chimera | hxxp://google[.]com

Resubmissions

08/04/2025, 19:22

250408-x3c8zayqx7 10

08/04/2025, 19:18

08/04/2025, 19:14

08/04/2025, 19:01

08/04/2025, 18:53

Analysis

max time kernel
618s
max time network
618s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2025, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

chimera defense_evasion discovery persistence privilege_escalation ransomware spyware stealer

Malware Config

Signatures

Chimera 64 IoCs

Ransomware which infects local and network files, often distributed via Dropbox links.

ransomware chimera

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\da-dk\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\uk-ua\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-gb\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-ma\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sk-sk\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-tw\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nl-nl\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\eu-es\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Microsoft Office\root\vreg\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nb-no\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-gb\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\it-it\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\it-it\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-ma\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\da-dk\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nl-nl\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ca-es\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ru-ru\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\cs-cz\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nl-nl\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\de-de\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nb-no\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe

Chimera Ransomware Loader DLL 1 IoCs

Drops/unpacks executable file which resembles Chimera's Loader.dll.

ransomware

resource	yara_rule
behavioral1/memory/6116-2476-0x0000000010000000-0x0000000010010000-memory.dmp	chimera_loader_dll

Chimera family
chimera
Renames multiple (3266) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Downloads MZ/PE file 4 IoCs

flow	pid	Process
338	4144	msedge.exe
520	1668	chrome.exe
520	1668	chrome.exe
520	1668	chrome.exe

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
7068	netsh.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe	NJRat.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe	NJRat.exe

Executes dropped EXE 16 IoCs

pid	Process
6116	HawkEye.exe
3100	HawkEye.exe
6456	SpySheriff.exe
3388	Brontok.exe
6872	NJRat.exe
3260	NJRat.exe
3440	NJRat.exe
1984	NJRat.exe
4452	NJRat.exe
3400	NJRat.exe
2100	NJRat.exe
6472	NJRat.exe
6292	NJRat.exe
6556	NJRat.exe
6584	NJRat.exe
5500	NJRat.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Downloads\\NJRat.exe\" .."	NJRat.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Downloads\\NJRat.exe\" .."	NJRat.exe

Drops desktop.ini file(s) 27 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	HawkEye.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Public\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	HawkEye.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	HawkEye.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
338	raw.githubusercontent.com
519	raw.githubusercontent.com
520	raw.githubusercontent.com
336	raw.githubusercontent.com
337	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
340	bot.whatismyipaddress.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\js\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24_contrast-black.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppStoreLogo.scale-200.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-24.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-300.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\id-ID\View3d\3DViewerProductDescription-universal.xml	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hr-hr\ui-strings.js	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-72_altform-unplated.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\index.txt	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-40_altform-lightunplated.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\SmallTile.scale-200.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\ui-strings.js	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hr-hr\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\uk-ua\ui-strings.js	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-256_altform-lightunplated.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\WideTile.scale-200.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\it-it\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\WideTile.scale-125.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailBadge.scale-125.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-96_altform-lightunplated.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\XboxNotificationLogo.png	HawkEye.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-400.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-40.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_anonymoususer_24.svg	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\AppStore_icon.svg	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\uk-ua\ui-strings.js	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-100_contrast-white.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxMediumTile.scale-125.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\localhost.crt	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fi-fi\ui-strings.js	HawkEye.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-200.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeLargeTile.scale-200.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-48.png	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-64_altform-unplated.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_altform-unplated_contrast-black.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-black_scale-100.png	HawkEye.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\offlineUtilities.js	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Toast.svg	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-100.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-36.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-left.png	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-gb\ui-strings.js	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageMedTile.scale-150.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-unplated.png	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeLargeTile.scale-100.png	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_auditreport_18.svg	HawkEye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\eu-es\YOUR_FILES_ARE_ENCRYPTED.HTML	HawkEye.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\PlayStore_icon.svg	HawkEye.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-256_altform-unplated_contrast-white.png	HawkEye.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HawkEye.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SpySheriff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HawkEye.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 56 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000000000000010000000083ffff0083ffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007559c5b53c14c340835068035e51906a00000000020000000000106600000001000020000000340212c4613f5acf4ce63d6fb3dd6398050d32f04e92b4f20da46eb174d84778000000000e80000000020000200000003e42a9fde7626aabc7719191e5e03d33af5de3b2118b88da711211af8da3ab5f20000000dc0178cbdca30e4e137a22b50d04a87b6a7cf3f483f47efcadcfc96be307e296400000007dc8edbd859f5ca1e22a23eb817d568ab1a77a37494dd95800f21071f985bbbb4ed6c76bcce5f5bf01b521af19f7df430ec28eb8f1c5ff4fcf2021d5459577c3	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{403964BF-14AC-11F0-9C64-56D06BF03AF3} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mega.nz\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mega.nz\ = "65"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mega.nz\Total = "65"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50256531b9a8db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0639d1ab9a8db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mega.nz	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "450904024"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007559c5b53c14c340835068035e51906a00000000020000000000106600000001000020000000318566d783f020819e0252e2dc63a295759ab71b5d5f72909a0f868d53830b1a000000000e80000000020000200000009abf6968e81f6b7250fd22f128a09fda445f9f28f6560814295015c19610b5b720000000e1318ae08d3ccc75eb49967d5b619602a15fb8709238dc92f3e5d1073459b32140000000054ca2304e4bfa062e7a37c562dada0ac20b6c7443fe30937f6cf9d1d25b157e56505ecd9634cee0c00b783a18c06b08cfe242c553d4bdcca3f1409c4dcc62d9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007559c5b53c14c340835068035e51906a00000000020000000000106600000001000020000000abad0e94be570e4b307b8c3780e189bdfb726d5c796e22ac87cb92313ef046fc000000000e800000000200002000000005bbad76f68c3b5adc3bde2cc0f8047453fedfd80c668467e305afa090a5983a200000009060c4d47ed39835dd0f284b8062fdae1fe1ecc9f43c142873fa18af923496fd40000000e3844dc43f01876805644d58e31ec005a983a0dd0db83e6b49ef28f784357e9f2e34cb18d97a8f30bd9dbdeaf2e1f2d1adb4f946e8d6f7363947a0e6b596d8af	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "65"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40853b15b9a8db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\DOMStorage\mega.nz	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133886124855277918"	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-83325578-304917428-1200496059-1000\{3867BDCE-282D-489D-A3A3-274E9DB6CACC}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-83325578-304917428-1200496059-1000\{EB872A84-9C3F-461E-B843-13BC14CCE8BD}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
1412	chrome.exe
1412	chrome.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
1412	chrome.exe
1412	chrome.exe
6352	chrome.exe
6352	chrome.exe
6872	NJRat.exe
6872	NJRat.exe
6872	NJRat.exe
6872	NJRat.exe
6872	NJRat.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	6116	HawkEye.exe
Token: SeDebugPrivilege	3100	HawkEye.exe
Token: SeDebugPrivilege	5420	taskmgr.exe
Token: SeSystemProfilePrivilege	5420	taskmgr.exe
Token: SeCreateGlobalPrivilege	5420	taskmgr.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: 33	5420	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5420	taskmgr.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
4108	iexplore.exe
4108	iexplore.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
5420	taskmgr.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
5420	taskmgr.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4108	iexplore.exe
4108	iexplore.exe
5944	IEXPLORE.EXE
5944	IEXPLORE.EXE
4108	iexplore.exe
4108	iexplore.exe
4524	IEXPLORE.EXE
4524	IEXPLORE.EXE
4108	iexplore.exe
4108	iexplore.exe
180	IEXPLORE.EXE
180	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 3984	4292	msedge.exe	86
PID 4292 wrote to memory of 3984	4292	msedge.exe	86
PID 4292 wrote to memory of 3876	4292	msedge.exe	87
PID 4292 wrote to memory of 3876	4292	msedge.exe	87
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1324	4292	msedge.exe	88
PID 4292 wrote to memory of 1132	4292	msedge.exe	89
PID 4292 wrote to memory of 1132	4292	msedge.exe	89
PID 4292 wrote to memory of 1132	4292	msedge.exe	89
PID 4292 wrote to memory of 1132	4292	msedge.exe	89
PID 4292 wrote to memory of 1132	4292	msedge.exe	89
PID 4292 wrote to memory of 1132	4292	msedge.exe	89
PID 4292 wrote to memory of 1132	4292	msedge.exe	89
PID 4292 wrote to memory of 1132	4292	msedge.exe	89
PID 4292 wrote to memory of 1132	4292	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffee567f208,0x7ffee567f214,0x7ffee567f220
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1916,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2268,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1948,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4172,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4132,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:2
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3588,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=3600,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3500,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3596,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5288,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6192,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5312,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6184,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6496,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6656,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6700,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6644,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4216,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4468,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4456,i,16999738153014211237,1925182640436341156,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffee567f208,0x7ffee567f214,0x7ffee567f220
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1888,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    - Downloads MZ/PE file
    PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:5384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1928,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:8
    3⤵
    PID:3896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
    3⤵
    PID:4316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
    3⤵
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5124,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:1
    3⤵
    PID:2448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5392,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:4088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5192,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:1
    3⤵
    PID:5472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5708,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:1
    3⤵
    PID:5392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5960,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:8
    3⤵
    PID:5984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
    3⤵
    PID:6020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:8
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
    3⤵
    PID:2684
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6440,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8
    3⤵
    PID:5424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6188,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:1
    3⤵
    PID:916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7016,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=7068 /prefetch:8
    3⤵
    PID:5664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7340,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=7360 /prefetch:8
    3⤵
    PID:1516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7124,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:8
    3⤵
    PID:3500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7048,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:8
    3⤵
    PID:1992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6036,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:1
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=5212,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=4000 /prefetch:1
    3⤵
    PID:1568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4848,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=3964 /prefetch:8
    3⤵
    PID:2664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5656,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:8
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5992,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:8
    3⤵
    PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6748,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:1
    3⤵
    PID:5768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3968,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=3932 /prefetch:8
    3⤵
    PID:456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7028,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:8
    3⤵
    PID:1608
- - C:\Users\Admin\Downloads\HawkEye.exe
    "C:\Users\Admin\Downloads\HawkEye.exe"
    3⤵
    - Chimera
    - Executes dropped EXE
    - Drops desktop.ini file(s)
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:6116
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Music\YOUR_FILES_ARE_ENCRYPTED.HTML"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:4108
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4108 CREDAT:17410 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:5944
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4108 CREDAT:17416 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:4524
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4108 CREDAT:17424 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
    3⤵
    PID:880
- - C:\Users\Admin\Downloads\HawkEye.exe
    "C:\Users\Admin\Downloads\HawkEye.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3584,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
    3⤵
    PID:2464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7412,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8
    3⤵
    PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5204,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5328,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:8
    3⤵
    PID:5904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6852,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
    3⤵
    PID:1576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4020,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:8
    3⤵
    PID:5388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3332,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=2836 /prefetch:8
    3⤵
    PID:6888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3892,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:8
    3⤵
    PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5612,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=7032 /prefetch:8
    3⤵
    PID:1772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:8
    3⤵
    PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7508,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=3400 /prefetch:8
    3⤵
    PID:5192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3324,i,14091322764870276433,18170253976564511297,262144 --variations-seed-version --mojo-platform-channel-handle=7448 /prefetch:8
    3⤵
    PID:6456

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3296

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffed30bdcf8,0x7ffed30bdd04,0x7ffed30bdd10
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2040,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2436,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4452 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4744,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4976,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5396,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5520,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:6344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5332,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:6392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5440,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5456,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:6804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5848,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3696,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3624 /prefetch:8
  2⤵
  PID:6616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3328,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:6612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3668,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  PID:6604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3288,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3828 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4516,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5804 /prefetch:2
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5988,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:1764
- C:\Users\Admin\Downloads\SpySheriff.exe
  "C:\Users\Admin\Downloads\SpySheriff.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5964,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:4504
- C:\Users\Admin\Downloads\Brontok.exe
  "C:\Users\Admin\Downloads\Brontok.exe"
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5012,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6224,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:6672
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\ILOVEYOU.vbs"
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6328,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4132 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5980,i,6041109968608346365,6983345760212149894,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:5748
- C:\Users\Admin\Downloads\NJRat.exe
  "C:\Users\Admin\Downloads\NJRat.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:6872
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\Downloads\NJRat.exe" "NJRat.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:7068
- C:\Users\Admin\Downloads\NJRat.exe
  "C:\Users\Admin\Downloads\NJRat.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3260

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5204
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2656
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5400
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3008
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4452

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4916
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2100

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4704
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4696
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6292

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1204
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2088
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5500

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5544
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1888
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6576
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6572
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2208
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4236

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1736
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5488
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4512

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5976
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1072
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5144
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4900

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3424
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5108
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6412

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6456
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2808
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3960
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5420
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6352
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3280
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2840
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2648
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3020
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6260

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7044
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1612
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5856
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5008
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6216
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3932
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6968
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5208
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3604

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
PID:5028

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1032
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6576
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2260

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5132
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:976
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6880
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3580
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4424
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1852

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7164
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3972

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:872
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6976
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6332
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7052
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6268
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6052
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6136
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6004
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6236
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7024

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6156
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4836
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6284
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6196
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6256
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7732

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5288
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5008
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1456
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:8176

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5984
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:8168

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1596
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7420

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7176
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7336
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7344
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7560
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7568
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5824

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7800
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7808
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7892

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:8116
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:8124
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7220
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6492
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6436
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1516

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:464
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7676
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3328

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6960
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4016
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3280

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5536
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7104
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5904
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1872

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5516
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5964
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6136
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1528
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5144
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5204
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7632

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7868
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4724
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6304
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4424

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4060
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5520
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2804
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2792

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6240

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7288
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6268

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7516
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7440
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5500

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6484

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7664
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4200
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4612

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7052
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6856

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2000
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6388
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1892
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5972

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7428
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4700
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7792
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2704
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2140
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1536
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5848
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7180

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4564
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5004
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3616

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5488
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1888
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:8100

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7956
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5212
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:8148

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6612
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7076

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7476
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1900
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4348
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7360

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5184
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:8152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1280

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:8180
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4288
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2800

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5012
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3532
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2568
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6156
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7840
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3908
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2408

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7548
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3844
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:8068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6148
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:8172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:996
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7688
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7268
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7972
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:60

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4968
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6192
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7468
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5128
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3580
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7496

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6984
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1592
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6976
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7808
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3496

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7932
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3664
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7376
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5900
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6176

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1888
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7160
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7204

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6508
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7024
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6240

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6260
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6388
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7044
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1640
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6292

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3616
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6288
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:8048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1056
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7148

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7532
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7312

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6316
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4516
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7988
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7180

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3296
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:8060
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2808
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7924
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7140
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:8156
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3340
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5628
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1560

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7028
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7192
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7408
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1900
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7792

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7604
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1408
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6792
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7684
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2464
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3020

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5912
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7368

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6136
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4376
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3664
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7668
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:8024
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7572

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7548
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5132
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4056
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7756

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2400
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6260
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3848
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:8036
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7644

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2208
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7264

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3088
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7288
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6332
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:60

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2448
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7440
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2408
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2656

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1456
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6612

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5232
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7176

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7928
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:6584
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:452

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6992
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6672
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5732
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3460
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5916
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1280
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1560

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6148
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7748
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:776
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4176

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7552
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3616

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7308
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2532
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2296
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7672
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4796
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7328

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4376
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1704
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5904
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6076
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7744
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1624
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4348

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1528
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0b86c6bdh0371h4017h92b3h6c358525b1d1
1⤵
PID:8092

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7720
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1764
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7880
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1760
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6332
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7532
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4176

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5160
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3340
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5232
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:8132

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6968
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7236
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4916
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6804
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:752
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7028
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5732
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7492
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7352
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7264

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:1116
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7604
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7672
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7172
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5628
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7160
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7484

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6572
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:5508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4348
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6384
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3424
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:3804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7404
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:624
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2656

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7140
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3960
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:4700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2672
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:2860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3624
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:6104
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:6256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4104
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:7380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:5284
- C:\Users\Admin\Downloads\NJRat.exe
  C:\Users\Admin\Downloads\NJRat.exe ..
  2⤵
  PID:1536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2568

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7356

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:8184

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:2472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:4056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:3848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7452

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\NJRat.exe" ..
1⤵
PID:7864

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk-1.8\jre\lib\YOUR_FILES_ARE_ENCRYPTED.HTML

Filesize
4KB

MD5
4437ae3b48ed3215e92d331ae1ba20b6

SHA1
c3652f3893d25801fef03e918e5874b77112d27f

SHA256
e733414b6622b2757d19c848429f19f15da2ddb15ecdc65bc672fd8da42521b8

SHA512
beebf785d54368477681e265a83d6e96934fce4d3003228b57c9a79f7b6d39810a8818fd10ab6267b7d86a40c47d9b3f72172f19b8ab11e0e20acc8445b6d842

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_1307261951\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_1593056677\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_1782962685\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_2142738254\manifest.fingerprint

Filesize
66B

MD5
3fb5233616491df0ec229ba9f42efdb8

SHA1
18a8116e2df9805accd7901d2321c3fa92da1af4

SHA256
946f3a9e019b0d80f5671de782f295132341f663f74aebad7628f22e528d6d52

SHA512
e9b17ac626bf6508db9a686825411e90d316a0f1dacbf63dbec5baaaf6b96af4dbc9a7332975b6d5c16c43757d79fddca6b888ea97bc07a8dffb1b3a06366b4d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_2142738254\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_333785590\manifest.json

Filesize
119B

MD5
cb10c4ca2266e0cce5fefdcb2f0c1998

SHA1
8f5528079c05f4173978db7b596cc16f6b7592af

SHA256
82dff3cc4e595de91dc73802ac803c5d5e7ab33024bdc118f00a4431dd529713

SHA512
7c690c8d36227bb27183bacaf80a161b4084e5ad61759b559b19c2cdfb9c0814ad0030d42736285ee8e6132164d69f5becdcf83ac142a42879aa54a60c6d201b

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_390934319\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_394760262\manifest.json

Filesize
135B

MD5
4055ba4ebd5546fb6306d6a3151a236a

SHA1
609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

SHA256
cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

SHA512
58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_450757645\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_450757645\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_654240029\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1084_778950417\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f7a4bda14a7cd75bae5058bcaf1f664c

SHA1
16482444895f29b946c895cccfa0e8c228f3b235

SHA256
43c59bf0c8802e823c68223d85f40c77b179677d773097d36fa34d6fb71ba816

SHA512
374019e11e558024b3bc95fc06ec962c8d026493a7f28855a3fe87e2a5143a09668d18f0d5bf8cd5a8c6c4614797df65e976d403349a26281cb80c9413999ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
38KB

MD5
32efc8cdbf664d39009891f28ae9a31f

SHA1
897e8c936c885b5fc66309545c446edca5fbc90d

SHA256
af1503390295503bdb6fd83b354817afcba20eec36322864f943476c5176861a

SHA512
d985288e681ac72080e8bf22d4d2c73e75fb9c5921582e5dd7a83ded9740fe8b18d164108e355a46f1bdfd41cf2dc85acbcc2fc53c95aa63b5ee26cfec0f83b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
21KB

MD5
ec0963f084571ccba8609e51d71bf6ec

SHA1
b4a93e1b2e235488747b17c212ae14e5551c2db9

SHA256
39041d7cca3821b6b33037d88740780d6c1b380cf4973f7a869b101d35b015c3

SHA512
88689aab98763297eb045308d3a1c415bcb0dcb58dc5d3f4338e5c92018666a0b0c5bc2cc444ffe333c4b6ea54f0286a4c6310a9e18d418fba83ff2698be5525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
37KB

MD5
e59c00b9f3a391be74c2869e89f03547

SHA1
14b8326bbb203e565cb1dd84b91fb3abaae7ff69

SHA256
845079aee322967b6704ac394efd85c6beafcefcbccc3e543903aa3ba659060b

SHA512
5af7b8188edf1084e44320d5515b1813c87a7141ec0637a8ff511f7d16ae95d12fe267251e40891d79d393e365334cc11027feb75041b32ff5379c11b0026f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
21KB

MD5
89b6521b18f5e07d0ac39383a27f3c34

SHA1
c388e1e74a475680d1529b884439232201382f80

SHA256
8d748776405d0d1eb2d42f46c5aa72fdbf01491a0c32d7ef6907827adc6045b7

SHA512
56148498840556888bbdea476fb85222a074ff9de842077ff1a3a482dc173c6df03ac963b7d2fc7bbd01c5f82d265bef6bef8054b081ed22c9cc9be52c45cfb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
27KB

MD5
fa2d7364a6cdbe8144bfc6add239bfe7

SHA1
2b37b884e7235429a2b4d675cf1d4975f9081d4c

SHA256
3624f864be1b01a4fbcaa4623e5408ae4adf66702cf2339ebf5eb5b4cf993ac5

SHA512
5a30f88a98af6ab94a0847989d9bb98d7e459232ec7a0ebfd0aa7f4405d0394fdbc439f33fbe2f72319f7cd8789e80443a122fde0b4f743833ebdc28bda37f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
16KB

MD5
db2656b672846f689c00438d029d58b6

SHA1
43b8d5085f31085a3a1e0c9d703861831dd507ce

SHA256
aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763

SHA512
4c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
18KB

MD5
89ee4d8818e8a732f16be7086b4bf894

SHA1
2cc00669ddc0f4e33c95a926089cea5c1f7b9371

SHA256
f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82

SHA512
89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
59KB

MD5
9a2194c5bcb627dbdf313651772d375a

SHA1
cd13e4bce372190416889ffddcf24e1b8c7f589b

SHA256
e9441f684a4aefdb47f581abde0436fcbd640a819c8048a48fbca0cd4784cc1a

SHA512
23ce40100d2886e4b05219d868b2238b34dd4b39b9cc73ac4f5583d898a69fd7820e536cd4b3a6d5ef7474174f0bf41ace04d4e6fa5543bab4da97aabeadbf95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
45KB

MD5
c591b1b01d479b9ffcc5ad9d22661f63

SHA1
9528eacd89ed7030739e8efc767e945f855031ae

SHA256
3d80024671deb0adcaf0f712e83afd48652eba00a7d15d3ee92253312bfef9c5

SHA512
a9e138fd3fc086b01ce8d28d548c5f6cf7bde81b37df6a732bfcd6c32214780c0a02e6fe247d0e76e7906ffcb95e732f68771cf31d5cac6506994414baefbaad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
16KB

MD5
736b736d6414cf09150acd35210c095a

SHA1
598c3566ea244c07ba150a5fa5d8bee2fb3abf38

SHA256
0262fdf8364ccf2cdd1fe3f80d769f9e8a91f4a33a8528016c93174f1fecfbfa

SHA512
f6c0d317d481e7282adb39eb85a0fb7eb792cddba080a2a3fcaed89bd983163ff0e57793acebc958381cfa0da8b60b299e6b768c55b6a034131d29fd81ad20fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
55KB

MD5
97ab8bbc61f6935d686dcfee38bcf26d

SHA1
93bd63304c92dc10ea79a7a0096533d05cadcb25

SHA256
608b43d1bd4072d5144de9e836cf456677cc2fe65203cc344171f46db103d827

SHA512
01edbef8cd855e14ee09e23a7058888eca803754d79cb2bfe24b252f2c3855fe830ac7dba8c17d5532426ed3cfb5b3a925d2f9a5dfee6e1f712de07443fda092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
88KB

MD5
2dfda5e914fd68531522fb7f4a9332a6

SHA1
48a850d0e9a3822a980155595e5aa548246d0776

SHA256
6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c

SHA512
d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
109KB

MD5
23eba00af0c1710ff02802a789beba99

SHA1
351edc603e80546cf8a37203c1cb77c3d57451eb

SHA256
432881124e56ccba06e037256a20fb7c4a33dee20f31ebe389467b2fea418716

SHA512
0fb28131c2bfc124fa892c7f8af736aa6eb66bf1b9dc63cc5fcb7c7446c0a4c25df7be4aec3357202a69d8fb74cc0b08a856e5644089bdb371a239d86652c49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
16KB

MD5
38e077c12cfa3f256db8e464c3b8a907

SHA1
209dc53f13d1f408fabad1f247601cc610a64d09

SHA256
ce1f1111cd4197eff0126138ea25068bbfdb74d0e3b83ac52058c798369f5f75

SHA512
2f391ec464d4a81de3d23e8f6058116d94c976cd516eee36bb3a705c8f66e809d13b9f88ab36c72c49901044d0c7fbd34d11e356a3888a956b5308cd3811ff52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\manifest.json

Filesize
2KB

MD5
1048f1f4d861f5c812e5bc268eb68a06

SHA1
4c9495a3202f63fd0878086f27310db6d3bf5be9

SHA256
8b3b5b96a5d6d7c613052b4a751c6632f5f91cb0a912c96e515978999b6f43f5

SHA512
158ca9fc4e59568c8d04b8f6ad16fd8216ee10d8869ce1e2dec844e52d3d3b19bd98433665fa003552e8896a2691531141ee11fef212d8d66283d7002ece8c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
faff04f0e08b612358be7d8bde7350b7

SHA1
babacd0150747bcc11991f53306ec24ddf278885

SHA256
5030af7f18bc86385149725c9ac5eefa1c66c75e42ecb14afaa743b3b768bad6

SHA512
8d7ce962db0feefe861e4c2043a907e491961ec955a013e7069e7a0bdb7a69f834eeccefd6cb8dea9a214d5999d95921af912bab43fdc06a3001580aac255a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
33f4a6bb6fc4ed8e356abdb6eb807027

SHA1
a5a4a31021a8c699ff75ae608ef5e72ed7217cbd

SHA256
9552d75db570ae4923455a62a36a498eb7aeb1cb43c134b39e4161cb714e61c7

SHA512
3938efad5061ea536785de9c898b8a015a4f833623192a31b9a1939666440ae374ccbf56fc33aa7cd02289e73fbb639331b240ca8902dea69f0c13f98a2cf6ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e8915eb8a723cee382c08e2e4b9c2e1

SHA1
637b2c63bd1265009cc6d9662a4759faec645fff

SHA256
0cad3152ad4cb14c535b83b7b46ce01ef231cf62f3e218b337367ffd6b0bd74f

SHA512
2716867db5c8c75eb87689a375a56c83a9ce9742c4a5f61bb49104133b96d6984afdea262395d383874d49d2fe965a0e8c64cb6bbd22b58c664ad213769c253a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
dc8f80e46282d69d201786af668c5278

SHA1
1c3da9919976de78ad09b495006a17afcb8842e0

SHA256
4bbae471fab89bb7e239e2ce55fd08fe9022b2333dd9b06e77c42aecd818050d

SHA512
2edda59bcb7827bcf42b824c8a189e49a7109ab0cb9cf122b9e5a9eb2b4fe55add90ce4b6a40d6b19e03773acc302a564754064fa9a069a9ceabc6082dffd5e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d213709be6538231200e886766c8e115

SHA1
df9801d2bab8087145b8f9203382f6be53d0f55f

SHA256
ee6e7d76c7700bd64902481074026e11f2abf2b01aa21ca186c261af0d34fc0d

SHA512
bf5a7462c8c0cafb311f193fc5bfe5d7d2ab10b243bcb18915d3cb60a70cd283fe1ecfb0cf4f56f8aec2502e60e67d9218980be5f1fc760a6ec112c41ee105e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
73d83cb0ee7f3d8c49739663b59aef3e

SHA1
db559bc7e3944d39b52c552289253dc9bc1a225d

SHA256
db63baf830a589a6f3305bca467b03d4ca9e5cd85733e89ebdcb484508dc4eb3

SHA512
b9474a72d2624315c27fe80661946058a4edda3cde487cbb1c5bb6a2e9c897f36d08f1b54192e8e19154e9c46ed88b4c67e651801e5f6eb925e7a0508ec598e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
69140de1b2d2b63e074453830ddcc8ca

SHA1
586cd12a818607bf015b34e3967a92a5eb67c7a1

SHA256
6beeff07ccb32d0deeac1e6ab9f0da4a1c81c3e0d89f2f8eaa5b21077f727a00

SHA512
22e49b44aa41682ed565d18c9d700adf7597c4c574ca67f8719d76da36e78279719639abd2a4e822ab05207898b2a3ea3df18a75aa0989cb841eefcc9c498d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
819beeda56ced9ecc0374a2b7279fa79

SHA1
706a302d2b85ed5a092e0b03010e59c22db119ea

SHA256
e61804b2d75148d975cee62696fb2e786d87cceba51a23672d0bdaaf34cde1eb

SHA512
fbd1e3bf25c28c1d09c4bb2fed24c87365d2b054e3c956d15e3f36c3c7a9984e1dd3656ad8a32321ded5ab359e9e8e95d9e97fce5d58ba3271d34e04299295d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
31e17eaf47aea36bf28d959df6c81aab

SHA1
ef3d8c2c725db59de79fe2b91c8f6a369a90f2e1

SHA256
060e09de27328244ddf16e23666969f3f208c2fc036299f475640aa004b2dff3

SHA512
bb22fa5e9ab991f6d6b71112d7e183fd47e233c61ea76767db3c8086bfb89d7057250c31996d323cbfe28f63fe2a07f33f9398e4cd2a299e411b24c88c1d1e8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
afd8fbe3dbd5e7282456420bdd2676ec

SHA1
a5b717a8a475abf939d72bca96dc4d387c69efab

SHA256
7ff26779b1395f1a111da495920c63908f2f9acf241db1335acdaad7e2adcfa3

SHA512
eac99b9781bae0dd0281790f8b4ffc4dd19fd06e8b0178ac2a2cb08006ebe9e04eb2826529f694a9d0d12acc1b5982d0fd0fb41232b535ea56f066880b6ddd2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f698542b053ada9a63ad415a140381f8

SHA1
ae17d961750c5457f48f03914c974bc18eb1e3df

SHA256
811bd5b0a0943f7336f8dde58b11b4f91d96a968a60aef490cdbf3368d259e35

SHA512
2e4fd8fab7ca7187345d4e63f674a23a416631988711fdd53aaee02a0ea7c59ec3fe4dea0f7cae8b5225c060e637a9dd8773da4f70a54ac0fab75e76d9adc902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
23844438506dad823c5f8eb3a0f2f454

SHA1
f4c0f779236acd4a867f2caf9d9454bc8043239c

SHA256
2da0717b8f28e0e6a0c5bbcf07aba95d96985afc7a97d5f4ecf74906d48cd807

SHA512
2b3ded9928ceae006fdb51f0e0293b64efcbb9e5fb1aad11264be912d2305351b850582a628acf37d86f9d063e5b8c21f4b86d3ad1f58e7ff81f48540fe61f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
80489c2f26846a5fa04616ceae9c9e3b

SHA1
db8f6a8dc93bcd2ce02ae365390a802e1b5abd6f

SHA256
5194e025732e1f3e5d466c5dd0666c64c0a8fc711ca16069f3a6a8c43524630a

SHA512
f25027aada9172658e59570032e7817d6c2683f20a63aa018cb961cf0f038c3138e25b84b734cbca2e108c976afa56c07d00eadc6196760799ca2a5f85028dd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d0b36eaaa8d9b24a1288395786cceb48

SHA1
26df53f52589d10f29ea8a54513aa797ed38074e

SHA256
e3fcdd9a49f2eabbfce36dab07a9c850fcbe3d50cd0ca4a2170c47fb2363cf2f

SHA512
8a27fc6d0099bcd7227214930948cb361b7d30d26c37e354bac7737d75be5553270b77cf21f8353baf6c7bbe776b33e506a8db3a4e047e201300d470ca99f87e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dc985dda442054e338154df8c3633ecb

SHA1
b8e3c099d06b7735941cacdd55f127b614fa68d1

SHA256
f707ac0e30a22e78275441efb5bf3d410132cf000982267bc0abf791619de7e1

SHA512
e3f3a3b52afcf016df230d8e4a3a13f1027a3442b06b754a36012776990a5c493a245b69d8f08fa73f7f703a6a710b2e20bd491afae029d07b5a6a0fb26ed5d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ba257.TMP

Filesize
48B

MD5
beda041feb223082c63b3ced31fabe22

SHA1
9adc59c4eec55c65572e3e838910d2a895a96fd2

SHA256
524e818280efe0790cea04906e9d58cb0a9a579c7a839643ffb1d6e712e884ab

SHA512
837f0e5ca292fa885db5b6bdfcee37d6a7eed87d7437fa701944af11455f0911975666116e75540ebe87e98a3d60c012e78b75d1bd3ed04944e69f9dcc3f9807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
7418d5c8be66d952276bb67105717f6a

SHA1
c0674b442724d76bd6b7fa55414d44bcd9244647

SHA256
ec1303a1cbd04a0a7c49d39b33b8b1a0e24ed0f873760b76937a86fa3729e262

SHA512
26ed6b66864af488de528ce0644b31fca237cb1889abb0e89480eaad5ae043ede98cd155985e01be8fe2fefcf3b4a23e381ad59b0cf07f563b05d50f19e67c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
3a410b7a438145b846d895fec633ea00

SHA1
1194d68b689d3c1d3e667124048a158d56382d93

SHA256
d7eada4604115ee94eece50122d4ca4d2e492789a6d7208d2a022e94464dcc11

SHA512
8ec74433e09395616a5a12c2a52e84201bc35b8adc0e67fa07f103f9a97f9939fbb55b820bb1f876803f12193165c19a41ca444074a7ae1ee06c670b742f7497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
ea0e2887170e3b27a39772dd91bd6318

SHA1
033cfb30e47fed695b811a8c9877119ff0e57b08

SHA256
41040532623ec60586e4053ac553419b0c214b75fdfc5dfbabb910073a2893c7

SHA512
1910e8fcd004bc5f95c804272eb9ebad18f2850ea5d6a5728d7c472b86e3d73e578a83989a34d6d135d8610cca19b7f36105fe07bcd5aa265b6201078a1b1ea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
a386cae54af973776176ae772a15dcf8

SHA1
53e866d94dace70a17d53c46e5b855ffec020c82

SHA256
8841c57a35eab81acef99ee3f18da795b578cf649c9a32c121d01425bc09d40d

SHA512
512282be1ba2eb07a4960f9338b6d894b784e59f89c88e6002a118c776d60539196a32355b4ee389077445c780ff8d16806daba6c63ebf6e379e8e3f2c7ab9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist

Filesize
105KB

MD5
6e82345aefe362b4c5071e7df6c07407

SHA1
44176a6b5c2722280699b8cc9a174d168fd4c161

SHA256
ee1ec48b6b166582c51a4141a84f48731ce18a62e4b7faeb9d60560c8f9c382a

SHA512
20c0f5862226a3eb17832e7c793f809f2333e0e0068dbe61b5865517fdd9f84bb5ca8d97bdb19a005a25b789ac75a09067350940f042fb5123cdb682ce2c98d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\v1FieldTypes.json

Filesize
509KB

MD5
c1a0d30e5eebef19db1b7e68fc79d2be

SHA1
de4ccb9e7ea5850363d0e7124c01da766425039c

SHA256
f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

SHA512
f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
5a7e1750438748bd333b79a94ca69b2a

SHA1
94fd1be56969e269ce195ba29c3d464d356d6556

SHA256
6d7a64a318c25c643323d5cf1c0c80ccf2f2433e7d74b722fca90468f8f9b914

SHA512
842509c0f495ee24d152ab3f7867183d7cd64b01b5a9305405682abbbff3aa18a8ad7d97ee039393fdd1766fc17ad2df1caf711dc4db8dc7b9df608ffc0fdc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2b5dd617bc51c4c1ccb00b32b7a551cb

SHA1
7d736ba05663d721e586cb765fdbd30b8c95f5ae

SHA256
cace12b31caef21a04e9b72cdaded7f3dab5d6e633385a91bb370c92f8eb1b69

SHA512
6892aa73a27cd9b85f3361a933c7e47572df7d13e21ab914b37f715deee1e8d7341f1bcc4a9a17daa1d1fbef44ddfd3bfc0ae2d8d8e3b8802f0dd9ab56bff98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
eec55fe349980566b1dbf1d409d28c3e

SHA1
654ce4b550defea0851f12e8ff81ae9298bb3f60

SHA256
2e81ea3d7ddfc0274f3955d5131143c481e63f2529514c5295873b393d508efe

SHA512
58e02658d08732b5f36e868331a483b5fde15475a6c5f704a19c97d920399c3f7d41a8fa163c66683bf403598f8f48f0cf9fa468f9783fcabd9136a55cec0059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
737339612b00a79062eab33e25437372

SHA1
da6a6aa41f4182719f13e98ec2b03586c84e8c46

SHA256
20a5e2bb35944373abb75ece5b42ff117cb824bc2cb900e2bcd1ad6b0fc80bca

SHA512
4fb565fefa16cc59f7919d4b6a10fa0f3dbb22781ab3574342568eaa8938511a39847e6efa7051d98f1090648ae3a9a86fda3618f716587653ebffcee69af386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4f538493c454b4d52449cf5aaef16bd9

SHA1
1f797ec1fa2b686fc791d73997f106c2452bb9c5

SHA256
385cd46536362c7aa3e775e8c5d3258d1b6ce38dad0b8b2a504509994adf2247

SHA512
e03af8c8e829f7e561f7de9c1d97e83e7704765c3e637453554a6d4b4311bd13079f8b9192c3b98e21cd94223b32bf219592557e7f09f358aa6c321dd300df55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
352B

MD5
2c0424812c3a3d63bff4425edb198fa6

SHA1
7b11fd03f229be09c5ac98094ecbaeb132c1c963

SHA256
03f865f2b4e4af934fa87251f428e789765f39e3f5dfc1ef65715bebe4dd2747

SHA512
227b255507a1562fee5ed9d7739d426da0f2caa626b3355bcf187c84a1e39948fc56802b459f7564a9dcdb9dac80030da0ff78c4628b2f95a1051f36b1e5e336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
275B

MD5
0ee23526ed55ff997f316a10a5e5bf21

SHA1
1ce1df2a6d559ad568545f203d88241e31d72c36

SHA256
b6678be538f4158092bdeaa37a781467a9ebaaa8a27cf9cab368a59652f5c9a3

SHA512
ccf5b8c11bf0ec1e1bf651d71135e789fe30de15fc9d0c640041b8c8fb894248aa2bde48bc6a39838b16a58651e6d1adaecf73a4d6ba9769855707b75dc41d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
b888b9982a55ddc3af2a00083c054e27

SHA1
d680a560be756d4c0c4cedefb6c64fd8444acc8d

SHA256
3f376f81da14e2e8c8b8e1a7eb55bd38d1104f4c00c2267739f77d5c8d50bda7

SHA512
e49b8e827291f4cf6145f595360976f2053fb436f63b6e41b6a286f8eabfe52e7f2cc1c5f5ea6cf4188a83314c40b3a1fb5be42c335ea54b6689a49605edb207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
410e6699efe2d27443be6e2d158ede1e

SHA1
73d11551de52985ad8ef1c050e02532984b2d380

SHA256
1dc1b00abaacbd20abfb026de2b20e015a407ac1bedd0bd419961532214cf4c8

SHA512
99b16873406b7fc75096e158de85d94eb1fbebd2e2222d94bdf1153ea1c210179d5db211d4d83a1fdcdffaf505abcf4f504212ca0ee89ab8e54418b25b6ceebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
24656354d5efcd02ceb023b64b57b5a4

SHA1
e4ba2690b24b196f5855acc535bfc1d1b706ee1f

SHA256
2a4f54580bd0c5b98e90bc8b779749d0c1446e57e955ecc6546ac60e6f480783

SHA512
b923b40ed450c3bb159b85e03cf80144efc07c5485ef70c5a8fe5ec4ff1df6cc560ac66c802b91c70604dd0a08e98f4172ff8507b67e31cf817fcc852be34113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
3effc36a77121afe180aa306f9721f74

SHA1
ab82cb93092b480a014a0e0bac3364236ef04289

SHA256
468826dd201794f573887f08edcce1e0582f09a5fc7397944f33128a800ee076

SHA512
cb1e2ff440d02dbb8079d06f837290a8203bcf20b10c4b327885fe297cb11df8d7697ffd6d6da359746d41778560b6d0ff1a7196ab2ffb3ba99c9c3ad227ba5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
80KB

MD5
42990c0abafd619bd5e61447203acecc

SHA1
0f7cb130efe2ad04d21020bf4146e54c5cb1e554

SHA256
f9fbbf4a5d9ab8965692571dc0a6ccf05e186eb8bd0223d8f39160feff974ea1

SHA512
a1af89a7c6a8974081b5ddaca8e0aefa979b000b2d522d21b81fd21a8ab7ecb76a2e1758af54c85c422363dbbbab6fd75ef2f12a11ec3b9e8321651fcf41e4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
38KB

MD5
9436affc97843765a966b3568fa7e5ec

SHA1
7bfda74bb30589c75d718fbc997f18c6d5cc4a0b

SHA256
7165713d3e1a610399471a5e93d5677508f62ef072c1151e72273bf4bd54f916

SHA512
473ec3a843c33e18d6d194651fe11353fcd03a7959225faeabf8c77484155ea6a7bccb72dbaf2093ed53c408faa3be9f6fc907f7a5ddf8223375f9d09b504456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
351KB

MD5
848ac2029c0323adccb6919ccf6dc866

SHA1
72d104a17f0a66e10099c4237c2cf3302ebf7601

SHA256
0809e88b46bb2fbe012d5f08f75137b4b248b16f0cbf25d4ba030f2a9f5f1b3c

SHA512
37aaa270eceb21573298c9b32fc9c59b79bdda3cd6b3329ed8012fd9f842e9eae204065ade2bbbf2034a36fc1e0e1039252bd1b281e7ce6ee593a1f2220c3f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
77KB

MD5
9b98c7cb7c399156a056a7a975ac7f13

SHA1
8ec188b4c3da11794513d7455fe55fd2364ad4c9

SHA256
c91e7e93efe7964557f4f79c41a5a38fb31632b11c6c9c02a5761519825dd2a5

SHA512
bd583dd9b421b5b510fac1b2270824a0f5b130aa6def305f5675c7329603b70981828d612dd88e1305e7f0e0502af0dd9253cde2143c0e55853b05feef6cf852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
39KB

MD5
6b5f1c9b663ede839b0620c91074f102

SHA1
cd662519951c920d7f6ec5b345b5bbec69930b6c

SHA256
43dd99cfdcc4423e56fdd63c34443ebb85da88043f6dd6837134978912021e30

SHA512
299c757e448dc8592df4608cb9cdb37cf09446a0fd7753681f99b1d94c753e0607486624619c21eb062676512e891e7fad9a73f2f06273c623ea5ae14cf4d2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
129KB

MD5
c7d153c739b48a96a3c5469de69c2c7a

SHA1
052a3abc93c3a56958f7f93fc68929ecd0e60950

SHA256
5601d293f0a606652bb46cb8c61f86380907985c80c1e475a085283d861a477c

SHA512
98c1ebc0b138ec7f4d4c932625e52193e88bbfda08e79350762066e686cafa13cf4b53fb773b9c8ed83ce9237b7b2b6ed90400c78a6422d4b7f0fb780e8ac4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
191KB

MD5
eaebb390ddb3b1c0e07904f935d29bd9

SHA1
dca8da5b24b1b18b3c8dbc2523f5d145fd4dae13

SHA256
9478515162e79256323883a5092b39e0045dc8213d7dcf7be5dcc1ec5b70e9e4

SHA512
e2dae28c4661b3bb65b3811803a9396e1c9b16eb187b60f2d4d1a8cc65e2ad6ce0931a48e942b5d920bdc263ea939b9164b649edc3752e83daabef9366a186e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
de5f48eb41d711d35ff4f53c2993a18d

SHA1
99a6a04197a59df4fdd8e6f145eb26de8745ac30

SHA256
8d11a0129e2b4b25f0349bc45b66b0ce77e921981ad721b7a8ef3486fef80751

SHA512
b34d13d96939544e19e9d75af31df58b933416176f5807933bcba9776eedfe60cb93cc9f264b21fd09dc3491d3dd1706cbcb43ed8585979589c25d807ffcaeb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
c4087c003abdd7e6f81a1f990a7e1ac0

SHA1
31f0a8d4b0ddefd48c6faed8bbc99f36e0ed5d75

SHA256
0b196e93bb7ff50b82be67e6f5514094d926900b1ff5047c9a0ec9870682a132

SHA512
9264529e07d8d6ebe212c5bd107b2599315dc7db4c5bbf490a6516c5b51b86e2a23200190dff8fd116abf235c6a40e41e2a47228ae25de896facb819204b0b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
87cf5f35807b9d6119be862a586c4f92

SHA1
1984a307d5036f4f45ba8d14ea880723dc8bbeee

SHA256
6d830fc2c929528dcb559977c2cb61a7cc19494a089c72bffe92edb459bc1d1b

SHA512
a63f0da8c9edfe84c5a9b9656b23c30dcfa232524ed89149fd9cf73cf45828d39fff75fb9367c2062451e0d43cdecda625edfaa21afd3574ff57b52edbfb7e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f3f5.TMP

Filesize
3KB

MD5
d5e8787a0ae4acf01096ea13628fcd34

SHA1
b98e3468d5d9d63ebab4f848a7e4eea8c88420e4

SHA256
93f6c8136f164608f2502a37eb1783f5ad137a99d2a192b878611e8e602886c7

SHA512
2cea525dddaeb0d36b7b5364f14bd80e313853f64254d9cee21b1836b349342f80647190078c0b3aeca1a474255d15d1188adc602dde46e2ed96826628f93d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\_metadata\computed_hashes.json

Filesize
429B

MD5
5d1d9020ccefd76ca661902e0c229087

SHA1
dcf2aa4a1c626ec7ffd9abd284d29b269d78fcb6

SHA256
b829b0df7e3f2391bfba70090eb4ce2ba6a978ccd665eebf1073849bdd4b8fb9

SHA512
5f6e72720e64a7ac19f191f0179992745d5136d41dcdc13c5c3c2e35a71eb227570bd47c7b376658ef670b75929abeebd8ef470d1e24b595a11d320ec1479e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\_metadata\verified_contents.json

Filesize
1KB

MD5
738e757b92939b24cdbbd0efc2601315

SHA1
77058cbafa625aafbea867052136c11ad3332143

SHA256
d23b2ba94ba22bbb681e6362ae5870acd8a3280fa9e7241b86a9e12982968947

SHA512
dca3e12dd5a9f1802db6d11b009fce2b787e79b9f730094367c9f26d1d87af1ea072ff5b10888648fb1231dd83475cf45594bb0c9915b655ee363a3127a5ffc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
8f71bd8b7bd47fd3804615c65399721e

SHA1
f5feb8a8ec2db7bda7bc21dd6070f73360b7d7fd

SHA256
1a8e0a362ef016dad6f03dd01870c25a7af642cb2bf15c8c0ca90727ab0bbc9c

SHA512
f62188dbc40b815608b2e05a6ffe38ea59db9fe50a64dbb8da1537755db3c20fa4e63f365b02e8a6ff6a5a7509df3a0aa4f04b509d7af622894aee35ccf42c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
9b29f573c09034017560f5ee39963bd5

SHA1
b1471abf964415455ac556d5b4fe23577d8c1246

SHA256
3c7a61ac07266b6e4f868f4f3e91f225846b3bf0ba2fc7b229295c2969faaf2c

SHA512
37da56f79c1926ea3dc41a7f876ef1e7949e91a5c623127ec84d3cfc4fb5a972f157e6246a99fccf41d12f2ad4a5514e3b28a5b2a89390dbe63b136545834f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\5ebf97ff-0653-4670-9017-ff0a4280a8bd.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
e76687bb214f88f772eb0ac701bb176f

SHA1
01100425d433eeb443a8cefeea78efd221ef4d84

SHA256
7e0151d312cb3da8dc5be86e0916e8b2bc99479a69bb57129bab23477f67b63c

SHA512
b1fc65fa1c64424aa397fc26c8003eae42214a4526cf36f11e9f2f1633ad4aa9335ef55c766886aeeb98f2516b6a04b387e7eee045671948587d32c49253d807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
6297cf8fe60b9179b86d5810c91742ad

SHA1
aa786e8c174983121f73ed7aca69ec770aabf3aa

SHA256
219e8d3bb35123ca553107f309c8034b2d09e54be7eea751ba75c3573edb2a83

SHA512
c9ecd27a0da5f128d348bcca2b172f294117d87f201b6673d2b8b411afd03907fbcfb13fc9a959f496dd828394c32cfd9e3a476393804c0ffa6fe41f6be66265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
0c5ce7b913c8710a7f1ef46a992cbbb5

SHA1
63b2c55feaf1f40f8db4c9febcbe1a1b640001d2

SHA256
2ed7ba2a93df3e07c77350958ab1afdd70d91d8bf1f97b11d9b614c1d3a344aa

SHA512
b83b2c1d602650362e03719169c014d7f5bfd1bb857a0247346b030703f2cd7657ac10f32def65148fb2348edfbbeebecff364a6d878bcd07f95ca3d9cd7404d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d8b77e58770bdb75717850d8ea164845

SHA1
8695ca97c7231bb094ba9c56d20ae2f2bf167b13

SHA256
cddcc2ee47fc6dc1b222ba35c28693c5f71431fb371afc69cb004f9821c731cc

SHA512
133cad751d9d6bd80e1548df2e661a7dd70cd95dab961d8f7c048346cf92364405e33ea1aa68e6a22d1c6aeae1ff482fc9faae60a4eb2d2fde03996ea2f52f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
3598608d1155bf7628990ec394c68904

SHA1
86eebbd0db0945215e8d13d7b7034f3cf2f89001

SHA256
0573ab9ab3eb8f7f8493ecea0ef8ee2d34e92b8bf005937ec7ec4cc0f34db38c

SHA512
d23f0baded9cd5a42d9b570abfebe0cd658eb89241ac1426c00bfac3c194d73349ba22397f537caba30e10e5d56a56ab13d19c7d0c5220a2e5fa7cc2c43d49c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
69edabaf00c05f7c1ae5242e559c775c

SHA1
0553292f45500b49a9963b489504dd95a1d98300

SHA256
71b242e51ed73811102ab2d9369d8daac3638c94ee842c5a429fc431835f2d98

SHA512
8944cd1f52bb454adcb939c442a46e41d57c7e249e23e4e48b4cd99d12a4cd5f0d606f09a7d9775344231787ed0463b61783f24b03ee8fd48f946286cc5711ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
af3748a4b1a722b67809a6f54ed0fa7d

SHA1
5e8a00c9283632d8a2703acd7e18c8d17496b83d

SHA256
38b8fa67faf44a487b9b75e73c94778c1e410d8ec4b3b25d7053a81f9a1cba32

SHA512
d95b09a0bc8b03d05d838d7ae8f19ee65418b8f1e9bfb7f06cf467f3dac846988e982c67df60478c6a76bd9c79175db0dc1c46a3c4bb0e6682c5c9cf16ba89fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
415ac1453174a8e2d8d785aeac8e1c33

SHA1
d5eda6a043077312aae7b181e7bd99a5622f4627

SHA256
118b7d63de14cd77d7efd9cc7aac9f03055c23d6413c6413bac4e959d1067f55

SHA512
978741fa8715376fa0e9b523ae318a725fae84abf0be357be40dbc9ff3028df6eca7c2a9bc71ca44a92d69032f725f37add31a73f0978adec64926b2cac1886b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
874141708b3bac092daac01c8e95ee4c

SHA1
a487e2a1408667ce00b7cb5636842d782d0a148c

SHA256
55d97ad51115b6e6c58fdb05c87054862eca8d078c089576cf958fba985ddeb0

SHA512
bc8958eef6aa3ae393a0fb92337127110cc55db4fb648b7064c10692976bafb97014b50928d7e03a88d34e320a16d204c6e1bd6fe8d8ab3b6df5e2e75893380e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
59b544fc9f80d01c54264916857f4618

SHA1
1b72224c491e1743005513c81baf603bcb8ce076

SHA256
4a68828c10c04562b3af85599be97318094ad35a2ed174822da87920b5fe5a39

SHA512
e1f3325fd05a8a20d2d9b47cdeca3dccdb1bec086f281d4cfcab83fad5366aa8a2c1f8b79da58ee252f171393840130c65660ff036630976a564b1ce302d168e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
e6fa5d614b8dc1eab0347df838568ae1

SHA1
8276b19c4bf8ad169363aa8f4826571bf5a91040

SHA256
6f4e1691ee32b908a738ac69bdb11e5e0e8720be14905db41a719ec094d5a453

SHA512
41966ee804374baba983764ec65c9a2f8d3fcca7e091293b30deb8257da2ee20f83481b2068f27c7e173911daadd5ea4d757c6f69062821c5438a8c5d037f0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
2a582542ee18b8c072c4c5043c061532

SHA1
8a48b8306e4302714dcd5a1cdc4a53a27c6274bb

SHA256
8149cc4bd67827fff6caadcd22123f8243423f525cf4c61b758fe862bd133577

SHA512
1ec5f7b683dae0c7ca86b995c75eb96714eb3d751d6699f16ee0b54b922cf6afc869a7d57b33c745bcd3dbd8e367f36374067b6471b1e1b97098f85cb9eb98f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
aa6f56479d0095ec9d6f6142069052d4

SHA1
513827193b3b0e38e41f9c638a246134b9bd457a

SHA256
46c732af674aa49d3c831860b5e934726ba500c9a8d5dd1b6ac53a296ed553da

SHA512
1454b0cc85a664a83af6aeccbbde9bff91b4a38307e62c20970424a715216763c0ecace5acbc753c985dcb35584ff53e0c151021daa23e940d7f538b04123352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
0fdc6ad0b92abe8dc7f4a2e1e149f220

SHA1
5e1a69fd0a3f26ea7c42aacc35f78eab8ba0935b

SHA256
98cfa6e28e0de9e90663d7084f09bdea23866da07c2a0c6d3c2269e1917e3bf1

SHA512
095d6ee9bea586bdbdf7ce52223e1ccc303523500418457e25a5fff8e03f62551a7015d80e97e3480b5cb407f98ae1ed16178760bcfac01c87197ebd39392372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6a380d4-5862-40a9-a645-ceea7f421bc5\index-dir\the-real-index

Filesize
2KB

MD5
71f1e3712d71213f3794f236470f502b

SHA1
f78c4fa64a8f3fb988209d444f11afd645d625d8

SHA256
36c25677c581c034d847f46cb8ecf8839489ea0a23d7fa43f53d4eed5e87af70

SHA512
b21fb82121195cfa609340fa3910033bbea8a93d6a463f20545846afec29c1734ef12536c1fa297ce6699eede4caebf2d53866b1e807b6994df218349aede7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6a380d4-5862-40a9-a645-ceea7f421bc5\index-dir\the-real-index

Filesize
2KB

MD5
7979db093cec330cbfa81b4a3fbebdfc

SHA1
9afcd350dce9d078b807e861508af72987deca4a

SHA256
a91349401f5ca0eb4445a9e0d8d6616389a60c099be2a89dfe02e3121e95c7a1

SHA512
a5c905d9b997c2b6cb78eed495da8e4f570be0d66a7f2ea52c62d3b6bc4e0083412135f507c8678ebfcc5bb45557d9e182f5c9f623f45dc9f8fe3221dde03fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6a380d4-5862-40a9-a645-ceea7f421bc5\index-dir\the-real-index~RFe587692.TMP

Filesize
2KB

MD5
9e869b75f325cb9944d3d6b8b5a914e4

SHA1
f270bdfc7fb31763545b182320f8a01aa50d7fae

SHA256
f47884c3e1376dec25660ace3ceace62470cb42692e762fe2793f898df90cc71

SHA512
7e4d47e5441a6b309265a568961ad1be9b3f01ecdd3e1fe8b6dc3828f923badb0fba52ce9e67b858fb05034f1a6f92670848f044d9843295b00de3f302769ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cfabe267-edf0-489c-97f9-d9101df6ee0d\index-dir\the-real-index

Filesize
72B

MD5
673cdf25393d7bf340413612c3763bad

SHA1
5306070164d5a9fa9bd966e0af3ee1a5a0fb8290

SHA256
ce5e31c0e6d3d64cfe78c911ec6ae73737a5fda00d13217fb96fbe1bd7921630

SHA512
88ab4eb6d4d7a73a2d2a23381ef6ac9227007a5a91a12ef93db27ba5d87b655942743ffba1b43e634701014f9bc56672b89e3abff042148f71f499be93b3351e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cfabe267-edf0-489c-97f9-d9101df6ee0d\index-dir\the-real-index

Filesize
72B

MD5
dcc5ebc024bcb2eaa456ef4e9d52c1fc

SHA1
fc69354ad4023939c66014b27799361a817a3421

SHA256
40d33c6ab8a0aad657345ab8ca0e57f1eeb78a1c7702aed1e516da08e6772ba9

SHA512
8fb880ee71d54081dfe09e892b6464daaf366e4cb7f6b5c3875138aa41a7624db500609f1d809369571015c63c90fc8f25d68710c957b0e662a2367bcd740185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
76e3ec04d7fab6b177960cc56d6fe5df

SHA1
794d846a775683a3f29e68e7dd001ed668e14ab1

SHA256
338baf97abfaa1614fd73178fd5dac5cc6eb2c10156ca7536102be720255eb9f

SHA512
739dfee61f3e050e1cf0cb99d11f542845994ba2eaaefb71f699586a888c2e60718dafceef077d3fec6e892f51990195d7c89b65d63516a6dd62458911650770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
43887f9a19d1e12a90c3de9a4201de3d

SHA1
d122493343d6568ef32af36f5a80ddf50191e4d7

SHA256
b944837994a624c0b8df608c56c47ceb8de7bab766951250c9c71d150c286ab7

SHA512
84d1eb97ca8606905462d28187207e4c8ea4d1f287de115795edd9a28f0ec0aaf7417d927627cf8ba185f4749846c74477f8d924e3bb42785491ab9004e97a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c7eeec42102304826b964943eb20ab25

SHA1
b84048d14ba0a6791c3c867ead98aaf234bf5aaa

SHA256
cd1a5c52dda41c235ab54b09c18411eb0585b1e95d9a336e6320d838c5062528

SHA512
01054977905077cdc736312fc990e722feb770dd0a0100a5c3708705dbbf4cbbb80987c9b6fad03eaa912e4fe7aa212443192037787243d9cc419abea8671f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ce57.TMP

Filesize
48B

MD5
34b6871f5bad8e9b9abf54993cba099e

SHA1
4c873ac18dce9947a7d097f8972be3d234069386

SHA256
d6e253eae15185c5fc8207ca6ff8f5672024a3015723aa93546c8b1bad894b1e

SHA512
b9499cf9ccee0396038da751dc07b94c9261a156390a4783e401b48b5a9ecd07a523ed34cdd8394648a84b949133f0dd858585b4ab367076dc94c22287c8c8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13388612514609247

Filesize
1KB

MD5
96b2bc7cdcf4aa7c6a000ac5e48a18ec

SHA1
230b9c0dcf7ba2f33d975c76d145f33592aea5a0

SHA256
6ade8f5560b90a7d7fd2bb3ba525600dd06ec21bb4809add7900d193b988f1d8

SHA512
db3e4cea1e91a35c6dd8641b01682bff9386a7fce1df964adcc11f16ff95eaf25c0dbf1ad6ccdab8dd4824a3783fe0b390273b9425798767af72039f2987735c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
e84bcf3ef690c38b0b75ecb7c93e8600

SHA1
9ab7720b42498be219e990ed7bd41dd1a351d891

SHA256
cdfb231edf8dc7eb0fbeb2710818f57f6b5c0ed6e313656a26aabcf99d384b90

SHA512
b5b0397755f0d2942790008d82691cf2933bfe3df2a60bbbba3abdcdc7a560a7e0519bdaacd82daa2722ddd0ef7330ef718e4d1d57c5435f95bd595593dd742d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e4c6e9daf01042985bf03201437023e2

SHA1
45e831a287a80cc3ee178316b64ad8b76806d1a2

SHA256
c2612611873259146e2ec57edcf37e8e265fa47ad4007b75ceac56d04c01d91f

SHA512
bbe2bbcd0e98268bf8de166fa017eb3edb7c7274e26f1fd7a5a4706b061e9dc5bd42d47203baba2415417138a256899dc3565238e3fbc964df534fd3ac856df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
0443a0aa7b39fd75ccf9e152dc126a05

SHA1
95c317be0b2436c3be288d87e859e3d06f009537

SHA256
43dcd738a38fe2037e0f307c09edd23561ec94ae4b8791cd9ce1b750be8cdf36

SHA512
f54ac70b938f65888ae396655f9b8b92957db5c334780f352ff4aaacd3af4e6212ee8dd0a43e15674a730bf24b0e27eb14f264e5260ca21ec86bb723e8ae318a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
4c4e96a6303444eee519b075fd01b210

SHA1
2858ad1a7a0d483f750a25f957ecc47ce97f9e8e

SHA256
dba0cedde2a45f02c47d960235915dcdf8810e2af5c7c2ae5b969b6160baa786

SHA512
d72e18fd7bb1d701158d740bb7dff17931dd9d22e40f1ffb65c676340dbd61a6c24c32d6751d7b97a67b19a1e82009932ccd0f2ffd2fad752a17619556188243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
84faf82d275420624f8b4c8247e62c6f

SHA1
9812deb48dfcc026d4b47c227310de434d2b7637

SHA256
59fdb0df31795237371bb0ceee4d4495df786f1265b4d039882adb3a417979bb

SHA512
ff82248e7936793d84cd04148c7d8af2080f3614a5bd7e86d0f61181b6efcb9f7d7ef35bf0b989a739e288cf0f2ac0af716768bac19e33bb582a3eb1fadda566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
1ef8c0bc2d0940105cea2159d9bd6b74

SHA1
b345d4d9584a2f2162746317e945ef80bdc6f99b

SHA256
d5032aa3e40dc64415e47c6ac5da1fcbeadbe0d83b9afaeb41e9759b556e48ec

SHA512
1f62b3c1530da861b5d3f45ba2ba0310c4959ee4e89818f5e7592da89effbd6c921d5bf536b39e1518941a08153e0e0ee3a9e109fb4f265ffa6e6b58fd2f9313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
872B

MD5
1c7b45e2f2048d0e876e3449f33c474b

SHA1
d9868d576275f8c837471560dc33b1d888287016

SHA256
a7c7cb867d1a97c1148e1760201027a288b141ed2708780ad846e70863c5a385

SHA512
809e8771ad5ee4fbacaff30d5c2aaf297451f52236f626857d83b4057ec9ccd00c5602f6a93eacbb35dcc2156a64edb23ec4e512c50cbc9b87fa11ad6b9e55c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe595c4f.TMP

Filesize
465B

MD5
d4611c598090f05ad35c9e2a8288b760

SHA1
6d61d3c86a2a4ae461993f5759fa925cb5ee3243

SHA256
41c4eb6f24be7cb38867c7421b6e58ccd24040c138952c55ef5abb8b6de58ebe

SHA512
41353228ead5defebfed7ffa17ab5ca5d2beff36442856ebc090dcc2b94f84b7b26ce6915b7b2b37ce52052fc11749720dda55d22b4f40b724f4195bb5b649e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\c6a3e34b-551d-4fc4-9b1a-45d44dcce226.tmp

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f7a46ca6ed28aef0f6a51be2e8b356f4

SHA1
a6c66cc1a2e98a019e5d49e2dec7a97f571e427c

SHA256
88d31ba0e62509af990b93c2cee2dcc865f7e7b7d644f9e4858f2b9171bee745

SHA512
ecb6bc42383fdb6b6bae9a63ef7f4df11b00ddaeb573c174b59d46159e4e736bc4344e997b087c042291844df0fc7ba002438d2298092dd1d9abb2eb6df69b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
bca526a750c6acae3e4959aba1c3f92c

SHA1
af3c14050ed0655fb79d2ad249f3cd02fb93e843

SHA256
cfb9432acc5e4ea323452712fc0aee21a76e81ba6cf7ecc4f6027a6b628a2ba7

SHA512
c949a59bfb635d35e4caeddad175cec72e54a74e5d43552427d3052ef13692b805efdf89532fd1ae6efb4d1523533c0853852c8a9e1360fe829a7500cba90d6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
0734374ca3d7d6867132a58d9b53cb53

SHA1
7014004417a391351dc743d2406bbf36b59f7210

SHA256
5c3ad14e2e0b0ff031d2fb295064f73e34c120b650fbd6f69773d8ff86a61382

SHA512
7808ef215a4a08b308a2b952d0bcf2f896542a19d3280eed7ccaec49f879ea063c72384681fc361f59cb1839218ce74aa71b6d50d9cff94aa1823505d073e73d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
6cd2e3e69ed4230973753cf5ca69d6b9

SHA1
2d73cd8d893d5e730e50b63326b3c7b10c13bc01

SHA256
bc91f4c870264c454f98a1ac752e628060d1ada468abbe66fedf9f54969ee7f8

SHA512
afb19bb25b5a1b9e96e3faa78c3eaca9baf1cb9206b3df9e69ef3e42fe43ddf8c9f7f402bcddd59659cee54c017a5ac5096bc4cf2db725f13ac4c7b5b4afeb09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
34KB

MD5
eee501753895d8fb528a1603c35b355a

SHA1
6932c825060a026abfe81898b40a538e70e5213d

SHA256
5fb0c7ad1a9266a88dccdbdbf043bfd885307442ada042a75ee262861a366255

SHA512
ee0a996f79541953f413294693a35054c5b5b8f14e76048571d2bf37486f9b4ff6018689c3f1062daa606c76ac4827e7218815f599f6ddbbf29962be107bdcca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
43KB

MD5
f40b67e62dd338f8228631e103072331

SHA1
68d9b73523dcc667b513631128d11e77dbb1e361

SHA256
b0dc63e06c2592776d6214264e425c55c7773d0a4c2fce20ccee287289b81771

SHA512
c6056bee948322150f88ec26ac2b0d1a067487de7ca37e61884bd442fc30926c606cdec60081c55a5b76f3948f3328e08325337fe0ba65b381fda988ef61ecfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
43KB

MD5
ce0c869e5c96e0ccfa774b3da89af071

SHA1
ee6e71ff54381b4d20f7510bfab1d27b331785c3

SHA256
348f835bdd19a26a5af918dcd39971f74a3dfabc7f084775e919162fe8c1f3df

SHA512
772450e461ae640ecf35d32a619a440a7a0d183defdb4c489083a55ac0f94678dcc7e6df9ca93fea4dd850e7fda4ef51513beaa4a270c30def613f5cbb53e8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
38KB

MD5
2c8898e0575166c641ba436915799904

SHA1
af463d61b7fbd31ec0aa317a63ce602b7956a58d

SHA256
00dc3af4452b38cb540a8e25da7418bd9cfa590a63bf388c4e253f265813082f

SHA512
ab48041aa6d8a5ee39c7a627be35a52742fef3fce12b1af35d4f4ae52a8669d8b265766d1822e984da972ec969c7fbaf68875514e94570e8d25ca260b1bb1b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
81e62890e10c70c09a2b7eb4648803d8

SHA1
20683cb71e9ec6d54344ba768f1b0b4b1576e457

SHA256
d2f10f8b1d79d458e60f99745846e676d5c3f60a726d1729cc9cc53dacc0f4dc

SHA512
deb995233c08b0f50cb299527518d97ea9b57bff6fe7fb32adecb8f618ecd9c43b9a00b3c6e1a92bda49b48256523fe0b3f6d36b2cfbbfa5770e88c1915c2492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
c8d17ad86458aa5336c9ca8a8917b77a

SHA1
29bd5043cafadd56453e0036ef9058ca492487c5

SHA256
04a3816e4ae8f030a66e99941d2680b794489793578232aa8c1433030630fbca

SHA512
1303969bdabb009120c992667e105ffadb9275b885dbebf09abae6eaf2d4f41052187667030b8a82540d0096052347d334b65b6567c0bedaa48cd77a9e4adc9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Filesize
20KB

MD5
6d5539adbf3b59df4ea04b14929c3862

SHA1
456c6a34e8ec3ebb3c13f68d569ade7b7db1dbc8

SHA256
333622124193e6b28e1ef9e8ab18b5a3737ed0c8925503b875062ab955ef41d9

SHA512
e8e99902aa2f500965848945437a8cd51f6201a1ddeb79d4437bf57d7e90cc89e6175d59f0ef1547034108074c2ce4ec9058b107300bbee8eecf6538d4630eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4a614f83756b5b477b4e9cf62c3fae76

SHA1
2c5d5fd6ef51ec5d8a8a85e04936966ca34788f3

SHA256
29a269a01c96ea88236ed19873f18f5fe92951e05033a2e827a0719e530f29d8

SHA512
53e67f9f39f91f12b1f41dd57c3613eceecd6b79167009485dd488f4e4c7fca5bff6463b85d1bb0368dba6f949d78592378a3d69f97968ba79e02462d621ccca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
22b1a6c252207aabaa49991863d2de0d

SHA1
bc5afdedde9902b21be4f9e60b701b855511890c

SHA256
c2124d3bf3df0e785a4af004242c5bcd30275979dba3b9a625e7be47138af997

SHA512
bec6da52938cf3a39482714a9862f2be4c44509f84c07294c5533a353ee8f14a8d71b402cbc66727d55571c4adffda2ee46287b3e937327cced9d0bb3bc672a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe59555a.TMP

Filesize
392B

MD5
289070796651d4ca8cc266c8134609ca

SHA1
82d3064cc0ff6583b21d534be3dd10e959c9968d

SHA256
7155b0a7b920ffbb5001a0733228578e0a77396164620bddf7b548229b8e7f8d

SHA512
e2a7728bfe8cf785699d77414702674572ff06210da55d6e2d37482029743f02f706b37a517d6ddc3a82f4b11047190c7d448e0bfd7739ba863abfcded3b3641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
42646381397a663d2588607bbdfae95c

SHA1
a907ad9a1aa5c8f852efa19c29b8f29715f0d56b

SHA256
dde4a660fe55c9a6d1881bca6e5fb764c1a6a949212729d61dff4e8ff8f4b9e7

SHA512
2f84c4f0fdfebe979272b2777c92dde17b5ea68dfd8d5fe1875d01a09672819090e638b337361f8d4eb5c4e557356baf23ae4b0f5078f191f465f4bf1670ce21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
92db83b6add6eb700b04a69f23ee52d3

SHA1
a3d243b3503a3c32b7d231975ffd155e3d00be1a

SHA256
12ec6c75bf667da392a181f206c5eafec6d257e3c67a0f669d441f941432ac1b

SHA512
8bc9d7cd7a46f5445f819fc97b49eb4a6a757ea744cdfe3b017e823a1f63ec01266e368f6cde54549cae7380adca5bd577adff2ae3d9920b1923bebb3a62eab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\54M48DI2\favicon[1].ico

Filesize
6KB

MD5
72f13fa5f987ea923a68a818d38fb540

SHA1
f014620d35787fcfdef193c20bb383f5655b9e1e

SHA256
37127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1

SHA512
b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\54M48DI2\main.min[1].css

Filesize
123KB

MD5
277c93a4961f4d3760024d92535a3d98

SHA1
9132fc900330667cd03e6348c128eed2ef0c3d5f

SHA256
1cb29283167d40587d4b766811e24cb7d3f29d9a0e5f3373af393d1a921722c7

SHA512
d73303673a088179a709ad3c8e9e9b7aa174b8c6a27d449e34f8ced27b7cf0cb0345a761d02d1a5060cfc8b59c2f9a09261aeb0ffb5e391fa56debc8f1c6a597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\54M48DI2\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EAO45EME\favicon-16x16[1].png

Filesize
695B

MD5
7fc6324199de70f7cb355c77347f0e1a

SHA1
d94d173f3f5140c1754c16ac29361ac1968ba8e2

SHA256
97d4556f7e8364fb3e0f0ccf58ab6614af002dfca4fe241095cf645a71df0949

SHA512
09f44601fa449b1608eb3d338b68ea9fd5540f66ea4f3f21534e9a757355a6133ae8fb9b4544f943ca5c504e45a3431bf3f3d24de2302d0439d8a13a0f2d544f

Download Submit
C:\Users\Admin\AppData\Local\Temp\232de139-a1b6-4b39-83d2-79425d7bd2fc.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec84947f-0ae0-4752-bab7-4ded5a77c0f2.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1412_255242866\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1412_255242866\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1412_255242866\CRX_INSTALL\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1412_255242866\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4292_1666710535\144b3433-6da1-474d-b95a-8a9d090169c4.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\Downloads\Brontok.exe

Filesize
106KB

MD5
d7506150617460e34645025f1ca2c74b

SHA1
5e7d5daf73a72473795d591f831e8a2054947668

SHA256
941ebf1dc12321bbe430994a55f6e22a1b83cea2fa7d281484ea2dab06353112

SHA512
69e0bd07a8bdbfe066593cdd81acd530b3d12b21e637c1af511b8fee447831b8d822065c5a74a477fe6590962ceff8d64d83ae9c41efd930636921d4d6567f6f

Download Submit
C:\Users\Admin\Downloads\HawkEye.exe

Filesize
232KB

MD5
60fabd1a2509b59831876d5e2aa71a6b

SHA1
8b91f3c4f721cb04cc4974fc91056f397ae78faa

SHA256
1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

SHA512
3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

Download Submit
C:\Users\Admin\Downloads\ILOVEYOU.vbs

Filesize
10KB

MD5
8e2c097ca623ca32723d57968b9d2525

SHA1
dccfb092fa979fb51c8c8ca64368a6f43349e41d

SHA256
556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1

SHA512
a468476a8463c36c2db914e3fe4dc7aee67ac35e5e39292107431d68ab1553ca3c74255a741432ba71e8a650cf19eb55d43983363bfc9710e65b212fba37bbde

Download Submit
C:\Users\Admin\Downloads\NJRat.exe

Filesize
31KB

MD5
29a37b6532a7acefa7580b826f23f6dd

SHA1
a0f4f3a1c5e159b6e2dadaa6615c5e4eb762479f

SHA256
7a84dd83f4f00cf0723b76a6a56587bdce6d57bd8024cc9c55565a442806cf69

SHA512
a54e2b097ffdaa51d49339bd7d15d6e8770b02603e3c864a13e5945322e28eb2eebc32680c6ddddbad1d9a3001aa02e944b6cef86d4a260db7e4b50f67ac9818

Download Submit
C:\Users\Admin\Downloads\SpySheriff.exe

Filesize
48KB

MD5
ab3e43a60f47a98962d50f2da0507df7

SHA1
4177228a54c15ac42855e87854d4cd9a1722fe39

SHA256
4f5f0d9a2b6ef077402a17136ff066dda4c8175ceb6086877aaa3570cabb638f

SHA512
9e3365c7860c4766091183d633462f1cc8c30d28871ae2cd8a9a086ce61c0bccf457f919db6826b708f0cf4f88e90f71185420edc4756b7d70137e2096f8797f

Download Submit
memory/3388-11755-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5028-11979-0x000002D2671F0000-0x000002D2671F1000-memory.dmp

Filesize
4KB

Download
memory/5028-11980-0x000002D2671F0000-0x000002D2671F1000-memory.dmp

Filesize
4KB

Download
memory/5028-11981-0x000002D2671F0000-0x000002D2671F1000-memory.dmp

Filesize
4KB

Download
memory/5028-11982-0x000002D2671F0000-0x000002D2671F1000-memory.dmp

Filesize
4KB

Download
memory/5028-11983-0x000002D2671F0000-0x000002D2671F1000-memory.dmp

Filesize
4KB

Download
memory/5028-11974-0x000002D2671F0000-0x000002D2671F1000-memory.dmp

Filesize
4KB

Download
memory/5028-11975-0x000002D2671F0000-0x000002D2671F1000-memory.dmp

Filesize
4KB

Download
memory/5028-11976-0x000002D2671F0000-0x000002D2671F1000-memory.dmp

Filesize
4KB

Download
memory/5028-11978-0x000002D2671F0000-0x000002D2671F1000-memory.dmp

Filesize
4KB

Download
memory/5420-10658-0x0000020958EB0000-0x0000020958EB1000-memory.dmp

Filesize
4KB

Download
memory/5420-10652-0x0000020958EB0000-0x0000020958EB1000-memory.dmp

Filesize
4KB

Download
memory/5420-10653-0x0000020958EB0000-0x0000020958EB1000-memory.dmp

Filesize
4KB

Download
memory/5420-10655-0x0000020958EB0000-0x0000020958EB1000-memory.dmp

Filesize
4KB

Download
memory/5420-10657-0x0000020958EB0000-0x0000020958EB1000-memory.dmp

Filesize
4KB

Download
memory/5420-10656-0x0000020958EB0000-0x0000020958EB1000-memory.dmp

Filesize
4KB

Download
memory/5420-10647-0x0000020958EB0000-0x0000020958EB1000-memory.dmp

Filesize
4KB

Download
memory/5420-10648-0x0000020958EB0000-0x0000020958EB1000-memory.dmp

Filesize
4KB

Download
memory/5420-10646-0x0000020958EB0000-0x0000020958EB1000-memory.dmp

Filesize
4KB

Download
memory/5420-10654-0x0000020958EB0000-0x0000020958EB1000-memory.dmp

Filesize
4KB

Download
memory/6116-2476-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/6116-2481-0x0000000000FD0000-0x0000000000FEA000-memory.dmp

Filesize
104KB

Download
memory/6456-11647-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/6456-11695-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download