23e4f8c03f3603b6b66cec89c

SHA1
2810c8e3108006845da1e151f0683e6e94394691

SHA256
0612d1b909112e677be485c29bc9019ccc48d2b70025878009bc7e7f3b4fde15

SHA512
c2f8d47586acc118c3767dc2ddd71334f5e3b72bf4ca1d99b46a510f174bec8a99cdb3bcaf445fe0abe387e2990547480c0ebaf34d2150fe6322023dbd9f22aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6c3fe5e575d98e2c46c1a16136d3b8e

SHA1
7a14a78a2725e1c48c891aa60d1673210a66f5ab

SHA256
6e9f4c4e7c19db47d61dfd0c34a4d2f9a8cb6bca1a8648179aa413023d311f35

SHA512
73cf4f1f75564a32ad3c71b3ef30519dcb70cb5dda7d874538c8812044191edfa0462d1dc142e02022b91b366d2a9520c50da5b59f7ee2de8762fa9e1c690f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3387e63c9f099f56c9546287b7ee5b0e

SHA1
958b52ab651e53c4285eba027b67bf1b289be0a6

SHA256
cdb9e3fcc98d9c37c72337f65e4ddba30d4ce9ffd056af21ae21a1862146abf6

SHA512
e5478f17e0f2af8226069f1c78c878be7f1a975427679d79c954f567c29b840b397eda260a3b23f530ccd5d2bff0477ee73e81dc4e43b7b79e50f3734553835b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad8768a8907ac62f6e4d6a142d2852c6

SHA1
346990a1f59855c91f9f8deecf02734e5be4d98c

SHA256
d8d45cb675c0c4f290390d10e8105cd9026d80e87fead83792ba3244c1417aa3

SHA512
26240580551be91733a0fe3e87df538167c1e71830785d2034d67c5caa3fa2b0e2f2398e0ccd03a7185fd4ed6ddd28454850a3d377e7aea25c82cba2abcecf37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca34ec177c7a08d65377fdd7830cddb1

SHA1
e02a9b8d54b6704a66e177213a9f769518a53699

SHA256
64abac2ab14e8ebe1840cac6f42ab10a8b98ab0437df26a3f3a124c97e8ed7ee

SHA512
618c88f764fc2bd2524154fb71338c4e467ff056410646b1f711a77c224299d410c206cead86049953534fa2523c7f28251f96678d27f45db44e1e9aa6d97bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf2ad865a72b463f32c09321d9bdc500

SHA1
b8ab6025917d42f618c24206b0421ce5b20d8bdf

SHA256
b9c4a63c72fd783ad44626c313ed2a6d04e84cee1804c72b150c200d849d2d0d

SHA512
b88abfcb254c5411dd5ba561a1ae77783796d4a2f5dfff9abb4a5949fbe75dd4861bed6e87bebc8d995a6be4a24398a5c9c73b7abb9192202216759608400cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfec0b645aa538fbb94d526d941cbae2

SHA1
3c0712f72e8f7dca3e4e505ae2df1e4fe65b463b

SHA256
bd7127125243eadcb9d1d71724dadb040111721cb1309621b8a37b9e8cd57756

SHA512
bd0ce913d3ce9d18d52c735f3cb66993952fb2fdc6eb08fab07b6b01fde18514f8b1ecd95a94ba726a2603c3388caf2f780600c04cdad9fbd52bc9af04aca97d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02ea0084a2f3651abc648a25b76a0d99

SHA1
04ce11ef572a2f92a6628d193002504486cded71

SHA256
716e93bcc83c042c076e792957eb1eeb008b76cf08b4270645524846b118ddf0

SHA512
d410c95268645ea707f98be3af944d0e281fb248175f1ee52122ff54b14ce076a3d2aeeb0b55ea9fc75e2b6fa5070cb956d7958fdb1f05c2619998a470cd718a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9635f39e33390e15ee8c44154f8440d0

SHA1
ccbc6af8fd1467b5266802e5f5c3390e95dc0e26

SHA256
0c916df84a4ce04f5fe05c6da9417994bbe57a23be56f2354f6636d623cbf243

SHA512
530d3028a55b574cd04fed796d42440276a93267be5d92c135d54ca2e643b47432dfbd446cb11390bef360a3b38de99c6ad48b9a6373d47851eaa8555957346e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d2a193e7ce0450beebeb31ecb2a97d7d

SHA1
881549fce49d5f2d2ecbf66a9719d7201945d97a

SHA256
de0f9d1a5ff5a92aa1693b7b5a211e843e6147dbbf358364566c319f07d0a373

SHA512
4d572bd7d82c65d7aea2e18f68285ab7e85224d8b29f64f40e420c38db71c4355211798f3b2d7c21165fc1fe9f0084e646d7eb6754af8d4cffba891ba8eed6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
66e8a058a9084ac263ac23b0f1d1e531

SHA1
d5782d03e097d02aad6dd677e1341d7fbdcd07f2

SHA256
0b3af11d9be506048a289ccda07235f93ac52f214598346c45cce16630b979af

SHA512
1a22f9f3a8268805bbbe2b625ede3a66063b4510ba4aad7d7d2487f658fcccda65a0410ffa4b17075c52edafecff39ecb0303c70250dfa6c5b9b289a41856d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4e54f8a6007c8df40899bd9aa0e36f3

SHA1
62e358deb6db79291acc029a618be576885d5435

SHA256
045b082c3b7e4f4c2b993a1c5593e2929fd0427ba5494e8430e220150398a3a9

SHA512
67c162cfbbc408d2ff53e67f758602deede35cd65d9a6d4befdf8c0423d1ccb6c5b345f0b15a3924b8024f551a081a061160bf41f2bc7c741355f1fd4f6a2b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d1c14ef5774396d00d12141f1dfd8bad

SHA1
dde603539f5fcbdd5f5a40721f5a7a4be894d8d3

SHA256
b0f25b5c5cdf933e6b2c94073fd84c9457ee9aafb75e4758b2becff353226655

SHA512
f8914c7a9d7753b2dbb03bf26abbd0f72b99a44205493c2fba4cb4c49817b6c01e23a3f596edd901caa1e4bbac6cf928a2bc75e9264d095f3c991a84a5de3fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b3029f73be4388c5bcef0f7bfef330e

SHA1
2617465e38ecea511af00293898e0fa111e2e8f6

SHA256
25f01d1cbecc070ba6438345becff4840e7a77c58e918c492b52c0330e81dfd2

SHA512
dbbffd0fff383d2bef6818e44720421dbcf5df8f5c961598ffb1584d961f4470dd04c95840c6aac69be9fcf327518d5ab5d7c153efc815f63b2dbdd10e687f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f055eaddef048372e75db5be71c51ebe

SHA1
773b75386e23f677874ca73f40cf42be486c6e97

SHA256
064596a1451439fdc8f99016c55ce138feb41534df6ebdf1edae9d5a4cd2d889

SHA512
0a8ca73e3feffd276d1dcd3fc0208dbb90d8e85eb374162991c6fd3886ca259a5df64b48f8fa140230c4bf90ea6528365c46af5650019408a7b379d2b70666f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4934bdd4370658c9bca400991393b2ee

SHA1
03dde6b48f050293155dca45bd9c9c15b6be772f

SHA256
4e8de8f38ae48bf7e1e45e16f60eb5fbc000a8690df0440e61ba69603f042eba

SHA512
9ee9ab96b51883ac2050ba5b3477bb74fa945284f4650da3269aa782dbe9b0dbbed8c2bd7e27106a42dfe6408877b548e42810ff37dee97d06872f201e72c70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3467fff4e9c1a4a97c7dbbcdc7f8fc30

SHA1
93ca66ff9dcc3637d535fcb13c36a68dba620ff5

SHA256
617bfed497bdb657016dbdafac4a0fc0f8532fb0d2b3807c6744c64d3c6e02d7

SHA512
ae6e8b3215a42fffa43eaa262056ac71d49b0c30d37d0268bf426e862dd9a242f62b6abe996b7c5d50265df8eec2dd67eef2d919f0050fc35e2ee49a096b2235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2041cf2777f685f7585ccf4e00e81a65

SHA1
db47326dfb0d44ced1546177e69beba38c9c1520

SHA256
f25df8fad922ec70ae39f9d2c36277bb824004c1109c63dd62728763f847b821

SHA512
58c2f7b9f681e552a0c5e1f0df354e9705ae00fa06879d3ed0e7799f42506ccb2b1c7348eddda1dbf6e49c8ee0d28dd6ff988cd277b38b12fd4939e9c2ae4b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c59c011db2b7c319a7ec5a2efeac55fb

SHA1
c8646b272ea424eb9515071090b63f6ad7e1fcbc

SHA256
e27b5f75d38226b52a7eda333e54b5fd0507cb802d086cba390cebffeff48882

SHA512
5072778724b6f603e07fd0822902223be1e161cb1bb49a992eca66703b3e71754efa8145f3ce5a6bb4ec9ba86aff37aebf015444171455e197164ec0ae0dd9a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0db98bfc5816b4ca971ecf814e782a92

SHA1
0c395c67d2cf899114b602a516017d1550bf26cc

SHA256
0518e4cf8f61ef5e76cea5ce3ef3f608589c5d9993d7c24c38d0f3a06a08ccf2

SHA512
8361e659b11d17ea9ad288679397cd36a01f08ff96105c454b677b5bf9516d9e2bbdc60d0328caed2073e72cff8fcc9b77072948b427c95617650f06a1dbf628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0e4748f8ecfaa355e01485c043d13b9

SHA1
f63f8b09c586f05f50bcd1e82cd46051ac44ed3d

SHA256
a89914e52bb8a456caa7bb6dd029e35a49f80bbb64cfc710f1fd01fb4d0d3d1c

SHA512
e183c7a20e23b21f3d3e52eb79c678b9aa2cd0f2d2f51ef3f9cdc954bfeb4b4ac8abe492ff4290716be7822b5722d1518ad407707d0fda9112e99729819fe33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e148805378ced7a37c1b9a6e1de0fb52

SHA1
0121438726e78ddd140fed21eb0c84f1c70f9f9f

SHA256
69b24540152bb0e718530e02b280ea3c753138ce601994f73119fcfb551a588e

SHA512
b2a8543f3da5924ada56bdb17e53edca740e7ef840d703498d92728b3038d5977a39b0b7a974d9e677491b10e7374ec4a3f0a63e6298b530d85677a4083a9240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
aa7bb5add72729692810eaa7da3d218f

SHA1
5dce20b886f34ea0fd80941e48646028d7d11152

SHA256
1df618089b1dbfafe524679ccfb110d87beac8c3e0e7b9d52f2a7d53150e1e81

SHA512
54f4f1c53ed15d37b156fc58577a0321fd56cf518cfe5a6efbcf7e03c72cc2ad602d8d6540669b5509c87502d8ea92b6abcc0a42aab8c47c5c44729ffe00c96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c24f6ff1a9cb64429d6be0d84b1dc28f

SHA1
0b260f639098165e29d2db15bd402da42b47a00d

SHA256
6b8606d84be5cfcadc22865cd87ca54c067b86ca750aa1d709f147d168aa9fac

SHA512
cf86d57331c2fca2c492399ad6166b6f0698d6a1e99a6bd6ca59f270283dc12ddc73bfbfa3c3aeca1753f869d29ffd13f756939a04ea0720dd26c4bd6832ede3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de35d55e326e98d60d6024707d0b888d

SHA1
54a03919bace315773eaf7ea8320d9b16fd3c1e0

SHA256
70fba8ae24cb51cae3864e5a6c48bbb8e580f9f8edbf8b893c86e9dfac2a7202

SHA512
ff4caf325af83c3288f3274589d4adc1d723cf8194817b23d35af576cbedf4d1e9a6a9fa0f3b014953ee86c212459b9ecf585bb30ff51fc3b18f4a9bd145d03c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
379179d75b7033ea40bc3f000e6f2158

SHA1
50bb588c97ab596a66775dbb192d2c4a45944776

SHA256
3c2a0f95756272b6dd1ee685b9bd089e7cfa9ae34acc49d9685ee75abb1f117c

SHA512
0cc4f99b2ed02c87b2cc55d4fcf1414cb72bb133651c4d1b323b635826a8ada3848948695509f7337261f83ec31cf4cbe49bc05ab20aec907bef1766e9c6a95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4d3c45d0b977761f7eb74fda85827f50

SHA1
d931369fb72881c1cb7c1fa99c5a533aa03e81ff

SHA256
dbae6f406d3758fde1ec6332b0393e03a25af10aa23ea5dbc46762b4757167a1

SHA512
6f606942daa8356eba618635dcc0e5bfcf991e51943f0850d2601c6cd62485a1940b432670130442d2fa01c59e228c6cef234fc87685d5d71b92f976c043fab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2c3da70b4bfaab04327354a02c1d089

SHA1
9efa9d4c90e3adc21457a2117bec7261a14c11ff

SHA256
5b4c2ef748601e66b541f5102cddc4de78474ffb3ab2d9981b9b124ddc365668

SHA512
6d28caa43d89905416399440f2a81e4aa177e28baa99f3f405042aad7843c3e73f81902dde0c21199ac425d15d456a643942cdb1f2f25f67064f1d691a17cf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b11f8f4bb66e0d0a5ec33803d94e72f1

SHA1
672a0525dd95315b01b0198e42210ebd397dc67e

SHA256
92dc10a601d51a48f80dcf5bf8a2cb3a891363b81fcc6cb4b252afda82d767b1

SHA512
df8d6925fb1f5c375e164234aa083a231551d33201c27312280da32719f5546f9f4fd85fbfafc6c3b691e30f4e5150a1acbde150953a32450288c9c12393edea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c8e3a86b1eb39c4b52ba5ccd51efede

SHA1
50d457d0e694ef7e729b8721d32cbeffcc93fc3d

SHA256
adbc299e5dc735f0f6e079f521f78706a3eb1f5c91031fdb0e4decc7b59a9011

SHA512
74b10aa1bfff97b4813a5486099607ef7233fbf5de1d6f366cec481e32b02c4db71329efc9cb0d05730bfc2a492cc594906f694c92b9f501232b8a229318a963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f1398bba3b1ff707b84533477d2e7c1

SHA1
d0705548cf44d7c038d0543e0306a683b8607725

SHA256
cbb47f3da6431e9711f53bf8da4fd5c34f3dc59da4531ee1e00c1f9896bad48c

SHA512
b045e7616c5d456826d7873947d415ecf07ea9001e724e07db2b0ecde616cf8a88e852b10b9508065e48beee27c4c9d774991e0edee437e5f0604cd2e1a68bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b1e6.TMP

Filesize
705B

MD5
6efe248b35b121ec68b8407b21dd9499

SHA1
60732d164b121df9ad4d5ba803ceacc6a4fbb178

SHA256
3b1c84d3426f943ee0c1094bd9f1e2215910222a93798351bd53c5d6bed1b82e

SHA512
e502674a1b6df4ed3ccafe0a820304cbb1a489acca34785158c78c469db13195fb9be013b2705d00186cf81087dbf2b900ddafa58e850caf187ffe55fcd6e3b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\e8f3195b-f71c-4b02-a3a4-19a415f67b33\7

Filesize
3.6MB

MD5
f999eeb750bfcc4f00d71d0094cc7b9d

SHA1
6eac6c5bfb1e7ba366517bbafe96158fc3284a93

SHA256
f27b5eeaf09351552479da088fc963799abcf29dfe3b94121cfa0e29eaa533e8

SHA512
d1176c320da2a33a9422bfe3cc557b806acc3dba56e8193e2e9b934d9259546c4f307aacc8c29ea69fd13470bcd1869b0b6f7fb9862007dd7db686558d6e1eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFe57cfd3.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fe6864f486ffe5aa4834d90cfa52c447

SHA1
f9af6179fec53a084bf502752b18477984b70dbf

SHA256
9c80d453da67bf47e51d0c6a24662c77e9e9adf8659956cc1fbd3b53e37d23a6

SHA512
270b11efcf39065bf8429252e1bf6e27ea9082ea41bb15cb85a9abc45aace93cbc06990b25e52d23b1f7ad4c5c482a219449bf6da63ab45bc79404772aa4ccc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d7bcee3cc32ee03254abbc523ad18097

SHA1
bbae963a2059aed6bacc6f0081862871888bf00a

SHA256
5ea37d821036828dc9c66480dcb3972e1c5cf80620065956d1e5d9b0b968d0ea

SHA512
d6b3cd6c8b217c72f57351ea841328e43d5facaf90f3d3f696e4e97a61f5339c1691862f0a9b3095b765af0211bea3f1fdb971c4e2e5fb83376a27b3d5b05951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d02dae323bf5d587e845025249048dc

SHA1
465f9f777cde95ffc33dbdd96b18648587d9decd

SHA256
00e83e2e98cb7fc3bed4f1911c86fb4a114c7feb8833dc7b412486983efa3320

SHA512
ae9c6e7aa10b8d68cd21ca929d9c740d570fbde68d19c47edd8bcd4a092141fd5c2f34c4ff38594b4105001e3b4f72fc9c77d19522d212b6cf62279f8c2393ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f819d37f8d6a9662d42f5b947a54bfe0

SHA1
fb9fb80715d5b6f5fb3791de1ff41b3666048ab2

SHA256
7ab320b522bd06945d10a1624bea3ee37e2cc160cd8afaa4965d1992bb85d3f7

SHA512
c4951d8c5777cc80a1727ce73f24e24c24574dd0f9ec403b4be8f129d1d439f5cb13dfd9024040821a5ce5a9ceddb1e6813ee9357dc71d56c06a8d3b43261c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9fe2686c5a8a19d5726e8714e8e8191a

SHA1
537e39dad713feca14ab822e1930043595b9ef32

SHA256
d5944dade057941a4700e91e0d0abef2d780896066a1712ecd782af9ddf757a0

SHA512
fd66002e941ddfaba4af2f7019916b7f47e0f3ef78f34752dce0cf6c9dfc13bc011ab25139cd9ccdf18bf24771fa74bfcc64b704f2ae77e625c02e8285f6f35c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c2e1cc0be1d4c1f01505b0528bba0f12

SHA1
3a39f6ab3c9caae225a691b69eb0225aa76e6f68

SHA256
cb9720f404e4fb9e5d858e160f6558d4a624356972cd2e8e880d93ed5fe0be98

SHA512
b80cd54106ad64dc2768de8782fb1596387e1b862c246830214b57a54721753e7923a13c3b61a476e8531b57841c42a9cc17e854ef55898b0645f52acc38579a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
418980059d3c86838deaaf4a6492ae36

SHA1
e68e44a98cf6f01ad6c3b1f6cbe10fbd1f3a5890

SHA256
07f1194d5b738b8ecf014340270616af035ac964dbc106534aae8d77bf08cf2b

SHA512
6e7126781e266dde7e8ce16d8f2548085929a5738c53319a0bbf48cdafbfa1b8ae8b04db81e19bc180f3cd5f42f95855d74d47bfd53a8830fa839da6e90b505b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f97ff91463162e38b0a52e76e382b965

SHA1
97a6e9f8c890bd2b88bb69440b6aa4407ce0fd96

SHA256
83a467d471ae7164315f6e59e4fc38771d9ce3c7109594429c87b389a2771fb9

SHA512
cc5a74f765b7d86e2d0cc9085aa882a175bc086bbb76680d73ebb54a3ce34b8977466efe666fb9a1c60874a6175bb66a60875508c8b0075ea7377e0d4afb48a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b55acaa0e030c7fc2feb2dd4dbb180e

SHA1
e6084a1d32dd370b2efa132f584f431deede6705

SHA256
fde2c2645897c80050566900176f1b0d5aac4315ee2cff04d88ffec6c4a2faba

SHA512
7f770187c95b0a32d94f17ec3613bebcf23b0c8cfd5ec46e7960c24bece5ba084a742e767c4c21830099e45a5a10de4c8cbf342ba64288320a0696ae931890eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bc60958bd5ddbaceadb2b429e560abef

SHA1
fc4424e46eaa7a3c1d7a5680d42ddd6dd56607fc

SHA256
8a77a276d5e39b5cb725c69ffbe3ad90c6f02544ffc181ea617689715d9fda27

SHA512
12322cdda1e3045a3bdb373e4544a0f762648d78bc065f4665dd1282b062e639dde610272639f7b62e6d00781b6f2fe8651ee7b7c16f4086ed50c3d771befcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
25591ff4cc307efa7a3e95ea166827c9

SHA1
a584e65ca2f63863390af4a120d041c87766b4df

SHA256
90d3911e46b852e29aa975417e8ceffa6a3323bc642ba7d56383de52ddd7dfb1

SHA512
2fc928a999cee80af381bf917def6bdcb401aacecaeb2ae4b7b4f97e62193f88ada5127eb06abe482642c1693f201800f2092c3f8790af2ab5296a69c19964b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4aeff82099f195afda4fd2be7ba8aeac

SHA1
6036561391c138471e9444090467bd7cad185a02

SHA256
cb70e51d376e221c6defb2dd2b61090a3003d443c1d61e30168888f6e6f72b71

SHA512
9feb230ebf3a1f33a835e36193ac289b70538e78c461cd05925f638d9abdf213e456c7f3deb00c9b0386824a0a896e49521d9d19cd3e0389c3274f6685473164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
32740c35ebe30401e5f6a3044888b5d3

SHA1
785583b839dc2994453241c0238fb1c5e66ca9be

SHA256
3f62456b7808613057107c6872817a87eab7e1ea3f023f1f7c6792e775c6e5ee

SHA512
74141d241755bd7bcf835fe5d6ac1f4bc4e096e458b1c4d05715de6bcef48ec79f4f3eecf7ee2716d0a6e56e39e07a3abadb2ffb60cba8084a6e73c9161d6eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
db18e79b5d23e9062424044431cf08fb

SHA1
038dd17cfa0969bde8ee94192caba5a8e77aac12

SHA256
8ab4a24e62918407c65c276f785d2ab5a569a047fac3d6733c6e8699d5ab7ad8

SHA512
131d5cadfa6c336bdbd0c16350beecec156df116c40c37538da194fe4b0cb504500f11ad6328699263470d43bcfda4c322951282dec89f56e4e96f698b343b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
29cbb0d0dd57d0e0423fa2af2da8194c

SHA1
2b65e5a2dd3284093d4667661080129b6079a670

SHA256
aaccbc27c6630010a8ed6ca9ed4aeb0e037c75e5c7cbf69eae833305c9e50b8a

SHA512
981ffa5854acfb183ea0d995cb6459636d8e8758b2e5940241c78f1c11234150bb3abecdd14ab7fa60b45b07ede78a2b68fd6d2e9daf0db45ca70216d300594c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08d6f1ff4298e9c08257ec0444c751f2

SHA1
622f966fa75989eac31e842d3a4c3cfc79a02b21

SHA256
0d34cca83307d67e10ab6a555c1ff55d4c412362a6c751c99945935641335458

SHA512
1b593726175d4716d103f4a90daa94f89955b70582ef98c64d0fc8c25c3959b469e98f7b08249baadb5419fa777bf8e6e41021b6ee3dd9e81496d981b005d3bb

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
76fbe77cbc68f3bd5f0decad25775716

SHA1
2ebc2dea0b2224ea73fb5413d94ad38218122bf3

SHA256
8d59129db45c9f234318144380c9d167d89a9faa8e2a6aede9b5a3bcfdf650b6

SHA512
1a5d850914bd033defe42de3a333c2a7497927a07289258acd5ec08e973b4ed45030b0f299d6da5bac16ad607ed471b3db52a5c9676a532ecaa0836682618230

Download Submit
C:\Users\Admin\AppData\Local\Temp\ Explorer.exe

Filesize
44KB

MD5
ae7429c1129153fcb96aa64c958eb626

SHA1
86ccab46eee64090da14990bc11e6a7570cd4961

SHA256
79c8542e5b50b1c2d78d5dfb6e9114dc1c7127efd2052821d8b951c6ef04e20e

SHA512
db52516cca305c07bd7c4f74ef318ff5c4e3f8c1395e5c4d7a16f2a988776c5baa7cd19f012594764a7ccf7a32e6be41912de054ca07569c8d554ca79f9370cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ Explorer.exe

Filesize
44KB

MD5
ffbad806b2a2f5d77a341ac8043eaf86

SHA1
40be56ce29cbefb5e93b22f6f1de71ff2f6bb566

SHA256
56b9ff44fb9464266ab240d759428c9c543641f83683c9301248e4e6d9544655

SHA512
b2349a5123ab234f5135555b4f0fedd253a2f47db3b811cfa9f56a77408a1ea40e3e3e4c8aaee67de3669953020ac679261758914b9af49b68442e311ca525a5

Download Submit
C:\Users\Admin\Downloads\888 Rat V1.2.6.7z.008

Filesize
4.4MB

MD5
902bd229d81bc9b0154bde5a3af111f0

SHA1
51d81c362fcae702e78af24a455b2d58ad0385e7

SHA256
207492abf335a3edd9d91a04e7196735df41df9f604171314d3a8fb078e2a9f5

SHA512
d8f6f30a7862a458edf4e27b9cd2427cdddb95d0409a9e1a3af9a65e543d68c01605f61a77e27d871ea9a4436fc80ff214d651f79c3c88a2ec142d301bf047f7

Download Submit
C:\Users\Admin\Downloads\DDoSeR 3.4.7z

Filesize
436KB

MD5
5f0aa89ed5dbab00c1c32cb28ca60bdc

SHA1
9c43e134ca41a29c88399b419b87f35d5da3868e

SHA256
3004e8d4b227c0c306e377d2c9b014fe0a03e29c9e92e3d78d7416ab37bb1d0a

SHA512
5ea1211fc3f18265f877c3b6142352dbd998420d9b7ab7182c78702eacc8c651ab2f2d961749e8662e8a0d8e2dcdc3ea3c3b0cb410501e823427066ac86b8e5f

Download Submit
C:\Users\Admin\Downloads\DaRK DDoSeR v5.6c.7z

Filesize
8.2MB

MD5
d0fdfda18655b47f75d2e68eb1429dbb

SHA1
e46e7d29d961d706ee15568f7f78d3c11515a0ed

SHA256
21ed3f6be28bc73b7baf83cfa990a1299f3e697a81fd95759172247d411307ed

SHA512
931b0134431e2c059f7198a25ec9ddc02f6b71e0a41d62d1ecbd025b471692e9ea7f55da3995d5ba8ac836f3754c42bbffe957e3898c2122495b348df6ca0c38

Download Submit
C:\Users\Admin\Downloads\DaRK DDoSeR v5.6c\login.ini

Filesize
57B

MD5
85f9623df72ad58c834defa2ffb1bfaa

SHA1
5fc68da4e8b12d93c6444c536d2c4dae2676d1be

SHA256
c7dd0f2cff0af30c18ed4ac73b7e9999d8db4c6a23a8a0bcd7a57b36b83db707

SHA512
6af692ee4579413c0f1b96ccfd8c5385e17a57d275e26d0c9b161613921f4230bb61d5b0489f7f9556ca7de44e9d7d4ee89577ece03309c5964c0f7d3349ca85

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.7z

Filesize
2.6MB

MD5
bf43d8fc495227a8ea8543db3c78bcd9

SHA1
9919345bcb6daaab4de6b5efb477a39e93a32905

SHA256
d2b6d5f619bee8d330bbbcfc0109924accebb3f6d4b21c68de6e374ca903c259

SHA512
d97f3b61022db2c00bbdbc4110c274f329b0b35211b3a6d8e635788a406bdade757a16d4a99ad31b8243bafc7d62de886bbfc8ae318271dd668763250108a8a8

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
aab9b484c7c9cbddd25c73f5ad6e4cfa

SHA1
c6f24cca41ebba4966bc7e412af2dce46be999dd

SHA256
ffef470838152df82e8c415ec0626f328115aad9363637d180652f9f1df52746

SHA512
5bd992bc76e28325ac20d5e051476339f97b12499a221ec5392c0aba0d2afd302f637b6ca13bb4a2de61adb0682b2d938b2e12dc5fceb455e12e7694b20ea92a

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

Filesize
373B

MD5
b6af1da05c1a00991f04f8b898cea532

SHA1
24c48b062d8d864eefd32f2d84a36e1a7282e911

SHA256
f2ef0d8f29904a65ce6dbe29baf9379fb4659afb6930a5af5d9fb88f73b73f41

SHA512
2ab2de469911c3fee5b9bbfdbb373e5eb15023bf25b9e1835ebbf5890c66cfd7a06d7d5911e2fb630afadf9b30489e589634cefe52ca4c4156ae24b24c00c8aa

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 131114.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\Downloads\njRAT v0.8d.7z

Filesize
1.1MB

MD5
d34339206dfea6a6ae171f12906a3460

SHA1
c0567371ac673b767402317f5afb728a62cceb6c

SHA256
1754d2ec455c38853a4d13fc1c6cccbbb224d5e1a6810d4e896d64abec23d8d4

SHA512
b1242ab7fa9db18393d4284185b3677837e929287bcc07741e834e87328c3cf1b388a90d8c8133b521ab9eae2d2e1f83ab432b53ae6b54b6e6eac43b0af09467

Download Submit
C:\Users\Admin\Downloads\njRAT v0.8d.7z:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\яσσтRAT.7z:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/392-2006-0x0000000000010000-0x0000000000020000-memory.dmp

Filesize
64KB

Download
memory/1084-17-0x000001CD40750000-0x000001CD40751000-memory.dmp

Filesize
4KB

Download
memory/1084-18-0x000001CD41F90000-0x000001CD42200000-memory.dmp

Filesize
2.4MB

Download
memory/1084-2-0x000001CD41F90000-0x000001CD42200000-memory.dmp

Filesize
2.4MB

Download
memory/1084-12-0x000001CD40750000-0x000001CD40751000-memory.dmp

Filesize
4KB

Download
memory/1592-1649-0x0000000005990000-0x00000000059F6000-memory.dmp

Filesize
408KB

Download
memory/1592-1650-0x00000000066A0000-0x0000000006732000-memory.dmp

Filesize
584KB

Download
memory/4040-1636-0x0000000005A40000-0x0000000005ADC000-memory.dmp

Filesize
624KB

Download
memory/4040-1635-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/4040-1637-0x00000000060A0000-0x0000000006646000-memory.dmp

Filesize
5.6MB

Download
memory/4540-2001-0x0000000000A60000-0x0000000000A70000-memory.dmp

Filesize
64KB

Download
memory/4996-2278-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/4996-2292-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/4996-2302-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/4996-2303-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/4996-2279-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/4996-2304-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/5392-2888-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2891-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2885-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2884-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2899-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2898-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2886-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2889-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2897-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2896-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2894-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5392-2892-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5976-3588-0x00000263517C0000-0x0000026351973000-memory.dmp

Filesize
1.7MB

Download
memory/5976-3618-0x00000263517C0000-0x0000026351973000-memory.dmp

Filesize
1.7MB

Download
memory/5976-3586-0x00000263523D0000-0x000002635241C000-memory.dmp

Filesize
304KB

Download
memory/5976-3609-0x00000263517C0000-0x0000026351973000-memory.dmp

Filesize
1.7MB

Download
memory/5976-3610-0x00000263517C0000-0x0000026351973000-memory.dmp

Filesize
1.7MB

Download
memory/5976-3611-0x00000263517C0000-0x0000026351973000-memory.dmp

Filesize
1.7MB

Download
memory/5976-3612-0x00000263517C0000-0x0000026351973000-memory.dmp

Filesize
1.7MB

Download
memory/5976-3587-0x00000263517C0000-0x0000026351973000-memory.dmp

Filesize
1.7MB

Download
memory/5976-3585-0x0000026353C80000-0x0000026353D32000-memory.dmp

Filesize
712KB

Download
memory/5976-3584-0x0000026352380000-0x00000263523D0000-memory.dmp

Filesize
320KB

Download
memory/5976-3583-0x0000026352310000-0x0000026352328000-memory.dmp

Filesize
96KB

Download
memory/5976-3568-0x00000263517C0000-0x0000026351973000-memory.dmp

Filesize
1.7MB

Download
memory/5976-3562-0x00000263517C0000-0x0000026351973000-memory.dmp

Filesize
1.7MB

Download
memory/5976-3561-0x0000026354080000-0x00000263543AE000-memory.dmp

Filesize
3.2MB

Download
memory/5976-3560-0x0000026337400000-0x0000026337416000-memory.dmp

Filesize
88KB

Download
memory/5976-3559-0x0000026336E70000-0x0000026336FA8000-memory.dmp

Filesize
1.2MB

Download