Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/SBNWUJCJ#ysyTM9NYAhM62RRYykni9i9HoWliKtUgANBSqaMbmfY was found to be: Known bad.
Malicious Activity Summary
Sheetrat, NonEuclid rat
Sheetrat family
.NET Reactor proctector
Loads dropped DLL
Executes dropped EXE
Drops file in Program Files directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-02 19:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-02 19:25
Reported
2025-07-02 19:55
Platform
win10v2004-20250502-en
Max time kernel
1794s
Max time network
1150s
Command Line
Signatures
Sheetrat family
Sheetrat, NonEuclid rat
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\inil0imd2jepg2kr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\shopping_fre.html | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\hu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\en_GB\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1559454108\Filtering Rules | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-ec\da\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-hub\pt-PT\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-mobile-hub\pt-BR\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-mobile-hub\zh-Hant\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-shared-components\en-GB\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_349462751\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-nn.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-pt.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-shared-components\el\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Notification\notification_fast.bundle.js.LICENSE.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Tokenized-Card\tokenized-card.html | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\be\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\ru\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\hy\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_2108344599\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_451790962\data.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-cu.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1559454108\adblock_snippet.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\wallet.bundle.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-fr.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\hub-signature.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Notification\notification.bundle.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\en\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\edge_driver.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\ne\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1976642119\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-de-1996.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-ec\pl\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-mobile-hub\fr\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\pt-BR\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\wallet\README.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\cs\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-gu.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-ec\ko\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-notification\en-GB\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-notification-shared\ja\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\de\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\fr\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\pt-PT\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1976642119\well_known_domains.dll | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-nl.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\edge_checkout_page_validator.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\shopping.html | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-hub\cs\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-hub\zh-Hans\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-mobile-hub\id\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Tokenized-Card\tokenized-card.bundle.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\lo\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\id\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\fr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_18000524\edge_autofill_global_block_list.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-mobile-hub\ar\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Wallet-Checkout\load-ec-deps.bundle.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1682441626\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\iw\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_795975215\crs.pb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\product_page.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\shopping.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-ec\th\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959579336059888" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1153236273-2212388449-1493869963-1000\{4B4F131F-501F-45E6-959F-219EE13657B5} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/SBNWUJCJ#ysyTM9NYAhM62RRYykni9i9HoWliKtUgANBSqaMbmfY
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7ffb8aabf208,0x7ffb8aabf214,0x7ffb8aabf220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=1956,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2276,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2464,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4820,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4992,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5488,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5836,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5620,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5620,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6404,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6328,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6648,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x398 0x390
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=704,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4808,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6588,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5268,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6200,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6872,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5204,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6020,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7276,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=860 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\" -ad -an -ai#7zMap30656:118:7zEvent3051
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe
"C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6864,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5812,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6044,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:8
C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe
"C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4884,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7500,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7396,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:8
C:\Users\Admin\Downloads\inil0imd2jepg2kr.exe
"C:\Users\Admin\Downloads\inil0imd2jepg2kr.exe"
C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe
"C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7328,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7444,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3296,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6860,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7416,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7476,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4828,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3304,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5616,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5540,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7684,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7728 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| GB | 142.251.30.94:443 | update.googleapis.com | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 142.251.29.132:443 | clients2.googleusercontent.com | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| GB | 142.251.29.132:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | xpaycdn.azureedge.net | udp |
| US | 8.8.8.8:53 | xpaycdn.azureedge.net | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 13.107.246.64:443 | xpaycdn.azureedge.net | tcp |
| US | 13.107.246.64:443 | xpaycdn.azureedge.net | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs206n462.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs206n462.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs240n126.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs240n126.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n208.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n208.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n311.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n311.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n462.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n462.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n201.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n201.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs206n462.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs206n462.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs240n126.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs240n126.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n208.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n208.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n311.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n311.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n462.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n462.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n201.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n201.userstorage.mega.co.nz | udp |
| FR | 185.206.26.138:443 | gfs208n208.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.138:443 | gfs208n208.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.138:443 | gfs208n208.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.138:443 | gfs208n208.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.36:443 | gfs240n126.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.36:443 | gfs240n126.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.36:443 | gfs240n126.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.36:443 | gfs240n126.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs206n462.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n311.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n201.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n462.userstorage.mega.co.nz | udp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.22:443 | gfs214n201.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.22:443 | gfs214n201.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.22:443 | gfs214n201.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.22:443 | gfs214n201.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.156:443 | gfs204n311.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.156:443 | gfs204n311.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.156:443 | gfs204n311.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.156:443 | gfs204n311.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.130:443 | gfs206n462.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.130:443 | gfs206n462.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.130:443 | gfs206n462.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.130:443 | gfs206n462.userstorage.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| NL | 185.206.24.156:443 | gfs204n311.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.156:443 | gfs204n311.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.156:443 | gfs204n311.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.138:443 | gfs208n208.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.156:443 | gfs204n311.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.22:443 | gfs214n201.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.45:443 | gfs270n462.userstorage.mega.co.nz | tcp |
| GB | 84.201.209.101:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.18.27.82:443 | www.bing.com | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 84.201.209.101:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| GB | 84.201.209.101:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| GB | 84.201.209.101:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| GB | 84.201.209.101:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21c486ab6fca708de363e5fd62d82a45 |
| SHA1 | 6834e39b9d7b2e7eee8ec3efbf75535e4538e7c0 |
| SHA256 | 9d121d0db5fa73745ecb2e898de95c65de03ead95c80fb3f82015855caec7b7d |
| SHA512 | a95352df78b72fb7cc8334fab3d9c969f6cfb1895b66b4b7aa45e87b183a35157517c273b8e00ef8aaf2c75bd23a2c4d22c6205b7768f9602226b3c8c306a068 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e8326edee09df1cab30c37cc6e17e481 |
| SHA1 | 78deec3152421ddb2e98f75ca5a4b6d65838a374 |
| SHA256 | 615bfa09d7a744b43090253e6c354e41bd817b41be0fc2bd50659e306eb1c49b |
| SHA512 | 7888948a00e390200a84e9343ab89d5133adf22205a62ebb1d1eed5a5a2241310c9b7ab2d8d7233382b4d6e9ca8f571c8274dc29f35b9acfd7686b38ec5f8af3 |
\??\pipe\crashpad_2584_VLHMUUCSPWCBATYX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36326fcbb6119326e7c8aa24c4156548 |
| SHA1 | ed128a9727e1d58b970e732b8c66fc827b18372b |
| SHA256 | ac41191dcaf36d91f7bd9a077bc59b1bd7218daa27b263d1da6a548f58264987 |
| SHA512 | ed5c79f1edc0c65a1cf0ace91ea5538245c1569c3b25ae3cdf033ffcb55d37e7b09baec36570e82fc1525c24224cea08a53abab7e52db6376f48f099ffefd1fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 0698ab9ea514f7701f2c3d87682cca1b |
| SHA1 | 89c0790d34663d2ade8a2652605333f22f6173f9 |
| SHA256 | 90c274070a89a13fc961add85187c8390e84f9f41249589649b7f1486699bd41 |
| SHA512 | 6b70838296c577e4a914e487bd77543d7e0fb403617779a69d300fa17104deae1ab8472c95fd3b06e80cf6608a34103ff73ab631ccf2c8f3865ca384848f9fec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 2dc8c8eb76db8b09fafa4091b81b5e42 |
| SHA1 | 363c1ac2945e84b0675bb83fe797ed2bb493c513 |
| SHA256 | 6db9b256bed7c383b03543bd636614ece3c25508c61ddb2e193c792dac91fab8 |
| SHA512 | f22d81f402ab221b4690ffdde5c1c919dd47371e0331202ee87e803a5d21db27ee42472858acebd836fe751343be36400fa6ba297003181ae895a90644709972 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 80e629ce019b8fe598e0c2ad17ec826f |
| SHA1 | 274d3e3087e8a24407c68cf06a75040bade35522 |
| SHA256 | 825757b714a29ac2cea5878624a8cadcd04af21bf1c1a1f22a83aa3672a51b2d |
| SHA512 | 3a0e65e2ba48589ade44d5b1c5d2f1c096d47fcc8ad5045c401fcc447cf85a40edc4ca4954257b97418dec44a9f5ac7144cfa87f05189f10109ae351ad960d86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
| MD5 | b384b2c8acf11d0ca778ea05a710bc01 |
| SHA1 | 4d3e01b65ed401b19e9d05e2218eeb01a0a65972 |
| SHA256 | 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b |
| SHA512 | 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bc9cc24aaf13e50c235168423a3f7838 |
| SHA1 | 1d67d43ca4b1c5f30b148bd35d81875877871c83 |
| SHA256 | f09bbdce9ba22d77cb4f0814c1ed150d29689305d05eb104920bc2ef9ed86574 |
| SHA512 | 8a2fc7338a85e1640247251ec8fb7be4969d4fcfb6a51ea32015470d53290c598b8d80c5546fe478ce5c4ab9bee735de221324a7f58a0cc1ae243a313fdce310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5d007be378c454cba4bd8d287e3b95c5 |
| SHA1 | 73721bdd9f6fedd549b19e858f8da7e3946f5587 |
| SHA256 | 4a59c5e85411faa9cd7c394fc0df9a554c48bfc07fef95bc30143d661cf957d6 |
| SHA512 | 26cb3fd03728f1d6998780224a6727e0116dc1cfd220ad6b794d34d406ebfb3780e1f7004db5b12c323107df28fb0ac8f146ddfb7021219456dec27db849283e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5801df.TMP
| MD5 | d0b7d713a7835a73e5abdd71b94db3fa |
| SHA1 | 4e95460e16aa055811efccc2c9ade383ba0c0e97 |
| SHA256 | 3398124e85f7b83183a25bfb7906602e2e68afa5e37147bddaccccf8efa9020a |
| SHA512 | 4dd8fb63b56841bb0d7a2b73233aa90007aef3e7151fcbbb2acd4b3909a0a69f96c248f3eb1c60fdb77e0058d6dc5b7ee071c8a16c02a12096cb61a28eae14f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b9a452bc99b1848f0f23314ed453e481 |
| SHA1 | f02656191ba951c00671f48e18223cbd8878e2c7 |
| SHA256 | aecbf8001c4e2eeebd3e7b83168be68142d1755ce17c4426682a90af67ecaed2 |
| SHA512 | 7aab254d86f922d0ca9a932527f9549581aea96fb0c42ef9899f2c11ce1dc022031e8de19451603bf6ceef51035507d886cd114a6438debc88a3d523a6375e73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe582b60.TMP
| MD5 | 164901c3fa2d5301f63af8348d5f1511 |
| SHA1 | d56cc9d2cbe105b87b095b33009847e42bcf4e19 |
| SHA256 | 34c76e630a2c8b4d2fc57972e29ef730a86414170bed249bb8ae80973e1f2eb2 |
| SHA512 | f7fe2ad365b83afc512fd25370a2ac6d30708230d9b720c695ac7b84e9e31d8f5bcc8eee2075f41627092cbcf9ae3153afe0635620e71b4ee94b342d0f189d54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3cb39c80a6b9eda057af6e055bf61d6d |
| SHA1 | abd585276f033acc233d7d3752d4d831208e4a84 |
| SHA256 | d5f16de21248d651be78538095cdabbbd1a2bd3dca7e61284137b3c61384fea3 |
| SHA512 | 56cf60db01fe0af1ebb762f3bce7512eef3a7375856480620518333dd857d935068ae5adbe630ff6080f1c0c29a5aadb937ba700bbcd980e711d6d0c004c1087 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | ffda6bebf5ea4ac2b2a8130d44e51a4a |
| SHA1 | 6757958725cc5da11b80cf2b736c2718672930cd |
| SHA256 | 8389263770c5ae585927e9b9f6ea2c00bc7f17ad1e517d8de1438403fd447cb9 |
| SHA512 | 2b982c2700e47af683d60bec1903a4dbf7b897393583f2d47c3d31e76468f9de06687266e4a257a6a64935653c96dd5704f6d302839468b5ccc6572aadbfe05a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 7475790d523de3354478b996b5b2bb90 |
| SHA1 | 010bac5bb3c305a5a3e949b8064bd2716a551a42 |
| SHA256 | 80b8a7d94a92c570d2708d685365f1c66d5745c8b31156ffa9eda3a9d9ebdce2 |
| SHA512 | 365925359bf80793a45baba9469cc16ec863ec07e88ad4d762bdc33acfdc4a605012b46a847cfed27f73d66eb78eb60ca35e7ccdbafb8782edbc217403a4c82c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
| MD5 | 3bca8411b45106afaa963d562c371631 |
| SHA1 | 78857d33a65e7061ca18a3540c304f01e7e85325 |
| SHA256 | 4503345ee70aa9ca0f90012b665743d7c13ec7052e7a943222287973b752b9c7 |
| SHA512 | a6a7e9af6613a30730a0b87be76f87144a3483afb756445d462de7b22543027e5e8f5822e0337ba2d7b65e413e526da962783d05d226c0d13d113d57d28b56ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | a6d8b691988396f158d0d0d20ef997fc |
| SHA1 | 903b61a61a81d630b13c3a7449d3cf056bd9d610 |
| SHA256 | a69df55f268af6f8bb9f80100ecfa5e1582b8895e52df6c7e313401a9f1d402a |
| SHA512 | 2c0428f87be7a96265a5f50c0fda89f0b2e313f98f769e8392ec0feb129272b9b5ec714d6680169c302e570d303bbd4ea136c1f748afeb41a7232bd7eed371a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 311bf82a94a99a391ff1b2e2205e48a1 |
| SHA1 | bd5f8a7f151b642d0c44b86232f1f79f5d89d972 |
| SHA256 | b6010899768074e11c48ab4c6847e7cb57a9951b6eee7fe254df9158d90c2026 |
| SHA512 | f15d84c64ca31997a73b36425dd459c2868bf3023089437668f59e2dea99d242d99e310f2308f740a04ed734f63c5ae5d03c8b420fc9188bc39a5ba672260a22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 178ebabfb15b063e9977825a5bbe363a |
| SHA1 | 47a243408a5cd7dd21fd76c18bbe4ae79eece0fa |
| SHA256 | a979d600f9a11ae94c94eba2baa079d926ed5f938a99e881e915886384bd4ecc |
| SHA512 | aa7e64dbb6c2fdd08119053829f4cbe875ec88e2eae373d739dfe2ff381e8f799eade752c234895c10fc4fc51f634cfe8810ad808e06ef9a8f0493d34ab28d4f |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_349462751\manifest.json
| MD5 | e0909520982fc48e47a6451443b11741 |
| SHA1 | 0e46425274933c153ebf5a03f25e693267a8cea2 |
| SHA256 | 2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654 |
| SHA512 | 3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_349462751\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6.zip
| MD5 | 6ef9b7a7863a1a1d6bc10fa7332db6f1 |
| SHA1 | 6a967dcf6ac46b164d6c0ff65c2e304079be24c6 |
| SHA256 | fb89691c605186454d35d150afeb02f561e107d327400840a364350b23a43e9c |
| SHA512 | 0f263b696c26402a2f0f5d327c7fed53e1d421375302e940a0132674e63b0f4d91b69545b698f4e49688c859045b537d361ef71a172c3030413bbc7c12890fe3 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1404122043\manifest.json
| MD5 | 89217e000f3145a2523e43f947208e79 |
| SHA1 | cd7915d003ee87f2babc9ee9add12841022710ac |
| SHA256 | 6722a860c855cf94a54fd1ffdd3801c4c949f5b67d8601ad300264931057f2bb |
| SHA512 | 385257ef9c67d80006eb350ac79718f30e08d810a1568454806f2505b482e0093f784d0d4cd24078317f863db500898343ce69391c0ae7fc767697f6da38eeaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.5.15.1\keys.json
| MD5 | 03f15dff10ac451682f8a308674ddf77 |
| SHA1 | c723e23c49bed8a52b8f947b2cb8879a110fc94b |
| SHA256 | f967e18d5b1839ba801212f032e7e6dd92f7ba6958bc3ae9b122d9fadf2b1bf4 |
| SHA512 | df8fdc89cc1e6f2edce49b41bd9f71dc7f7a8daab40f1355415119f9c0a0d5067337d966472ad49f855ecb9a89bee8d1711d8a869589a03e469530ee8d7e0f3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 269dd6c3e9bfbb5db07ce0c0accb8ed7 |
| SHA1 | ae89b88a7593a1a52ac81d27c196bc26ef561ec8 |
| SHA256 | 1c9f7af8b991e195c051a62d92ad4411c92362cff861efc2748b8683d589c691 |
| SHA512 | 842ee90ef76266feb26eb58032f119b21fde074cd375579377d7cca6f7ec5219fd49a6083b84560f73ff4ba7443c8b06d00409e89c77604781f1de69619e89c7 |
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe
| MD5 | 780594098ed58a69144af5e289901d03 |
| SHA1 | da441fd8867a76dee5506e6d8bdbd69ea69f4b0c |
| SHA256 | c13e4ba68439d2065784825adeb066a2a258d35ce0027a7e419a07f78d0f0ade |
| SHA512 | bb89389f14a866b286cfe7dff24b9974287d2240ed76447940a1682f3829ac3f86624601dfc369cd4503b74b59b813e18f500a4eeb0ffd3d692355148265feb7 |
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe.config
| MD5 | dbfde188a065e195708a51d2cab58507 |
| SHA1 | 36db24ef3e6fa2f0893507425dbfd178555aa4b9 |
| SHA256 | 303f2ee77f41a12f2826b58d4087de1e56352443a57b88a1b921cbd4680ac978 |
| SHA512 | 0a8ba62dd35f51d4e8e3b4ef6015a650029e56892701f435399f11b9474a33b046cdbc66bbb7221979cbec595dd813b80229446149f66fb1f07cdeda7c89fd4c |
memory/4588-1282-0x0000000000760000-0x0000000000970000-memory.dmp
memory/4588-1283-0x0000000005960000-0x0000000005F04000-memory.dmp
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\MaterialSkin.dll
| MD5 | 022f385e55d9d3d42a33b4ca999bf22a |
| SHA1 | 5d2f22d51d2e87ae8d1f2c1acd3f08f4fdddf107 |
| SHA256 | 3b0e1b3af6d2b8b3d02b6cd52849277c9c8066c2ae565e68253d4551c37492d3 |
| SHA512 | 7fd663b56a2894d1db2ee1032067091f72a4ac301ee8cd392030c6ab186e3bb960d8e35a8591204fc23e9b5a145a2a9ab0092b1c9e6ae5c9c2dc2adf907a891c |
memory/4588-1287-0x0000000006590000-0x0000000006C04000-memory.dmp
memory/4588-1288-0x0000000005750000-0x00000000057E2000-memory.dmp
memory/4588-1292-0x0000000005F10000-0x0000000005FC2000-memory.dmp
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Newtonsoft.Json.dll
| MD5 | 195ffb7167db3219b217c4fd439eedd6 |
| SHA1 | 1e76e6099570ede620b76ed47cf8d03a936d49f8 |
| SHA256 | e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d |
| SHA512 | 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac |
memory/4588-1293-0x00000000058E0000-0x00000000058EA000-memory.dmp
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\local\Settings.json
| MD5 | 5a8d834657fbcb1b254fd8246710d7f2 |
| SHA1 | 8f71b23975336ea9bea863fda1a4470a5eec1fb8 |
| SHA256 | e74ed4df8c42a3bebb85be5c8c3eaf8c6d3456b29898c453237561aa54ff99cf |
| SHA512 | 1ff5b90b871709c4a26b62dea0f23e4893ff1fbca40689a3f79f84923369d0a4644500d922497b02743fde291ebb2aefc84dda31dc9e4b2df1f71940ba1d0e38 |
memory/4588-1295-0x0000000007AF0000-0x0000000007B12000-memory.dmp
memory/4588-1296-0x0000000007B20000-0x0000000007E74000-memory.dmp
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\RjControls.dll
| MD5 | 889492bfc195bf189ef7649233da68af |
| SHA1 | 0c1c83d6965340593e7607d86a2ae06f6cea4e51 |
| SHA256 | 3ee6c31ab5c76286cc58c94fb11b00c8163bde35918ebb39cc6d4c3bfc62e36f |
| SHA512 | 52d5fae0544501a9359e0b420e31c3191d93a8ffd5aebbbe05c2a4191e417c0afe28be58b21957bf2265ebc186878c3f9be63a92043caf747ab4f071fb109b5e |
memory/4588-1300-0x0000000009F20000-0x0000000009F2E000-memory.dmp
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\ServerCertificate.p12
| MD5 | a4472e78ee606f426a623897f03a912c |
| SHA1 | 22dec2c55f96c1d1c5bcd0c76d551fc4eefc57fb |
| SHA256 | b8177366a1c932b61b18711b0547b6e6cb92ac64816d4c415e715e37803ad231 |
| SHA512 | 90fdb478e8af73fb6f8d63e5b1edffadca41d129a7960141095d6724be64eaf6cd0bf0e2b96989a16f4a2109ebd53e599688a51aea0c817da33cf694eae4960f |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_2108344599\manifest.json
| MD5 | e7314184e67b4501f5048c2e5f181d96 |
| SHA1 | f741a8a1b8c18c8d4974f937ef589b134dde5419 |
| SHA256 | 7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a |
| SHA512 | 773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4aaf258ad667eb5384a558ed31e1963f |
| SHA1 | 2214655909aac54e8f2385371259d53601f90a35 |
| SHA256 | 7aa6b93aaf3557afb81cccf7d9ee40caeba44c08e4fa11540fbeaa95c1368cb5 |
| SHA512 | eace7dfb43b1f5e550a7d01fe2e76cc67a56c01ee681e8ca5afbb9aca68ad3b9484950b80be6d80ff5e6d8d84fcf1f45d18788fa5434b10cca2b01d16f70187b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 578c8773649d9b536b09ad78018ef48c |
| SHA1 | f3eccbce24c981ae12d8ade17e89166f5cf1a108 |
| SHA256 | fd46889fd9e591b8100fdf8ce92f7580828683d0ebb987ee26139ad97bc9b544 |
| SHA512 | b0340c7a69d961215a6cddcdca7d8fae53efa6ba862930db9cf3b9e13587867f7b06e45ff633c5de4ed2f38cdbb7f14f41e5ce0fd8d176b9075f9e66d3ea3e9a |
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\local\Bulider.json
| MD5 | c640915d1d6bbf049e4e87a82cd4ab8a |
| SHA1 | 56dee0223d2b9d45b4baa693ab7c9d520bd06089 |
| SHA256 | 4843c6f6c035bc9d778d58fcd2aba4a8c37aba378dfdd56ef16e06d8dc8d92b3 |
| SHA512 | 33fda797de86545989d8ca47f00ffb4a7ff44fbc919c8ca4ac129f999536233b622fc177932ee9f554b405265fc3a085aed63ea3e15285301c9678680c94a33a |
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\local\temp.ico
| MD5 | 4c84bfc72d502e0ab8f956277e009f8a |
| SHA1 | 49647abd196f132f40d26efb2f9a5a0be3ef9e4f |
| SHA256 | 01c6d342e29e5ae750d1a1d4ae8107d7022bf4a4fcd1f47aeb6517e0737764ad |
| SHA512 | 6dbf57ac43cc75411199eb47eba175d11059eaf3660655e130b61376e94e2e37335a2aa7c1b6710eef4615d775be0d24a95d49261aba737df983fae926212adf |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_18000524\manifest.json
| MD5 | 01cb8b111843d1f1dac11d249c24c8b7 |
| SHA1 | c4f1f6f219f325caee6363df7f459323109f2f6e |
| SHA256 | b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a |
| SHA512 | 075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json
| MD5 | 1c865471f98902a3818e8bbf46360342 |
| SHA1 | 932497309e942f67080b84dd37dbd634117135d4 |
| SHA256 | b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d |
| SHA512 | d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json
| MD5 | 8060c129d08468ed3f3f3d09f13540ce |
| SHA1 | f979419a76d5abfc89007d91f35412420aeae611 |
| SHA256 | b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92 |
| SHA512 | 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\v1FieldTypes.json
| MD5 | c1a0d30e5eebef19db1b7e68fc79d2be |
| SHA1 | de4ccb9e7ea5850363d0e7124c01da766425039c |
| SHA256 | f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1 |
| SHA512 | f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a |
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\dnlib.dll
| MD5 | 3d913aab7b1c514502c6a232e37d470e |
| SHA1 | 28ac2d1519ec5ea58b81fe40777645acc043b349 |
| SHA256 | bdb84aa16678189510def7c589851f6ea15e60ff977ea4c7c8c156504e6ac0ff |
| SHA512 | 311e8f73c52dd65cbaf9f6e008b3231090ea99edf3471bac63cca4156a37a0d874ac590b19c01b15e05345bb6a5b636a11698bbd4e88c59c138dd3f358800027 |
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Stub\Client.exe
| MD5 | 24b70dcbdf39074f85c1ab2f0e0a3223 |
| SHA1 | 9bb3ebd03a59cb5606d8cd7b90edee45ad6e2614 |
| SHA256 | 5f70e4fa11017918e51ae7eeb9c46b8cf3e1d3ec71b46309878885d38749f797 |
| SHA512 | a631b67e6a3f3bd7411a119cd82fa6395e865b55f60726fa6bd2eafe30950a0e0e31f61a906a95d7a817def2c86fa91264f63cef856190cd521d260784ce39d7 |
memory/4588-1415-0x000000000EF40000-0x000000000F066000-memory.dmp
C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Stub\UserMode.obf.dll
| MD5 | 16e5a492c9c6ae34c59683be9c51fa31 |
| SHA1 | 97031b41f5c56f371c28ae0d62a2df7d585adaba |
| SHA256 | 35c8d022e1d917f1aabdceae98097ccc072161b302f84c768ca63e4b32ac2b66 |
| SHA512 | 20fd369172ef5e3e2fde388666b42e8fe5f0c2bfa338c0345f45e98af6561a249ba3ecc48c3f16efcc73f02ecb67b3ddb1e2e8f0e77d18fa00ac34e6379e50b6 |
C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe
| MD5 | f61613d0529ac33d006acfb6a0fa5188 |
| SHA1 | 7dc993210d72c78cdfb98c7ee46ceb7e59da2ca0 |
| SHA256 | 80413a41c4e460898f05f2439e75d9e1d0e7f7e9eb2b6f38d0918b9903150bef |
| SHA512 | 69a75d604b109c79de43fbe8326fb0334bd59ecff47af6e4bb8f8eb2a9c71603767cf2d4bd26da5925cf83770b567f30cbe813e6de6582b86bedaa489bdbf3e3 |
memory/3484-1434-0x0000000000770000-0x00000000007EC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
| MD5 | 68b0d97ca57785aab1b368d3f0dfd5bb |
| SHA1 | 3d51dd1fd137fdd3e9ca74cba2a6ff1c57092995 |
| SHA256 | 34c707d9a277d74a328ba2b9640d264dc5a4be98d532bca88e6b9fa36c23b30c |
| SHA512 | 206a18f42f3d69fe1debab4bed797707ac2105648f96295eef0e8a3cfbcfd6ab2d96ee7e5c581e76e9a1a17c03e59f6877f1875c881a5a23be5ced56ec4c87b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.11\data.txt
| MD5 | 1bee2c36cebf096d8a559d5c4eeacff7 |
| SHA1 | c695eda67f31d729dfc336b8a471ad6346a39031 |
| SHA256 | 5e4014e267eec120e673cfbc407e4340c234a7898319b35a304ed6ea343a7999 |
| SHA512 | ba520d383be95d8b15140b7e38e4e7ac03077bbbb8ee5326ac4162be9403bc9f0576e53840fc22cd9c4038f19f60bdeb7b4e8e0125da6ed80670238de812b4b5 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_451790962\manifest.json
| MD5 | b4d869dd7052d78d29b3e439565f1600 |
| SHA1 | caa2cfa31729f4348a02514eba0235e72b88ce5a |
| SHA256 | 0f8ee89c4a420bda691d058cdd96c874c2edeec84145c81c957e98d05e351d3c |
| SHA512 | 1fda3488df8c43ad413b2e69a5e2292322fe837f7b27b88302b4e591e7e13fdceacb0af9b8bb92ca7c0d2b39abffc776c6cc35d18abb86ce91f55c719b43480e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 50fa22b09558e651f2f6c864fe1889d6 |
| SHA1 | 88ea1fc1f86e858114a9117b8c6ecf18b78fb8a7 |
| SHA256 | d3be74ae93739081e6b432a76b5b3b08d8a83371f4d278dc04bf4e2a2639df22 |
| SHA512 | 74627edcf4c091d2e15a618fc70532513c1ac3cab09cde951d2d395837a7b7b5d002e2a14ddae8a35007f39b32f7fa20d0f82b28e5ce5f62c5ff7d6a61c20782 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1108697881\manifest.json
| MD5 | 0abdce2e93f6542edfc9dfbcfb61ce89 |
| SHA1 | 08067386e18ea1d48d916ecae2d2583a5f6df6ce |
| SHA256 | d912b0ee06353fc36393d1c187a22d37d467e14ddb389a930ff7317b6760531c |
| SHA512 | ec60d26c4b1c1e437c5c88fd9efc504843551a51d3c1b036a5b518cbaccec6e86fddca534b96d490872c6fd53a874f765367d3784473b948f112a51addc9f730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.7.2.1\typosquatting_list.pb
| MD5 | 8aeeb5c136b1deeeee3677f4b93e2575 |
| SHA1 | c716557d8d504577e2d22bb710e94663b91c80f3 |
| SHA256 | b8d2c9ee5824a35ef1bcc746200cc710bad4951d4ee16be4acb8a8f503bd4856 |
| SHA512 | a5b927c20ade622589e09a7443e7fef2ae2b445b22aa773c4bd05c248d48f0bd0e7e2f3595441bd40957c08f29d660f27b7238030c51303d338738e2b1c51b17 |
C:\Users\Admin\Downloads\inil0imd2jepg2kr.exe
| MD5 | 31a1a59b3d9d776591f51f05a226e2db |
| SHA1 | 75a37267c3f5e22a3536eb097e3b3e6e1a4b65ae |
| SHA256 | fa49cf273d33d57102ada2fc3e7314f91e605c9184e460ed00ac8ef5d19dce47 |
| SHA512 | 217429b39767136982dec657b3939a7f3e8a97d0b80ac13bd75d2b2fbc05879777ba5d7b3f34a43a648aef028b0fc2d691a555c2167cf33179754f1d8b4d4ec2 |
memory/5112-1534-0x0000000000100000-0x000000000015E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\06wt9uvbxedu6w47.exe.log
| MD5 | 8add56521ef894ef0c66ecd3e989d718 |
| SHA1 | 2058aa5185fd5dcce7263bef8fe35bf5e12dbc7f |
| SHA256 | 01bcb6c8348b83208a7c923fd840130a0bc7b3a188b62ad8e270a296ed94b724 |
| SHA512 | af99971664282617c18db6a27ddb3bf57eaa291d79ef66828319de3eb38533cc813f7d322cc4c9e687aa90b5c91b7874ed8e725c3cfe35e139e0581492caefb2 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_795975215\manifest.json
| MD5 | b0e549dcc425951a670808d628ab5181 |
| SHA1 | 63c37e4fd9193836f0100cee2bf76585787ae94b |
| SHA256 | b2c8ee75956c3bb7ea6865137c441b916badfb99c922c17785875e784c96e29a |
| SHA512 | d6dc7c7ddd5ad8ca06a831faa6bd399c8af77e0b21cfd039c608f366fb54b8d4553fc8f947a070544f472966190cf1ca5a236d1084be824b06684b6c6e8de0dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\crs.pb
| MD5 | 916f38644626b7201f29c01bc659525b |
| SHA1 | c259bfd1ccbf1347b6a0bac43e7aead100ca7092 |
| SHA256 | 8ba4acc8582041e5caa5dc4c73ade421b52a8b018e70f12b7a1437f74c6a955e |
| SHA512 | 33539525ec8bf13ee832365994dd6b3bc2162ef64e032baa1ab6e45d701125d08009504c254e85b763b69abd93f10366a4b44e5e62f7705c988c089aea447d19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\kp_pinslist.pb
| MD5 | 563bdb2192acf2c106832f696df5d84c |
| SHA1 | 898eee38d08e09254c39dd0d1707c98f95cb2fa6 |
| SHA256 | 2efcd280779456d767025a4f2915012cb9b11af2b8e199d3f32152232bf09460 |
| SHA512 | 550e3dbaa0a5d74763465318b6f14035e16e1d70602ca36a5636d159875b527fae51f0c7f81e380797b4871283dbddb964017e7a16857228a621284d7aef00f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\ct_config.pb
| MD5 | 4fdf7c8ca48768f459c97b25fdd10d9b |
| SHA1 | d1f0ac34a53294875dd7bc03dfbdf5c7ae65a4d0 |
| SHA256 | 6a350094ab9a19b758f6660a58afdecc44e83b3ce8c3521fe3b831d5945a3911 |
| SHA512 | 7322c942946b83ed8cf8875613f72ab5fa5fcb4ca1671bba22bd02404546f8ce099b2941cb0897b3209aecb85b6ac2f1b98f2d11678e5304b55ae3974192042d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0fc6f7c5-ba86-48f0-8560-dff2f42d25af\index-dir\the-real-index~RFe5c3deb.TMP
| MD5 | ebc82e5e310a4a4700638458b241ceea |
| SHA1 | 32a7d9e961378de13e5347cac76f20844f5eeeca |
| SHA256 | 7bee9440e010a30d255ff9758c1e3489b1e202d0f611c357c75cb3bb387d326c |
| SHA512 | 2980f1e0b1fd0f8b4922a6ad7a3e054b9856aeb361611f4aaa5fe7f62ced2dbceaa831ac6d2f15207becbf9ec710d731f7e422210418fb25ec3a49dd28f2855b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0fc6f7c5-ba86-48f0-8560-dff2f42d25af\index-dir\the-real-index
| MD5 | 72060c97f6234d695e87c1d208d6f394 |
| SHA1 | 07c9293efed4a1a6964c5339026bc3b17b968a29 |
| SHA256 | 16ee55347a64faf0cbede2648c5f55450f367a275cff5fa923bd6972b4515fdf |
| SHA512 | 2d2d3e7b40a0f570acfcbf52e9a95b350ce210cbfcba10ad29dbe024171c82110481a2d09c8409158763c893886287686b92474904358a7ca1ffd5ff262348e4 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1976642119\manifest.json
| MD5 | 811f0436837c701dc1cea3d6292b3922 |
| SHA1 | 4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87 |
| SHA256 | dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d |
| SHA512 | 21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll
| MD5 | f5f5b37fd514776f455864502c852773 |
| SHA1 | 8d5ed434173fd77feb33cb6cb0fad5e2388d97c6 |
| SHA256 | 2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e |
| SHA512 | b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 5067ec626678c2a362bc610fda891797 |
| SHA1 | 73bb9409ea01daa506203f59e314c38aac42c066 |
| SHA256 | 67174ff47a5f7b3b6fbac642c13eded97e23f3734974a09e6e6fa9b426c72e48 |
| SHA512 | cd776b03e4ae398ff8d741c6897c30f3a9055b755afd7f68e7be2478d16972e5a31e4f7f1d4da071fb4909ec436d84e137b25c7e4174545a1cd9fddc3d56c3b0 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1613740460\manifest.json
| MD5 | b721bdf2924d658186ac8868dbd2c008 |
| SHA1 | 914aacc65bb7933bd73aa06f8bd2ca0b04de3858 |
| SHA256 | dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3 |
| SHA512 | 4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 75fe100388eeca8098bebfdc71db2232 |
| SHA1 | c927fbf6e4fecb4d13e5a491dd9ed3526b23afb5 |
| SHA256 | 589d1aefc1941dd25d09c7398f7632a69c6a5721cfd3be492b2d8c27981a7249 |
| SHA512 | ad6fdf4a962c9617e3bef1856b8db2b3ecf438454a53556ce0dc411be4f967f11d7690449a4cd82f907e17a846015c197552a38a086055b28dd850dc17976f59 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_2122496097\manifest.json
| MD5 | ba25fcf816a017558d3434583e9746b8 |
| SHA1 | be05c87f7adf6b21273a4e94b3592618b6a4a624 |
| SHA256 | 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11 |
| SHA512 | 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-as.hyb
| MD5 | 8961fdd3db036dd43002659a4e4a7365 |
| SHA1 | 7b2fa321d50d5417e6c8d48145e86d15b7ff8321 |
| SHA256 | c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe |
| SHA512 | 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-hi.hyb
| MD5 | 0807cf29fc4c5d7d87c1689eb2e0baaa |
| SHA1 | d0914fb069469d47a36d339ca70164253fccf022 |
| SHA256 | f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42 |
| SHA512 | 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-nb.hyb
| MD5 | 677edd1a17d50f0bd11783f58725d0e7 |
| SHA1 | 98fedc5862c78f3b03daed1ff9efbe5e31c205ee |
| SHA256 | c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0 |
| SHA512 | c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\manifest.json
| MD5 | 2617c38bed67a4190fc499142b6f2867 |
| SHA1 | a37f0251cd6be0a6983d9a04193b773f86d31da1 |
| SHA256 | d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665 |
| SHA512 | b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1559454108\manifest.json
| MD5 | a4edf901d950a9758ffe578ff1b03212 |
| SHA1 | cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5 |
| SHA256 | aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd |
| SHA512 | 835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE
| MD5 | aad9405766b20014ab3beb08b99536de |
| SHA1 | 486a379bdfeecdc99ed3f4617f35ae65babe9d47 |
| SHA256 | ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d |
| SHA512 | bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules
| MD5 | faf01ed2c0020f8fa512ff379d82c211 |
| SHA1 | 233d104dfe718231837e33c5543085b6dba5cd8b |
| SHA256 | 192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750 |
| SHA512 | 8ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.60.0\edge_checkout_page_validator.js
| MD5 | 03afb46c48ec22865708e6826a3a302b |
| SHA1 | 6566e24acf922c9d4034850bf1dac39786be0655 |
| SHA256 | 03daef0d9039418880c9414c6cc56841b9d3facd790b2480e302c1803296b003 |
| SHA512 | 6df8038a494df3412e2224b238da025d26ab477a02a1cd9ad809369047ac54fa745faf7bff4c209457fea59da64d23ff953b8213ed12cc1a2f4151a057df6c10 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\manifest.json
| MD5 | 3c22ea3bca074127e886b3c3d4cead69 |
| SHA1 | e6442f0437b3375c06e33c3080a42692bd4262b4 |
| SHA256 | 107c9b046abd5cd2c31fa6d6337bb91c1e42633c08d8eb84bbe3feb7bdcdd488 |
| SHA512 | 6b2d04cf57c074e27798127ef7b2ae9b0dcb9a7e7ce5d3be63b67fbdb7d66a57ac2bd9975fd32e5fdb08f463638ec3801f475d41f40044dc8892abec687f598b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
| MD5 | fc3769606eb621f25ccf5f5e74bf0f7b |
| SHA1 | 3b371243477e5d81ea8c78c003e599364c30fde0 |
| SHA256 | 444accc9fc3ef60f0b1a48ddb7e343fced76a3bdcdabdf517a07b7508e2dda29 |
| SHA512 | 3d2b5ef62d6e5e66185462c50126a846943a871b074e1d0426f02b236d39610648f5ffb5e2498ddde55d831a74991f0b24818e4fcc4abd76b7aa1221761f09d7 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\manifest.json
| MD5 | b276b32c82b4a75c2964172e184cac48 |
| SHA1 | b99794d13ae8fd9491f5970365fd20579ff8cf78 |
| SHA256 | 6cf2e01d3865122a8b9cc9e74762c85d71215cdf5853a24663c53eff79521255 |
| SHA512 | d0e7364ace98d6e489ae66adf5f05063f78052463aea6a64bbff2b44594c07b9102c7032f925101bdd36bfecd71ecd1d29af3ff37b8df5e989bc9378f3913c8b |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt
| MD5 | 8595bdd96ab7d24cc60eb749ce1b8b82 |
| SHA1 | 3b612cc3d05e372c5ac91124f3756bbf099b378d |
| SHA256 | 363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831 |
| SHA512 | 555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Notification\notification_fast.bundle.js.LICENSE.txt
| MD5 | 7bf61e84e614585030a26b0b148f4d79 |
| SHA1 | c4ffbc5c6aa599e578d3f5524a59a99228eea400 |
| SHA256 | 38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179 |
| SHA512 | ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\fr-CA\strings.json
| MD5 | cd247582beb274ca64f720aa588ffbc0 |
| SHA1 | 4aaeef0905e67b490d4a9508ed5d4a406263ed9c |
| SHA256 | c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5 |
| SHA512 | bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-checkout-eligible-sites.json
| MD5 | ed22bc3ded6df0109b9e594867473559 |
| SHA1 | ee39eb80dc23f7fd764199cbe4a153c4edc2e768 |
| SHA256 | 2abefae3d72e7c4f5cdc94eb0ee552612d843a26faf4a7bd061c73839e19d7eb |
| SHA512 | fb337c0a0107dc37a3067bcd6f60ffb8f63ee892a0ff729dcdf67c7a21fec95a742a274853e8947489108d7543c13b9479e02574f490bc217e8a182f08543aa3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-notification-config.json
| MD5 | 4cdefd9eb040c2755db20aa8ea5ee8f7 |
| SHA1 | f649fcd1c12c26fb90906c4c2ec0a9127af275f4 |
| SHA256 | bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd |
| SHA512 | 7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-tokenization-config.json
| MD5 | ae3bd0f89f8a8cdeb1ea6eea1636cbdd |
| SHA1 | 1801bc211e260ba8f8099727ea820ecf636c684a |
| SHA256 | 0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d |
| SHA512 | 69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-stable.json
| MD5 | 6e57b65a604224b60edb31cbec433a72 |
| SHA1 | cafbe47c5e6dbfb189bec99b3fdf612dd8b1a824 |
| SHA256 | 0cec355c59fd6dbc59b6044d4dc8f403a499b256e9defeec4b7b6d21c67feed2 |
| SHA512 | 4d2d3ed510869ead82211ff2a8370636e18779331e80ca385746023ea76bdad49b7009848bd41af7c607460241aec54d0a0a903324d2fbcecef08e2fa95f0641 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1682441626\manifest.json
| MD5 | 578c9dbc62724b9d481ec9484a347b37 |
| SHA1 | a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d |
| SHA256 | 005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0 |
| SHA512 | 2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640 |