Analysis

  • max time kernel
    1794s
  • max time network
    1150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2025, 19:25

General

  • Target

    https://mega.nz/file/SBNWUJCJ#ysyTM9NYAhM62RRYykni9i9HoWliKtUgANBSqaMbmfY

Malware Config

Extracted

Family

sheetrat

Mutex

Signatures

  • Sheetrat family
  • Sheetrat, NonEuclid rat

    Sheetrat aka NonEuclid RAT is a trojan written in C#.

  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 9 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 48 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/SBNWUJCJ#ysyTM9NYAhM62RRYykni9i9HoWliKtUgANBSqaMbmfY
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7ffb8aabf208,0x7ffb8aabf214,0x7ffb8aabf220
      2⤵
        PID:5412
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=1956,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3
        2⤵
          PID:5540
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2276,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:2
          2⤵
            PID:5440
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2464,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3012 /prefetch:8
            2⤵
              PID:3960
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
              2⤵
                PID:2388
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
                2⤵
                  PID:3544
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4820,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8
                  2⤵
                    PID:748
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4992,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:8
                    2⤵
                      PID:3620
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5488,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
                      2⤵
                        PID:3988
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5836,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
                        2⤵
                          PID:3236
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5620,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
                          2⤵
                            PID:4168
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5620,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
                            2⤵
                              PID:5768
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6404,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
                              2⤵
                                PID:2348
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6328,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:8
                                2⤵
                                  PID:3984
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6648,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:8
                                  2⤵
                                    PID:4796
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=704,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:8
                                    2⤵
                                      PID:1868
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4808,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6592 /prefetch:8
                                      2⤵
                                        PID:2044
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6588,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:8
                                        2⤵
                                          PID:4452
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5268,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:8
                                          2⤵
                                            PID:2440
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6200,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:8
                                            2⤵
                                              PID:1940
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6872,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:1
                                              2⤵
                                                PID:2968
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5204,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:8
                                                2⤵
                                                  PID:2320
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6020,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
                                                  2⤵
                                                    PID:4528
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7276,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=860 /prefetch:8
                                                    2⤵
                                                      PID:1380
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6864,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:8
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:1944
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5812,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8
                                                      2⤵
                                                        PID:5612
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6044,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:8
                                                        2⤵
                                                          PID:4812
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4884,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:8
                                                          2⤵
                                                            PID:3136
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7500,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7512 /prefetch:8
                                                            2⤵
                                                              PID:4624
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7396,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:8
                                                              2⤵
                                                                PID:5292
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7328,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8
                                                                2⤵
                                                                  PID:5188
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7444,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:8
                                                                  2⤵
                                                                    PID:3784
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3296,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:8
                                                                    2⤵
                                                                      PID:5364
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6860,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8
                                                                      2⤵
                                                                        PID:5720
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7416,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7424 /prefetch:8
                                                                        2⤵
                                                                          PID:3460
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7476,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:8
                                                                          2⤵
                                                                            PID:2352
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4828,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7436 /prefetch:8
                                                                            2⤵
                                                                              PID:3984
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3304,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7484 /prefetch:8
                                                                              2⤵
                                                                                PID:4192
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5616,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
                                                                                2⤵
                                                                                  PID:4492
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5540,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:8
                                                                                  2⤵
                                                                                    PID:4788
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7684,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7728 /prefetch:8
                                                                                    2⤵
                                                                                      PID:5068
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                    1⤵
                                                                                      PID:2796
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                      1⤵
                                                                                        PID:3396
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                          2⤵
                                                                                            PID:5756
                                                                                        • C:\Windows\system32\AUDIODG.EXE
                                                                                          C:\Windows\system32\AUDIODG.EXE 0x398 0x390
                                                                                          1⤵
                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                          PID:4988
                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                          1⤵
                                                                                            PID:4020
                                                                                          • C:\Program Files\7-Zip\7zG.exe
                                                                                            "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\" -ad -an -ai#7zMap30656:118:7zEvent3051
                                                                                            1⤵
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                            PID:6096
                                                                                          • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe
                                                                                            "C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe"
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Modifies registry class
                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                            PID:4588
                                                                                          • C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe
                                                                                            "C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe"
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            PID:3484
                                                                                          • C:\Users\Admin\Downloads\inil0imd2jepg2kr.exe
                                                                                            "C:\Users\Admin\Downloads\inil0imd2jepg2kr.exe"
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            PID:5112
                                                                                          • C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe
                                                                                            "C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe"
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            PID:448

                                                                                          Network

                                                                                                MITRE ATT&CK Enterprise v16

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1108697881\manifest.json

                                                                                                  Filesize

                                                                                                  117B

                                                                                                  MD5

                                                                                                  0abdce2e93f6542edfc9dfbcfb61ce89

                                                                                                  SHA1

                                                                                                  08067386e18ea1d48d916ecae2d2583a5f6df6ce

                                                                                                  SHA256

                                                                                                  d912b0ee06353fc36393d1c187a22d37d467e14ddb389a930ff7317b6760531c

                                                                                                  SHA512

                                                                                                  ec60d26c4b1c1e437c5c88fd9efc504843551a51d3c1b036a5b518cbaccec6e86fddca534b96d490872c6fd53a874f765367d3784473b948f112a51addc9f730

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\manifest.json

                                                                                                  Filesize

                                                                                                  145B

                                                                                                  MD5

                                                                                                  3c22ea3bca074127e886b3c3d4cead69

                                                                                                  SHA1

                                                                                                  e6442f0437b3375c06e33c3080a42692bd4262b4

                                                                                                  SHA256

                                                                                                  107c9b046abd5cd2c31fa6d6337bb91c1e42633c08d8eb84bbe3feb7bdcdd488

                                                                                                  SHA512

                                                                                                  6b2d04cf57c074e27798127ef7b2ae9b0dcb9a7e7ce5d3be63b67fbdb7d66a57ac2bd9975fd32e5fdb08f463638ec3801f475d41f40044dc8892abec687f598b

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1404122043\manifest.json

                                                                                                  Filesize

                                                                                                  79B

                                                                                                  MD5

                                                                                                  89217e000f3145a2523e43f947208e79

                                                                                                  SHA1

                                                                                                  cd7915d003ee87f2babc9ee9add12841022710ac

                                                                                                  SHA256

                                                                                                  6722a860c855cf94a54fd1ffdd3801c4c949f5b67d8601ad300264931057f2bb

                                                                                                  SHA512

                                                                                                  385257ef9c67d80006eb350ac79718f30e08d810a1568454806f2505b482e0093f784d0d4cd24078317f863db500898343ce69391c0ae7fc767697f6da38eeaf

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1559454108\manifest.json

                                                                                                  Filesize

                                                                                                  116B

                                                                                                  MD5

                                                                                                  a4edf901d950a9758ffe578ff1b03212

                                                                                                  SHA1

                                                                                                  cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5

                                                                                                  SHA256

                                                                                                  aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd

                                                                                                  SHA512

                                                                                                  835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1613740460\manifest.json

                                                                                                  Filesize

                                                                                                  69B

                                                                                                  MD5

                                                                                                  b721bdf2924d658186ac8868dbd2c008

                                                                                                  SHA1

                                                                                                  914aacc65bb7933bd73aa06f8bd2ca0b04de3858

                                                                                                  SHA256

                                                                                                  dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3

                                                                                                  SHA512

                                                                                                  4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1682441626\manifest.json

                                                                                                  Filesize

                                                                                                  1003B

                                                                                                  MD5

                                                                                                  578c9dbc62724b9d481ec9484a347b37

                                                                                                  SHA1

                                                                                                  a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

                                                                                                  SHA256

                                                                                                  005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

                                                                                                  SHA512

                                                                                                  2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_18000524\manifest.json

                                                                                                  Filesize

                                                                                                  119B

                                                                                                  MD5

                                                                                                  01cb8b111843d1f1dac11d249c24c8b7

                                                                                                  SHA1

                                                                                                  c4f1f6f219f325caee6363df7f459323109f2f6e

                                                                                                  SHA256

                                                                                                  b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a

                                                                                                  SHA512

                                                                                                  075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1976642119\manifest.json

                                                                                                  Filesize

                                                                                                  141B

                                                                                                  MD5

                                                                                                  811f0436837c701dc1cea3d6292b3922

                                                                                                  SHA1

                                                                                                  4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

                                                                                                  SHA256

                                                                                                  dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

                                                                                                  SHA512

                                                                                                  21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_2108344599\manifest.json

                                                                                                  Filesize

                                                                                                  176B

                                                                                                  MD5

                                                                                                  e7314184e67b4501f5048c2e5f181d96

                                                                                                  SHA1

                                                                                                  f741a8a1b8c18c8d4974f937ef589b134dde5419

                                                                                                  SHA256

                                                                                                  7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a

                                                                                                  SHA512

                                                                                                  773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_2122496097\manifest.json

                                                                                                  Filesize

                                                                                                  76B

                                                                                                  MD5

                                                                                                  ba25fcf816a017558d3434583e9746b8

                                                                                                  SHA1

                                                                                                  be05c87f7adf6b21273a4e94b3592618b6a4a624

                                                                                                  SHA256

                                                                                                  0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

                                                                                                  SHA512

                                                                                                  3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Notification\notification_fast.bundle.js.LICENSE.txt

                                                                                                  Filesize

                                                                                                  551B

                                                                                                  MD5

                                                                                                  7bf61e84e614585030a26b0b148f4d79

                                                                                                  SHA1

                                                                                                  c4ffbc5c6aa599e578d3f5524a59a99228eea400

                                                                                                  SHA256

                                                                                                  38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

                                                                                                  SHA512

                                                                                                  ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  8595bdd96ab7d24cc60eb749ce1b8b82

                                                                                                  SHA1

                                                                                                  3b612cc3d05e372c5ac91124f3756bbf099b378d

                                                                                                  SHA256

                                                                                                  363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

                                                                                                  SHA512

                                                                                                  555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\fr-CA\strings.json

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  cd247582beb274ca64f720aa588ffbc0

                                                                                                  SHA1

                                                                                                  4aaeef0905e67b490d4a9508ed5d4a406263ed9c

                                                                                                  SHA256

                                                                                                  c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

                                                                                                  SHA512

                                                                                                  bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\manifest.json

                                                                                                  Filesize

                                                                                                  121B

                                                                                                  MD5

                                                                                                  b276b32c82b4a75c2964172e184cac48

                                                                                                  SHA1

                                                                                                  b99794d13ae8fd9491f5970365fd20579ff8cf78

                                                                                                  SHA256

                                                                                                  6cf2e01d3865122a8b9cc9e74762c85d71215cdf5853a24663c53eff79521255

                                                                                                  SHA512

                                                                                                  d0e7364ace98d6e489ae66adf5f05063f78052463aea6a64bbff2b44594c07b9102c7032f925101bdd36bfecd71ecd1d29af3ff37b8df5e989bc9378f3913c8b

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_349462751\LICENSE

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  ee002cb9e51bb8dfa89640a406a1090a

                                                                                                  SHA1

                                                                                                  49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                                  SHA256

                                                                                                  3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                                  SHA512

                                                                                                  d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_349462751\manifest.json

                                                                                                  Filesize

                                                                                                  84B

                                                                                                  MD5

                                                                                                  e0909520982fc48e47a6451443b11741

                                                                                                  SHA1

                                                                                                  0e46425274933c153ebf5a03f25e693267a8cea2

                                                                                                  SHA256

                                                                                                  2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654

                                                                                                  SHA512

                                                                                                  3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_451790962\manifest.json

                                                                                                  Filesize

                                                                                                  53B

                                                                                                  MD5

                                                                                                  b4d869dd7052d78d29b3e439565f1600

                                                                                                  SHA1

                                                                                                  caa2cfa31729f4348a02514eba0235e72b88ce5a

                                                                                                  SHA256

                                                                                                  0f8ee89c4a420bda691d058cdd96c874c2edeec84145c81c957e98d05e351d3c

                                                                                                  SHA512

                                                                                                  1fda3488df8c43ad413b2e69a5e2292322fe837f7b27b88302b4e591e7e13fdceacb0af9b8bb92ca7c0d2b39abffc776c6cc35d18abb86ce91f55c719b43480e

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_795975215\manifest.json

                                                                                                  Filesize

                                                                                                  102B

                                                                                                  MD5

                                                                                                  b0e549dcc425951a670808d628ab5181

                                                                                                  SHA1

                                                                                                  63c37e4fd9193836f0100cee2bf76585787ae94b

                                                                                                  SHA256

                                                                                                  b2c8ee75956c3bb7ea6865137c441b916badfb99c922c17785875e784c96e29a

                                                                                                  SHA512

                                                                                                  d6dc7c7ddd5ad8ca06a831faa6bd399c8af77e0b21cfd039c608f366fb54b8d4553fc8f947a070544f472966190cf1ca5a236d1084be824b06684b6c6e8de0dc

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-as.hyb

                                                                                                  Filesize

                                                                                                  703B

                                                                                                  MD5

                                                                                                  8961fdd3db036dd43002659a4e4a7365

                                                                                                  SHA1

                                                                                                  7b2fa321d50d5417e6c8d48145e86d15b7ff8321

                                                                                                  SHA256

                                                                                                  c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

                                                                                                  SHA512

                                                                                                  531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-hi.hyb

                                                                                                  Filesize

                                                                                                  687B

                                                                                                  MD5

                                                                                                  0807cf29fc4c5d7d87c1689eb2e0baaa

                                                                                                  SHA1

                                                                                                  d0914fb069469d47a36d339ca70164253fccf022

                                                                                                  SHA256

                                                                                                  f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

                                                                                                  SHA512

                                                                                                  5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-nb.hyb

                                                                                                  Filesize

                                                                                                  141KB

                                                                                                  MD5

                                                                                                  677edd1a17d50f0bd11783f58725d0e7

                                                                                                  SHA1

                                                                                                  98fedc5862c78f3b03daed1ff9efbe5e31c205ee

                                                                                                  SHA256

                                                                                                  c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

                                                                                                  SHA512

                                                                                                  c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\manifest.json

                                                                                                  Filesize

                                                                                                  82B

                                                                                                  MD5

                                                                                                  2617c38bed67a4190fc499142b6f2867

                                                                                                  SHA1

                                                                                                  a37f0251cd6be0a6983d9a04193b773f86d31da1

                                                                                                  SHA256

                                                                                                  d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

                                                                                                  SHA512

                                                                                                  b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\06wt9uvbxedu6w47.exe.log

                                                                                                  Filesize

                                                                                                  443B

                                                                                                  MD5

                                                                                                  8add56521ef894ef0c66ecd3e989d718

                                                                                                  SHA1

                                                                                                  2058aa5185fd5dcce7263bef8fe35bf5e12dbc7f

                                                                                                  SHA256

                                                                                                  01bcb6c8348b83208a7c923fd840130a0bc7b3a188b62ad8e270a296ed94b724

                                                                                                  SHA512

                                                                                                  af99971664282617c18db6a27ddb3bf57eaa291d79ef66828319de3eb38533cc813f7d322cc4c9e687aa90b5c91b7874ed8e725c3cfe35e139e0581492caefb2

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json

                                                                                                  Filesize

                                                                                                  175B

                                                                                                  MD5

                                                                                                  8060c129d08468ed3f3f3d09f13540ce

                                                                                                  SHA1

                                                                                                  f979419a76d5abfc89007d91f35412420aeae611

                                                                                                  SHA256

                                                                                                  b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

                                                                                                  SHA512

                                                                                                  99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json

                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  1c865471f98902a3818e8bbf46360342

                                                                                                  SHA1

                                                                                                  932497309e942f67080b84dd37dbd634117135d4

                                                                                                  SHA256

                                                                                                  b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d

                                                                                                  SHA512

                                                                                                  d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\v1FieldTypes.json

                                                                                                  Filesize

                                                                                                  509KB

                                                                                                  MD5

                                                                                                  c1a0d30e5eebef19db1b7e68fc79d2be

                                                                                                  SHA1

                                                                                                  de4ccb9e7ea5850363d0e7124c01da766425039c

                                                                                                  SHA256

                                                                                                  f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

                                                                                                  SHA512

                                                                                                  f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                  Filesize

                                                                                                  280B

                                                                                                  MD5

                                                                                                  36326fcbb6119326e7c8aa24c4156548

                                                                                                  SHA1

                                                                                                  ed128a9727e1d58b970e732b8c66fc827b18372b

                                                                                                  SHA256

                                                                                                  ac41191dcaf36d91f7bd9a077bc59b1bd7218daa27b263d1da6a548f58264987

                                                                                                  SHA512

                                                                                                  ed5c79f1edc0c65a1cf0ace91ea5538245c1569c3b25ae3cdf033ffcb55d37e7b09baec36570e82fc1525c24224cea08a53abab7e52db6376f48f099ffefd1fe

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

                                                                                                  Filesize

                                                                                                  331B

                                                                                                  MD5

                                                                                                  fc3769606eb621f25ccf5f5e74bf0f7b

                                                                                                  SHA1

                                                                                                  3b371243477e5d81ea8c78c003e599364c30fde0

                                                                                                  SHA256

                                                                                                  444accc9fc3ef60f0b1a48ddb7e343fced76a3bdcdabdf517a07b7508e2dda29

                                                                                                  SHA512

                                                                                                  3d2b5ef62d6e5e66185462c50126a846943a871b074e1d0426f02b236d39610648f5ffb5e2498ddde55d831a74991f0b24818e4fcc4abd76b7aa1221761f09d7

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

                                                                                                  Filesize

                                                                                                  331B

                                                                                                  MD5

                                                                                                  68b0d97ca57785aab1b368d3f0dfd5bb

                                                                                                  SHA1

                                                                                                  3d51dd1fd137fdd3e9ca74cba2a6ff1c57092995

                                                                                                  SHA256

                                                                                                  34c707d9a277d74a328ba2b9640d264dc5a4be98d532bca88e6b9fa36c23b30c

                                                                                                  SHA512

                                                                                                  206a18f42f3d69fe1debab4bed797707ac2105648f96295eef0e8a3cfbcfd6ab2d96ee7e5c581e76e9a1a17c03e59f6877f1875c881a5a23be5ced56ec4c87b4

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  3cb39c80a6b9eda057af6e055bf61d6d

                                                                                                  SHA1

                                                                                                  abd585276f033acc233d7d3752d4d831208e4a84

                                                                                                  SHA256

                                                                                                  d5f16de21248d651be78538095cdabbbd1a2bd3dca7e61284137b3c61384fea3

                                                                                                  SHA512

                                                                                                  56cf60db01fe0af1ebb762f3bce7512eef3a7375856480620518333dd857d935068ae5adbe630ff6080f1c0c29a5aadb937ba700bbcd980e711d6d0c004c1087

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe582b60.TMP

                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  164901c3fa2d5301f63af8348d5f1511

                                                                                                  SHA1

                                                                                                  d56cc9d2cbe105b87b095b33009847e42bcf4e19

                                                                                                  SHA256

                                                                                                  34c76e630a2c8b4d2fc57972e29ef730a86414170bed249bb8ae80973e1f2eb2

                                                                                                  SHA512

                                                                                                  f7fe2ad365b83afc512fd25370a2ac6d30708230d9b720c695ac7b84e9e31d8f5bcc8eee2075f41627092cbcf9ae3153afe0635620e71b4ee94b342d0f189d54

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                                                  Filesize

                                                                                                  2B

                                                                                                  MD5

                                                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                                                  SHA1

                                                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                  SHA256

                                                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                  SHA512

                                                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\p\Paths\MANIFEST-000001

                                                                                                  Filesize

                                                                                                  41B

                                                                                                  MD5

                                                                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                  SHA1

                                                                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                  SHA256

                                                                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                  SHA512

                                                                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                                                  Filesize

                                                                                                  108KB

                                                                                                  MD5

                                                                                                  06d55006c2dec078a94558b85ae01aef

                                                                                                  SHA1

                                                                                                  6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                                                  SHA256

                                                                                                  088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                                                  SHA512

                                                                                                  ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

                                                                                                  Filesize

                                                                                                  16B

                                                                                                  MD5

                                                                                                  46295cac801e5d4857d09837238a6394

                                                                                                  SHA1

                                                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                  SHA256

                                                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                  SHA512

                                                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

                                                                                                  Filesize

                                                                                                  23B

                                                                                                  MD5

                                                                                                  3fd11ff447c1ee23538dc4d9724427a3

                                                                                                  SHA1

                                                                                                  1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                                                  SHA256

                                                                                                  720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                                                  SHA512

                                                                                                  10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  578c8773649d9b536b09ad78018ef48c

                                                                                                  SHA1

                                                                                                  f3eccbce24c981ae12d8ade17e89166f5cf1a108

                                                                                                  SHA256

                                                                                                  fd46889fd9e591b8100fdf8ce92f7580828683d0ebb987ee26139ad97bc9b544

                                                                                                  SHA512

                                                                                                  b0340c7a69d961215a6cddcdca7d8fae53efa6ba862930db9cf3b9e13587867f7b06e45ff633c5de4ed2f38cdbb7f14f41e5ce0fd8d176b9075f9e66d3ea3e9a

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  178ebabfb15b063e9977825a5bbe363a

                                                                                                  SHA1

                                                                                                  47a243408a5cd7dd21fd76c18bbe4ae79eece0fa

                                                                                                  SHA256

                                                                                                  a979d600f9a11ae94c94eba2baa079d926ed5f938a99e881e915886384bd4ecc

                                                                                                  SHA512

                                                                                                  aa7e64dbb6c2fdd08119053829f4cbe875ec88e2eae373d739dfe2ff381e8f799eade752c234895c10fc4fc51f634cfe8810ad808e06ef9a8f0493d34ab28d4f

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  50fa22b09558e651f2f6c864fe1889d6

                                                                                                  SHA1

                                                                                                  88ea1fc1f86e858114a9117b8c6ecf18b78fb8a7

                                                                                                  SHA256

                                                                                                  d3be74ae93739081e6b432a76b5b3b08d8a83371f4d278dc04bf4e2a2639df22

                                                                                                  SHA512

                                                                                                  74627edcf4c091d2e15a618fc70532513c1ac3cab09cde951d2d395837a7b7b5d002e2a14ddae8a35007f39b32f7fa20d0f82b28e5ce5f62c5ff7d6a61c20782

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  75fe100388eeca8098bebfdc71db2232

                                                                                                  SHA1

                                                                                                  c927fbf6e4fecb4d13e5a491dd9ed3526b23afb5

                                                                                                  SHA256

                                                                                                  589d1aefc1941dd25d09c7398f7632a69c6a5721cfd3be492b2d8c27981a7249

                                                                                                  SHA512

                                                                                                  ad6fdf4a962c9617e3bef1856b8db2b3ecf438454a53556ce0dc411be4f967f11d7690449a4cd82f907e17a846015c197552a38a086055b28dd850dc17976f59

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                  Filesize

                                                                                                  2B

                                                                                                  MD5

                                                                                                  d751713988987e9331980363e24189ce

                                                                                                  SHA1

                                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                  SHA256

                                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                  SHA512

                                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                                                                  Filesize

                                                                                                  40B

                                                                                                  MD5

                                                                                                  20d4b8fa017a12a108c87f540836e250

                                                                                                  SHA1

                                                                                                  1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                                                  SHA256

                                                                                                  6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                                                  SHA512

                                                                                                  507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  16KB

                                                                                                  MD5

                                                                                                  bc9cc24aaf13e50c235168423a3f7838

                                                                                                  SHA1

                                                                                                  1d67d43ca4b1c5f30b148bd35d81875877871c83

                                                                                                  SHA256

                                                                                                  f09bbdce9ba22d77cb4f0814c1ed150d29689305d05eb104920bc2ef9ed86574

                                                                                                  SHA512

                                                                                                  8a2fc7338a85e1640247251ec8fb7be4969d4fcfb6a51ea32015470d53290c598b8d80c5546fe478ce5c4ab9bee735de221324a7f58a0cc1ae243a313fdce310

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  16KB

                                                                                                  MD5

                                                                                                  4aaf258ad667eb5384a558ed31e1963f

                                                                                                  SHA1

                                                                                                  2214655909aac54e8f2385371259d53601f90a35

                                                                                                  SHA256

                                                                                                  7aa6b93aaf3557afb81cccf7d9ee40caeba44c08e4fa11540fbeaa95c1368cb5

                                                                                                  SHA512

                                                                                                  eace7dfb43b1f5e550a7d01fe2e76cc67a56c01ee681e8ca5afbb9aca68ad3b9484950b80be6d80ff5e6d8d84fcf1f45d18788fa5434b10cca2b01d16f70187b

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                  Filesize

                                                                                                  36KB

                                                                                                  MD5

                                                                                                  5d007be378c454cba4bd8d287e3b95c5

                                                                                                  SHA1

                                                                                                  73721bdd9f6fedd549b19e858f8da7e3946f5587

                                                                                                  SHA256

                                                                                                  4a59c5e85411faa9cd7c394fc0df9a554c48bfc07fef95bc30143d661cf957d6

                                                                                                  SHA512

                                                                                                  26cb3fd03728f1d6998780224a6727e0116dc1cfd220ad6b794d34d406ebfb3780e1f7004db5b12c323107df28fb0ac8f146ddfb7021219456dec27db849283e

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0fc6f7c5-ba86-48f0-8560-dff2f42d25af\index-dir\the-real-index

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  72060c97f6234d695e87c1d208d6f394

                                                                                                  SHA1

                                                                                                  07c9293efed4a1a6964c5339026bc3b17b968a29

                                                                                                  SHA256

                                                                                                  16ee55347a64faf0cbede2648c5f55450f367a275cff5fa923bd6972b4515fdf

                                                                                                  SHA512

                                                                                                  2d2d3e7b40a0f570acfcbf52e9a95b350ce210cbfcba10ad29dbe024171c82110481a2d09c8409158763c893886287686b92474904358a7ca1ffd5ff262348e4

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0fc6f7c5-ba86-48f0-8560-dff2f42d25af\index-dir\the-real-index~RFe5c3deb.TMP

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  ebc82e5e310a4a4700638458b241ceea

                                                                                                  SHA1

                                                                                                  32a7d9e961378de13e5347cac76f20844f5eeeca

                                                                                                  SHA256

                                                                                                  7bee9440e010a30d255ff9758c1e3489b1e202d0f611c357c75cb3bb387d326c

                                                                                                  SHA512

                                                                                                  2980f1e0b1fd0f8b4922a6ad7a3e054b9856aeb361611f4aaa5fe7f62ced2dbceaa831ac6d2f15207becbf9ec710d731f7e422210418fb25ec3a49dd28f2855b

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

                                                                                                  Filesize

                                                                                                  253B

                                                                                                  MD5

                                                                                                  5067ec626678c2a362bc610fda891797

                                                                                                  SHA1

                                                                                                  73bb9409ea01daa506203f59e314c38aac42c066

                                                                                                  SHA256

                                                                                                  67174ff47a5f7b3b6fbac642c13eded97e23f3734974a09e6e6fa9b426c72e48

                                                                                                  SHA512

                                                                                                  cd776b03e4ae398ff8d741c6897c30f3a9055b755afd7f68e7be2478d16972e5a31e4f7f1d4da071fb4909ec436d84e137b25c7e4174545a1cd9fddc3d56c3b0

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                  Filesize

                                                                                                  72B

                                                                                                  MD5

                                                                                                  b9a452bc99b1848f0f23314ed453e481

                                                                                                  SHA1

                                                                                                  f02656191ba951c00671f48e18223cbd8878e2c7

                                                                                                  SHA256

                                                                                                  aecbf8001c4e2eeebd3e7b83168be68142d1755ce17c4426682a90af67ecaed2

                                                                                                  SHA512

                                                                                                  7aab254d86f922d0ca9a932527f9549581aea96fb0c42ef9899f2c11ce1dc022031e8de19451603bf6ceef51035507d886cd114a6438debc88a3d523a6375e73

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5801df.TMP

                                                                                                  Filesize

                                                                                                  48B

                                                                                                  MD5

                                                                                                  d0b7d713a7835a73e5abdd71b94db3fa

                                                                                                  SHA1

                                                                                                  4e95460e16aa055811efccc2c9ade383ba0c0e97

                                                                                                  SHA256

                                                                                                  3398124e85f7b83183a25bfb7906602e2e68afa5e37147bddaccccf8efa9020a

                                                                                                  SHA512

                                                                                                  4dd8fb63b56841bb0d7a2b73233aa90007aef3e7151fcbbb2acd4b3909a0a69f96c248f3eb1c60fdb77e0058d6dc5b7ee071c8a16c02a12096cb61a28eae14f6

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                                                  Filesize

                                                                                                  22KB

                                                                                                  MD5

                                                                                                  2dc8c8eb76db8b09fafa4091b81b5e42

                                                                                                  SHA1

                                                                                                  363c1ac2945e84b0675bb83fe797ed2bb493c513

                                                                                                  SHA256

                                                                                                  6db9b256bed7c383b03543bd636614ece3c25508c61ddb2e193c792dac91fab8

                                                                                                  SHA512

                                                                                                  f22d81f402ab221b4690ffdde5c1c919dd47371e0331202ee87e803a5d21db27ee42472858acebd836fe751343be36400fa6ba297003181ae895a90644709972

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.11\data.txt

                                                                                                  Filesize

                                                                                                  137KB

                                                                                                  MD5

                                                                                                  1bee2c36cebf096d8a559d5c4eeacff7

                                                                                                  SHA1

                                                                                                  c695eda67f31d729dfc336b8a471ad6346a39031

                                                                                                  SHA256

                                                                                                  5e4014e267eec120e673cfbc407e4340c234a7898319b35a304ed6ea343a7999

                                                                                                  SHA512

                                                                                                  ba520d383be95d8b15140b7e38e4e7ac03077bbbb8ee5326ac4162be9403bc9f0576e53840fc22cd9c4038f19f60bdeb7b4e8e0125da6ed80670238de812b4b5

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                  Filesize

                                                                                                  467B

                                                                                                  MD5

                                                                                                  ffda6bebf5ea4ac2b2a8130d44e51a4a

                                                                                                  SHA1

                                                                                                  6757958725cc5da11b80cf2b736c2718672930cd

                                                                                                  SHA256

                                                                                                  8389263770c5ae585927e9b9f6ea2c00bc7f17ad1e517d8de1438403fd447cb9

                                                                                                  SHA512

                                                                                                  2b982c2700e47af683d60bec1903a4dbf7b897393583f2d47c3d31e76468f9de06687266e4a257a6a64935653c96dd5704f6d302839468b5ccc6572aadbfe05a

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  a6d8b691988396f158d0d0d20ef997fc

                                                                                                  SHA1

                                                                                                  903b61a61a81d630b13c3a7449d3cf056bd9d610

                                                                                                  SHA256

                                                                                                  a69df55f268af6f8bb9f80100ecfa5e1582b8895e52df6c7e313401a9f1d402a

                                                                                                  SHA512

                                                                                                  2c0428f87be7a96265a5f50c0fda89f0b2e313f98f769e8392ec0feb129272b9b5ec714d6680169c302e570d303bbd4ea136c1f748afeb41a7232bd7eed371a3

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                  Filesize

                                                                                                  900B

                                                                                                  MD5

                                                                                                  7475790d523de3354478b996b5b2bb90

                                                                                                  SHA1

                                                                                                  010bac5bb3c305a5a3e949b8064bd2716a551a42

                                                                                                  SHA256

                                                                                                  80b8a7d94a92c570d2708d685365f1c66d5745c8b31156ffa9eda3a9d9ebdce2

                                                                                                  SHA512

                                                                                                  365925359bf80793a45baba9469cc16ec863ec07e88ad4d762bdc33acfdc4a605012b46a847cfed27f73d66eb78eb60ca35e7ccdbafb8782edbc217403a4c82c

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

                                                                                                  Filesize

                                                                                                  22KB

                                                                                                  MD5

                                                                                                  3bca8411b45106afaa963d562c371631

                                                                                                  SHA1

                                                                                                  78857d33a65e7061ca18a3540c304f01e7e85325

                                                                                                  SHA256

                                                                                                  4503345ee70aa9ca0f90012b665743d7c13ec7052e7a943222287973b752b9c7

                                                                                                  SHA512

                                                                                                  a6a7e9af6613a30730a0b87be76f87144a3483afb756445d462de7b22543027e5e8f5822e0337ba2d7b65e413e526da962783d05d226c0d13d113d57d28b56ff

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.60.0\edge_checkout_page_validator.js

                                                                                                  Filesize

                                                                                                  1.0MB

                                                                                                  MD5

                                                                                                  03afb46c48ec22865708e6826a3a302b

                                                                                                  SHA1

                                                                                                  6566e24acf922c9d4034850bf1dac39786be0655

                                                                                                  SHA256

                                                                                                  03daef0d9039418880c9414c6cc56841b9d3facd790b2480e302c1803296b003

                                                                                                  SHA512

                                                                                                  6df8038a494df3412e2224b238da025d26ab477a02a1cd9ad809369047ac54fa745faf7bff4c209457fea59da64d23ff953b8213ed12cc1a2f4151a057df6c10

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-checkout-eligible-sites.json

                                                                                                  Filesize

                                                                                                  23KB

                                                                                                  MD5

                                                                                                  ed22bc3ded6df0109b9e594867473559

                                                                                                  SHA1

                                                                                                  ee39eb80dc23f7fd764199cbe4a153c4edc2e768

                                                                                                  SHA256

                                                                                                  2abefae3d72e7c4f5cdc94eb0ee552612d843a26faf4a7bd061c73839e19d7eb

                                                                                                  SHA512

                                                                                                  fb337c0a0107dc37a3067bcd6f60ffb8f63ee892a0ff729dcdf67c7a21fec95a742a274853e8947489108d7543c13b9479e02574f490bc217e8a182f08543aa3

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-notification-config.json

                                                                                                  Filesize

                                                                                                  804B

                                                                                                  MD5

                                                                                                  4cdefd9eb040c2755db20aa8ea5ee8f7

                                                                                                  SHA1

                                                                                                  f649fcd1c12c26fb90906c4c2ec0a9127af275f4

                                                                                                  SHA256

                                                                                                  bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

                                                                                                  SHA512

                                                                                                  7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-stable.json

                                                                                                  Filesize

                                                                                                  81KB

                                                                                                  MD5

                                                                                                  6e57b65a604224b60edb31cbec433a72

                                                                                                  SHA1

                                                                                                  cafbe47c5e6dbfb189bec99b3fdf612dd8b1a824

                                                                                                  SHA256

                                                                                                  0cec355c59fd6dbc59b6044d4dc8f403a499b256e9defeec4b7b6d21c67feed2

                                                                                                  SHA512

                                                                                                  4d2d3ed510869ead82211ff2a8370636e18779331e80ca385746023ea76bdad49b7009848bd41af7c607460241aec54d0a0a903324d2fbcecef08e2fa95f0641

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-tokenization-config.json

                                                                                                  Filesize

                                                                                                  34KB

                                                                                                  MD5

                                                                                                  ae3bd0f89f8a8cdeb1ea6eea1636cbdd

                                                                                                  SHA1

                                                                                                  1801bc211e260ba8f8099727ea820ecf636c684a

                                                                                                  SHA256

                                                                                                  0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

                                                                                                  SHA512

                                                                                                  69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  52KB

                                                                                                  MD5

                                                                                                  311bf82a94a99a391ff1b2e2205e48a1

                                                                                                  SHA1

                                                                                                  bd5f8a7f151b642d0c44b86232f1f79f5d89d972

                                                                                                  SHA256

                                                                                                  b6010899768074e11c48ab4c6847e7cb57a9951b6eee7fe254df9158d90c2026

                                                                                                  SHA512

                                                                                                  f15d84c64ca31997a73b36425dd459c2868bf3023089437668f59e2dea99d242d99e310f2308f740a04ed734f63c5ae5d03c8b420fc9188bc39a5ba672260a22

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  52KB

                                                                                                  MD5

                                                                                                  269dd6c3e9bfbb5db07ce0c0accb8ed7

                                                                                                  SHA1

                                                                                                  ae89b88a7593a1a52ac81d27c196bc26ef561ec8

                                                                                                  SHA256

                                                                                                  1c9f7af8b991e195c051a62d92ad4411c92362cff861efc2748b8683d589c691

                                                                                                  SHA512

                                                                                                  842ee90ef76266feb26eb58032f119b21fde074cd375579377d7cca6f7ec5219fd49a6083b84560f73ff4ba7443c8b06d00409e89c77604781f1de69619e89c7

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  40KB

                                                                                                  MD5

                                                                                                  21c486ab6fca708de363e5fd62d82a45

                                                                                                  SHA1

                                                                                                  6834e39b9d7b2e7eee8ec3efbf75535e4538e7c0

                                                                                                  SHA256

                                                                                                  9d121d0db5fa73745ecb2e898de95c65de03ead95c80fb3f82015855caec7b7d

                                                                                                  SHA512

                                                                                                  a95352df78b72fb7cc8334fab3d9c969f6cfb1895b66b4b7aa45e87b183a35157517c273b8e00ef8aaf2c75bd23a2c4d22c6205b7768f9602226b3c8c306a068

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  40KB

                                                                                                  MD5

                                                                                                  e8326edee09df1cab30c37cc6e17e481

                                                                                                  SHA1

                                                                                                  78deec3152421ddb2e98f75ca5a4b6d65838a374

                                                                                                  SHA256

                                                                                                  615bfa09d7a744b43090253e6c354e41bd817b41be0fc2bd50659e306eb1c49b

                                                                                                  SHA512

                                                                                                  7888948a00e390200a84e9343ab89d5133adf22205a62ebb1d1eed5a5a2241310c9b7ab2d8d7233382b4d6e9ca8f571c8274dc29f35b9acfd7686b38ec5f8af3

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  40KB

                                                                                                  MD5

                                                                                                  80e629ce019b8fe598e0c2ad17ec826f

                                                                                                  SHA1

                                                                                                  274d3e3087e8a24407c68cf06a75040bade35522

                                                                                                  SHA256

                                                                                                  825757b714a29ac2cea5878624a8cadcd04af21bf1c1a1f22a83aa3672a51b2d

                                                                                                  SHA512

                                                                                                  3a0e65e2ba48589ade44d5b1c5d2f1c096d47fcc8ad5045c401fcc447cf85a40edc4ca4954257b97418dec44a9f5ac7144cfa87f05189f10109ae351ad960d86

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\crs.pb

                                                                                                  Filesize

                                                                                                  291KB

                                                                                                  MD5

                                                                                                  916f38644626b7201f29c01bc659525b

                                                                                                  SHA1

                                                                                                  c259bfd1ccbf1347b6a0bac43e7aead100ca7092

                                                                                                  SHA256

                                                                                                  8ba4acc8582041e5caa5dc4c73ade421b52a8b018e70f12b7a1437f74c6a955e

                                                                                                  SHA512

                                                                                                  33539525ec8bf13ee832365994dd6b3bc2162ef64e032baa1ab6e45d701125d08009504c254e85b763b69abd93f10366a4b44e5e62f7705c988c089aea447d19

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\ct_config.pb

                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  4fdf7c8ca48768f459c97b25fdd10d9b

                                                                                                  SHA1

                                                                                                  d1f0ac34a53294875dd7bc03dfbdf5c7ae65a4d0

                                                                                                  SHA256

                                                                                                  6a350094ab9a19b758f6660a58afdecc44e83b3ce8c3521fe3b831d5945a3911

                                                                                                  SHA512

                                                                                                  7322c942946b83ed8cf8875613f72ab5fa5fcb4ca1671bba22bd02404546f8ce099b2941cb0897b3209aecb85b6ac2f1b98f2d11678e5304b55ae3974192042d

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\kp_pinslist.pb

                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  563bdb2192acf2c106832f696df5d84c

                                                                                                  SHA1

                                                                                                  898eee38d08e09254c39dd0d1707c98f95cb2fa6

                                                                                                  SHA256

                                                                                                  2efcd280779456d767025a4f2915012cb9b11af2b8e199d3f32152232bf09460

                                                                                                  SHA512

                                                                                                  550e3dbaa0a5d74763465318b6f14035e16e1d70602ca36a5636d159875b527fae51f0c7f81e380797b4871283dbddb964017e7a16857228a621284d7aef00f5

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules

                                                                                                  Filesize

                                                                                                  1.8MB

                                                                                                  MD5

                                                                                                  faf01ed2c0020f8fa512ff379d82c211

                                                                                                  SHA1

                                                                                                  233d104dfe718231837e33c5543085b6dba5cd8b

                                                                                                  SHA256

                                                                                                  192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750

                                                                                                  SHA512

                                                                                                  8ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE

                                                                                                  Filesize

                                                                                                  24KB

                                                                                                  MD5

                                                                                                  aad9405766b20014ab3beb08b99536de

                                                                                                  SHA1

                                                                                                  486a379bdfeecdc99ed3f4617f35ae65babe9d47

                                                                                                  SHA256

                                                                                                  ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

                                                                                                  SHA512

                                                                                                  bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.5.15.1\keys.json

                                                                                                  Filesize

                                                                                                  7KB

                                                                                                  MD5

                                                                                                  03f15dff10ac451682f8a308674ddf77

                                                                                                  SHA1

                                                                                                  c723e23c49bed8a52b8f947b2cb8879a110fc94b

                                                                                                  SHA256

                                                                                                  f967e18d5b1839ba801212f032e7e6dd92f7ba6958bc3ae9b122d9fadf2b1bf4

                                                                                                  SHA512

                                                                                                  df8fdc89cc1e6f2edce49b41bd9f71dc7f7a8daab40f1355415119f9c0a0d5067337d966472ad49f855ecb9a89bee8d1711d8a869589a03e469530ee8d7e0f3e

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.7.2.1\typosquatting_list.pb

                                                                                                  Filesize

                                                                                                  678KB

                                                                                                  MD5

                                                                                                  8aeeb5c136b1deeeee3677f4b93e2575

                                                                                                  SHA1

                                                                                                  c716557d8d504577e2d22bb710e94663b91c80f3

                                                                                                  SHA256

                                                                                                  b8d2c9ee5824a35ef1bcc746200cc710bad4951d4ee16be4acb8a8f503bd4856

                                                                                                  SHA512

                                                                                                  a5b927c20ade622589e09a7443e7fef2ae2b445b22aa773c4bd05c248d48f0bd0e7e2f3595441bd40957c08f29d660f27b7238030c51303d338738e2b1c51b17

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

                                                                                                  Filesize

                                                                                                  572KB

                                                                                                  MD5

                                                                                                  f5f5b37fd514776f455864502c852773

                                                                                                  SHA1

                                                                                                  8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

                                                                                                  SHA256

                                                                                                  2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

                                                                                                  SHA512

                                                                                                  b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

                                                                                                  Filesize

                                                                                                  156KB

                                                                                                  MD5

                                                                                                  b384b2c8acf11d0ca778ea05a710bc01

                                                                                                  SHA1

                                                                                                  4d3e01b65ed401b19e9d05e2218eeb01a0a65972

                                                                                                  SHA256

                                                                                                  0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

                                                                                                  SHA512

                                                                                                  272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  0698ab9ea514f7701f2c3d87682cca1b

                                                                                                  SHA1

                                                                                                  89c0790d34663d2ade8a2652605333f22f6173f9

                                                                                                  SHA256

                                                                                                  90c274070a89a13fc961add85187c8390e84f9f41249589649b7f1486699bd41

                                                                                                  SHA512

                                                                                                  6b70838296c577e4a914e487bd77543d7e0fb403617779a69d300fa17104deae1ab8472c95fd3b06e80cf6608a34103ff73ab631ccf2c8f3865ca384848f9fec

                                                                                                • C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe

                                                                                                  Filesize

                                                                                                  473KB

                                                                                                  MD5

                                                                                                  f61613d0529ac33d006acfb6a0fa5188

                                                                                                  SHA1

                                                                                                  7dc993210d72c78cdfb98c7ee46ceb7e59da2ca0

                                                                                                  SHA256

                                                                                                  80413a41c4e460898f05f2439e75d9e1d0e7f7e9eb2b6f38d0918b9903150bef

                                                                                                  SHA512

                                                                                                  69a75d604b109c79de43fbe8326fb0334bd59ecff47af6e4bb8f8eb2a9c71603767cf2d4bd26da5925cf83770b567f30cbe813e6de6582b86bedaa489bdbf3e3

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6.zip

                                                                                                  Filesize

                                                                                                  19.6MB

                                                                                                  MD5

                                                                                                  6ef9b7a7863a1a1d6bc10fa7332db6f1

                                                                                                  SHA1

                                                                                                  6a967dcf6ac46b164d6c0ff65c2e304079be24c6

                                                                                                  SHA256

                                                                                                  fb89691c605186454d35d150afeb02f561e107d327400840a364350b23a43e9c

                                                                                                  SHA512

                                                                                                  0f263b696c26402a2f0f5d327c7fed53e1d421375302e940a0132674e63b0f4d91b69545b698f4e49688c859045b537d361ef71a172c3030413bbc7c12890fe3

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\MaterialSkin.dll

                                                                                                  Filesize

                                                                                                  6.4MB

                                                                                                  MD5

                                                                                                  022f385e55d9d3d42a33b4ca999bf22a

                                                                                                  SHA1

                                                                                                  5d2f22d51d2e87ae8d1f2c1acd3f08f4fdddf107

                                                                                                  SHA256

                                                                                                  3b0e1b3af6d2b8b3d02b6cd52849277c9c8066c2ae565e68253d4551c37492d3

                                                                                                  SHA512

                                                                                                  7fd663b56a2894d1db2ee1032067091f72a4ac301ee8cd392030c6ab186e3bb960d8e35a8591204fc23e9b5a145a2a9ab0092b1c9e6ae5c9c2dc2adf907a891c

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Newtonsoft.Json.dll

                                                                                                  Filesize

                                                                                                  695KB

                                                                                                  MD5

                                                                                                  195ffb7167db3219b217c4fd439eedd6

                                                                                                  SHA1

                                                                                                  1e76e6099570ede620b76ed47cf8d03a936d49f8

                                                                                                  SHA256

                                                                                                  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

                                                                                                  SHA512

                                                                                                  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\RjControls.dll

                                                                                                  Filesize

                                                                                                  31KB

                                                                                                  MD5

                                                                                                  889492bfc195bf189ef7649233da68af

                                                                                                  SHA1

                                                                                                  0c1c83d6965340593e7607d86a2ae06f6cea4e51

                                                                                                  SHA256

                                                                                                  3ee6c31ab5c76286cc58c94fb11b00c8163bde35918ebb39cc6d4c3bfc62e36f

                                                                                                  SHA512

                                                                                                  52d5fae0544501a9359e0b420e31c3191d93a8ffd5aebbbe05c2a4191e417c0afe28be58b21957bf2265ebc186878c3f9be63a92043caf747ab4f071fb109b5e

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe

                                                                                                  Filesize

                                                                                                  2.0MB

                                                                                                  MD5

                                                                                                  780594098ed58a69144af5e289901d03

                                                                                                  SHA1

                                                                                                  da441fd8867a76dee5506e6d8bdbd69ea69f4b0c

                                                                                                  SHA256

                                                                                                  c13e4ba68439d2065784825adeb066a2a258d35ce0027a7e419a07f78d0f0ade

                                                                                                  SHA512

                                                                                                  bb89389f14a866b286cfe7dff24b9974287d2240ed76447940a1682f3829ac3f86624601dfc369cd4503b74b59b813e18f500a4eeb0ffd3d692355148265feb7

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe.config

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  dbfde188a065e195708a51d2cab58507

                                                                                                  SHA1

                                                                                                  36db24ef3e6fa2f0893507425dbfd178555aa4b9

                                                                                                  SHA256

                                                                                                  303f2ee77f41a12f2826b58d4087de1e56352443a57b88a1b921cbd4680ac978

                                                                                                  SHA512

                                                                                                  0a8ba62dd35f51d4e8e3b4ef6015a650029e56892701f435399f11b9474a33b046cdbc66bbb7221979cbec595dd813b80229446149f66fb1f07cdeda7c89fd4c

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\ServerCertificate.p12

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  a4472e78ee606f426a623897f03a912c

                                                                                                  SHA1

                                                                                                  22dec2c55f96c1d1c5bcd0c76d551fc4eefc57fb

                                                                                                  SHA256

                                                                                                  b8177366a1c932b61b18711b0547b6e6cb92ac64816d4c415e715e37803ad231

                                                                                                  SHA512

                                                                                                  90fdb478e8af73fb6f8d63e5b1edffadca41d129a7960141095d6724be64eaf6cd0bf0e2b96989a16f4a2109ebd53e599688a51aea0c817da33cf694eae4960f

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Stub\Client.exe

                                                                                                  Filesize

                                                                                                  44KB

                                                                                                  MD5

                                                                                                  24b70dcbdf39074f85c1ab2f0e0a3223

                                                                                                  SHA1

                                                                                                  9bb3ebd03a59cb5606d8cd7b90edee45ad6e2614

                                                                                                  SHA256

                                                                                                  5f70e4fa11017918e51ae7eeb9c46b8cf3e1d3ec71b46309878885d38749f797

                                                                                                  SHA512

                                                                                                  a631b67e6a3f3bd7411a119cd82fa6395e865b55f60726fa6bd2eafe30950a0e0e31f61a906a95d7a817def2c86fa91264f63cef856190cd521d260784ce39d7

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Stub\UserMode.obf.dll

                                                                                                  Filesize

                                                                                                  136KB

                                                                                                  MD5

                                                                                                  16e5a492c9c6ae34c59683be9c51fa31

                                                                                                  SHA1

                                                                                                  97031b41f5c56f371c28ae0d62a2df7d585adaba

                                                                                                  SHA256

                                                                                                  35c8d022e1d917f1aabdceae98097ccc072161b302f84c768ca63e4b32ac2b66

                                                                                                  SHA512

                                                                                                  20fd369172ef5e3e2fde388666b42e8fe5f0c2bfa338c0345f45e98af6561a249ba3ecc48c3f16efcc73f02ecb67b3ddb1e2e8f0e77d18fa00ac34e6379e50b6

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\dnlib.dll

                                                                                                  Filesize

                                                                                                  1.1MB

                                                                                                  MD5

                                                                                                  3d913aab7b1c514502c6a232e37d470e

                                                                                                  SHA1

                                                                                                  28ac2d1519ec5ea58b81fe40777645acc043b349

                                                                                                  SHA256

                                                                                                  bdb84aa16678189510def7c589851f6ea15e60ff977ea4c7c8c156504e6ac0ff

                                                                                                  SHA512

                                                                                                  311e8f73c52dd65cbaf9f6e008b3231090ea99edf3471bac63cca4156a37a0d874ac590b19c01b15e05345bb6a5b636a11698bbd4e88c59c138dd3f358800027

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\local\Bulider.json

                                                                                                  Filesize

                                                                                                  38KB

                                                                                                  MD5

                                                                                                  c640915d1d6bbf049e4e87a82cd4ab8a

                                                                                                  SHA1

                                                                                                  56dee0223d2b9d45b4baa693ab7c9d520bd06089

                                                                                                  SHA256

                                                                                                  4843c6f6c035bc9d778d58fcd2aba4a8c37aba378dfdd56ef16e06d8dc8d92b3

                                                                                                  SHA512

                                                                                                  33fda797de86545989d8ca47f00ffb4a7ff44fbc919c8ca4ac129f999536233b622fc177932ee9f554b405265fc3a085aed63ea3e15285301c9678680c94a33a

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\local\Settings.json

                                                                                                  Filesize

                                                                                                  150B

                                                                                                  MD5

                                                                                                  5a8d834657fbcb1b254fd8246710d7f2

                                                                                                  SHA1

                                                                                                  8f71b23975336ea9bea863fda1a4470a5eec1fb8

                                                                                                  SHA256

                                                                                                  e74ed4df8c42a3bebb85be5c8c3eaf8c6d3456b29898c453237561aa54ff99cf

                                                                                                  SHA512

                                                                                                  1ff5b90b871709c4a26b62dea0f23e4893ff1fbca40689a3f79f84923369d0a4644500d922497b02743fde291ebb2aefc84dda31dc9e4b2df1f71940ba1d0e38

                                                                                                • C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\local\temp.ico

                                                                                                  Filesize

                                                                                                  27KB

                                                                                                  MD5

                                                                                                  4c84bfc72d502e0ab8f956277e009f8a

                                                                                                  SHA1

                                                                                                  49647abd196f132f40d26efb2f9a5a0be3ef9e4f

                                                                                                  SHA256

                                                                                                  01c6d342e29e5ae750d1a1d4ae8107d7022bf4a4fcd1f47aeb6517e0737764ad

                                                                                                  SHA512

                                                                                                  6dbf57ac43cc75411199eb47eba175d11059eaf3660655e130b61376e94e2e37335a2aa7c1b6710eef4615d775be0d24a95d49261aba737df983fae926212adf

                                                                                                • C:\Users\Admin\Downloads\inil0imd2jepg2kr.exe

                                                                                                  Filesize

                                                                                                  347KB

                                                                                                  MD5

                                                                                                  31a1a59b3d9d776591f51f05a226e2db

                                                                                                  SHA1

                                                                                                  75a37267c3f5e22a3536eb097e3b3e6e1a4b65ae

                                                                                                  SHA256

                                                                                                  fa49cf273d33d57102ada2fc3e7314f91e605c9184e460ed00ac8ef5d19dce47

                                                                                                  SHA512

                                                                                                  217429b39767136982dec657b3939a7f3e8a97d0b80ac13bd75d2b2fbc05879777ba5d7b3f34a43a648aef028b0fc2d691a555c2167cf33179754f1d8b4d4ec2

                                                                                                • memory/3484-1434-0x0000000000770000-0x00000000007EC000-memory.dmp

                                                                                                  Filesize

                                                                                                  496KB

                                                                                                • memory/4588-1415-0x000000000EF40000-0x000000000F066000-memory.dmp

                                                                                                  Filesize

                                                                                                  1.1MB

                                                                                                • memory/4588-1293-0x00000000058E0000-0x00000000058EA000-memory.dmp

                                                                                                  Filesize

                                                                                                  40KB

                                                                                                • memory/4588-1292-0x0000000005F10000-0x0000000005FC2000-memory.dmp

                                                                                                  Filesize

                                                                                                  712KB

                                                                                                • memory/4588-1288-0x0000000005750000-0x00000000057E2000-memory.dmp

                                                                                                  Filesize

                                                                                                  584KB

                                                                                                • memory/4588-1287-0x0000000006590000-0x0000000006C04000-memory.dmp

                                                                                                  Filesize

                                                                                                  6.5MB

                                                                                                • memory/4588-1283-0x0000000005960000-0x0000000005F04000-memory.dmp

                                                                                                  Filesize

                                                                                                  5.6MB

                                                                                                • memory/4588-1282-0x0000000000760000-0x0000000000970000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.1MB

                                                                                                • memory/4588-1295-0x0000000007AF0000-0x0000000007B12000-memory.dmp

                                                                                                  Filesize

                                                                                                  136KB

                                                                                                • memory/4588-1296-0x0000000007B20000-0x0000000007E74000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.3MB

                                                                                                • memory/4588-1300-0x0000000009F20000-0x0000000009F2E000-memory.dmp

                                                                                                  Filesize

                                                                                                  56KB

                                                                                                • memory/5112-1534-0x0000000000100000-0x000000000015E000-memory.dmp

                                                                                                  Filesize

                                                                                                  376KB