Malware Analysis Report

2025-08-05 14:36

Sample ID 250702-x44sbazybw
Target https://mega.nz/file/SBNWUJCJ#ysyTM9NYAhM62RRYykni9i9HoWliKtUgANBSqaMbmfY
Tags
sheetrat discovery trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://mega.nz/file/SBNWUJCJ#ysyTM9NYAhM62RRYykni9i9HoWliKtUgANBSqaMbmfY was found to be: Known bad.

Malicious Activity Summary

sheetrat discovery trojan

Sheetrat, NonEuclid rat

Sheetrat family

.NET Reactor proctector

Loads dropped DLL

Executes dropped EXE

Drops file in Program Files directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-02 19:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:55

Platform

win10v2004-20250502-en

Max time kernel

1794s

Max time network

1150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/SBNWUJCJ#ysyTM9NYAhM62RRYykni9i9HoWliKtUgANBSqaMbmfY

Signatures

Sheetrat family

sheetrat

Sheetrat, NonEuclid rat

trojan sheetrat

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\shopping_fre.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\hu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\en_GB\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1559454108\Filtering Rules C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-ec\da\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-hub\pt-PT\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-mobile-hub\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-mobile-hub\zh-Hant\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-shared-components\en-GB\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_349462751\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-nn.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-pt.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-shared-components\el\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Notification\notification_fast.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Tokenized-Card\tokenized-card.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\be\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\ru\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\hy\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_2108344599\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_451790962\data.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-cu.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1559454108\adblock_snippet.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\wallet.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-fr.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\hub-signature.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Notification\notification.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\en\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\edge_driver.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\ne\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1976642119\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-de-1996.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-ec\pl\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-mobile-hub\fr\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\wallet\README.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\cs\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-gu.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-ec\ko\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-notification\en-GB\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-notification-shared\ja\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\de\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\fr\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\pt-PT\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1976642119\well_known_domains.dll C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-nl.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\edge_checkout_page_validator.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\shopping.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-hub\cs\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-hub\zh-Hans\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-mobile-hub\id\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Tokenized-Card\tokenized-card.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\lo\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\id\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\fr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_18000524\edge_autofill_global_block_list.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-mobile-hub\ar\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Wallet-Checkout\load-ec-deps.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1682441626\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_197735601\_locales\iw\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_795975215\crs.pb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\product_page.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\shopping.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-ec\th\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959579336059888" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1153236273-2212388449-1493869963-1000\{4B4F131F-501F-45E6-959F-219EE13657B5} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1153236273-2212388449-1493869963-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A
N/A N/A C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2584 wrote to memory of 5412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/SBNWUJCJ#ysyTM9NYAhM62RRYykni9i9HoWliKtUgANBSqaMbmfY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7ffb8aabf208,0x7ffb8aabf214,0x7ffb8aabf220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=1956,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2276,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2464,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4820,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4992,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5488,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5836,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5620,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5620,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6404,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6328,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6648,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x398 0x390

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=704,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4808,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6588,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5268,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6200,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6872,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5204,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6020,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7276,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=860 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\" -ad -an -ai#7zMap30656:118:7zEvent3051

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe

"C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6864,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5812,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6044,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:8

C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe

"C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4884,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7500,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7396,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:8

C:\Users\Admin\Downloads\inil0imd2jepg2kr.exe

"C:\Users\Admin\Downloads\inil0imd2jepg2kr.exe"

C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe

"C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7328,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7444,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3296,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6860,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7416,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7476,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4828,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3304,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5616,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5540,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7684,i,2696924887761656720,10166575386171819496,262144 --variations-seed-version --mojo-platform-channel-handle=7728 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:80 edge.microsoft.com tcp
LU 31.216.144.5:443 mega.nz tcp
US 150.171.28.11:443 edge.microsoft.com tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
LU 31.216.144.5:443 mega.nz tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 g.api.mega.co.nz udp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 g.api.mega.co.nz udp
GB 142.251.30.94:443 update.googleapis.com tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 142.251.29.132:443 clients2.googleusercontent.com tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
LU 31.216.144.5:443 mega.nz tcp
GB 142.251.29.132:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 xpaycdn.azureedge.net udp
US 8.8.8.8:53 xpaycdn.azureedge.net udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 13.107.246.64:443 xpaycdn.azureedge.net tcp
US 13.107.246.64:443 xpaycdn.azureedge.net tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 2.18.27.82:443 www.bing.com tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 2.18.27.82:443 www.bing.com tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 2.18.27.82:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 2.18.27.82:443 www.bing.com tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs206n462.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs206n462.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs240n126.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs240n126.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs208n208.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs208n208.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs204n311.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs204n311.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n462.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n462.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n201.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n201.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs206n462.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs206n462.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs240n126.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs240n126.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs208n208.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs208n208.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs204n311.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs204n311.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n462.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n462.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n201.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n201.userstorage.mega.co.nz udp
FR 185.206.26.138:443 gfs208n208.userstorage.mega.co.nz tcp
FR 185.206.26.138:443 gfs208n208.userstorage.mega.co.nz tcp
FR 185.206.26.138:443 gfs208n208.userstorage.mega.co.nz tcp
FR 185.206.26.138:443 gfs208n208.userstorage.mega.co.nz tcp
SE 69.30.89.36:443 gfs240n126.userstorage.mega.co.nz tcp
SE 69.30.89.36:443 gfs240n126.userstorage.mega.co.nz tcp
SE 69.30.89.36:443 gfs240n126.userstorage.mega.co.nz tcp
SE 69.30.89.36:443 gfs240n126.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs206n462.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs204n311.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n201.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n462.userstorage.mega.co.nz udp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
ES 185.206.27.22:443 gfs214n201.userstorage.mega.co.nz tcp
ES 185.206.27.22:443 gfs214n201.userstorage.mega.co.nz tcp
ES 185.206.27.22:443 gfs214n201.userstorage.mega.co.nz tcp
ES 185.206.27.22:443 gfs214n201.userstorage.mega.co.nz tcp
NL 185.206.24.156:443 gfs204n311.userstorage.mega.co.nz tcp
NL 185.206.24.156:443 gfs204n311.userstorage.mega.co.nz tcp
NL 185.206.24.156:443 gfs204n311.userstorage.mega.co.nz tcp
NL 185.206.24.156:443 gfs204n311.userstorage.mega.co.nz tcp
BE 94.24.37.130:443 gfs206n462.userstorage.mega.co.nz tcp
BE 94.24.37.130:443 gfs206n462.userstorage.mega.co.nz tcp
BE 94.24.37.130:443 gfs206n462.userstorage.mega.co.nz tcp
BE 94.24.37.130:443 gfs206n462.userstorage.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
NL 185.206.24.156:443 gfs204n311.userstorage.mega.co.nz tcp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
NL 185.206.24.156:443 gfs204n311.userstorage.mega.co.nz tcp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
NL 185.206.24.156:443 gfs204n311.userstorage.mega.co.nz tcp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
FR 185.206.26.138:443 gfs208n208.userstorage.mega.co.nz tcp
NL 185.206.24.156:443 gfs204n311.userstorage.mega.co.nz tcp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
ES 185.206.27.22:443 gfs214n201.userstorage.mega.co.nz tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
LU 31.216.148.45:443 gfs270n462.userstorage.mega.co.nz tcp
GB 84.201.209.101:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 2.18.27.82:443 www.bing.com udp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 2.18.27.82:443 www.bing.com udp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 84.201.209.101:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 84.201.209.101:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 84.201.209.101:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 84.201.209.101:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 21c486ab6fca708de363e5fd62d82a45
SHA1 6834e39b9d7b2e7eee8ec3efbf75535e4538e7c0
SHA256 9d121d0db5fa73745ecb2e898de95c65de03ead95c80fb3f82015855caec7b7d
SHA512 a95352df78b72fb7cc8334fab3d9c969f6cfb1895b66b4b7aa45e87b183a35157517c273b8e00ef8aaf2c75bd23a2c4d22c6205b7768f9602226b3c8c306a068

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e8326edee09df1cab30c37cc6e17e481
SHA1 78deec3152421ddb2e98f75ca5a4b6d65838a374
SHA256 615bfa09d7a744b43090253e6c354e41bd817b41be0fc2bd50659e306eb1c49b
SHA512 7888948a00e390200a84e9343ab89d5133adf22205a62ebb1d1eed5a5a2241310c9b7ab2d8d7233382b4d6e9ca8f571c8274dc29f35b9acfd7686b38ec5f8af3

\??\pipe\crashpad_2584_VLHMUUCSPWCBATYX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36326fcbb6119326e7c8aa24c4156548
SHA1 ed128a9727e1d58b970e732b8c66fc827b18372b
SHA256 ac41191dcaf36d91f7bd9a077bc59b1bd7218daa27b263d1da6a548f58264987
SHA512 ed5c79f1edc0c65a1cf0ace91ea5538245c1569c3b25ae3cdf033ffcb55d37e7b09baec36570e82fc1525c24224cea08a53abab7e52db6376f48f099ffefd1fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 0698ab9ea514f7701f2c3d87682cca1b
SHA1 89c0790d34663d2ade8a2652605333f22f6173f9
SHA256 90c274070a89a13fc961add85187c8390e84f9f41249589649b7f1486699bd41
SHA512 6b70838296c577e4a914e487bd77543d7e0fb403617779a69d300fa17104deae1ab8472c95fd3b06e80cf6608a34103ff73ab631ccf2c8f3865ca384848f9fec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\p\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 2dc8c8eb76db8b09fafa4091b81b5e42
SHA1 363c1ac2945e84b0675bb83fe797ed2bb493c513
SHA256 6db9b256bed7c383b03543bd636614ece3c25508c61ddb2e193c792dac91fab8
SHA512 f22d81f402ab221b4690ffdde5c1c919dd47371e0331202ee87e803a5d21db27ee42472858acebd836fe751343be36400fa6ba297003181ae895a90644709972

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 80e629ce019b8fe598e0c2ad17ec826f
SHA1 274d3e3087e8a24407c68cf06a75040bade35522
SHA256 825757b714a29ac2cea5878624a8cadcd04af21bf1c1a1f22a83aa3672a51b2d
SHA512 3a0e65e2ba48589ade44d5b1c5d2f1c096d47fcc8ad5045c401fcc447cf85a40edc4ca4954257b97418dec44a9f5ac7144cfa87f05189f10109ae351ad960d86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

MD5 b384b2c8acf11d0ca778ea05a710bc01
SHA1 4d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA256 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc9cc24aaf13e50c235168423a3f7838
SHA1 1d67d43ca4b1c5f30b148bd35d81875877871c83
SHA256 f09bbdce9ba22d77cb4f0814c1ed150d29689305d05eb104920bc2ef9ed86574
SHA512 8a2fc7338a85e1640247251ec8fb7be4969d4fcfb6a51ea32015470d53290c598b8d80c5546fe478ce5c4ab9bee735de221324a7f58a0cc1ae243a313fdce310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5d007be378c454cba4bd8d287e3b95c5
SHA1 73721bdd9f6fedd549b19e858f8da7e3946f5587
SHA256 4a59c5e85411faa9cd7c394fc0df9a554c48bfc07fef95bc30143d661cf957d6
SHA512 26cb3fd03728f1d6998780224a6727e0116dc1cfd220ad6b794d34d406ebfb3780e1f7004db5b12c323107df28fb0ac8f146ddfb7021219456dec27db849283e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5801df.TMP

MD5 d0b7d713a7835a73e5abdd71b94db3fa
SHA1 4e95460e16aa055811efccc2c9ade383ba0c0e97
SHA256 3398124e85f7b83183a25bfb7906602e2e68afa5e37147bddaccccf8efa9020a
SHA512 4dd8fb63b56841bb0d7a2b73233aa90007aef3e7151fcbbb2acd4b3909a0a69f96c248f3eb1c60fdb77e0058d6dc5b7ee071c8a16c02a12096cb61a28eae14f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b9a452bc99b1848f0f23314ed453e481
SHA1 f02656191ba951c00671f48e18223cbd8878e2c7
SHA256 aecbf8001c4e2eeebd3e7b83168be68142d1755ce17c4426682a90af67ecaed2
SHA512 7aab254d86f922d0ca9a932527f9549581aea96fb0c42ef9899f2c11ce1dc022031e8de19451603bf6ceef51035507d886cd114a6438debc88a3d523a6375e73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe582b60.TMP

MD5 164901c3fa2d5301f63af8348d5f1511
SHA1 d56cc9d2cbe105b87b095b33009847e42bcf4e19
SHA256 34c76e630a2c8b4d2fc57972e29ef730a86414170bed249bb8ae80973e1f2eb2
SHA512 f7fe2ad365b83afc512fd25370a2ac6d30708230d9b720c695ac7b84e9e31d8f5bcc8eee2075f41627092cbcf9ae3153afe0635620e71b4ee94b342d0f189d54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3cb39c80a6b9eda057af6e055bf61d6d
SHA1 abd585276f033acc233d7d3752d4d831208e4a84
SHA256 d5f16de21248d651be78538095cdabbbd1a2bd3dca7e61284137b3c61384fea3
SHA512 56cf60db01fe0af1ebb762f3bce7512eef3a7375856480620518333dd857d935068ae5adbe630ff6080f1c0c29a5aadb937ba700bbcd980e711d6d0c004c1087

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 ffda6bebf5ea4ac2b2a8130d44e51a4a
SHA1 6757958725cc5da11b80cf2b736c2718672930cd
SHA256 8389263770c5ae585927e9b9f6ea2c00bc7f17ad1e517d8de1438403fd447cb9
SHA512 2b982c2700e47af683d60bec1903a4dbf7b897393583f2d47c3d31e76468f9de06687266e4a257a6a64935653c96dd5704f6d302839468b5ccc6572aadbfe05a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 7475790d523de3354478b996b5b2bb90
SHA1 010bac5bb3c305a5a3e949b8064bd2716a551a42
SHA256 80b8a7d94a92c570d2708d685365f1c66d5745c8b31156ffa9eda3a9d9ebdce2
SHA512 365925359bf80793a45baba9469cc16ec863ec07e88ad4d762bdc33acfdc4a605012b46a847cfed27f73d66eb78eb60ca35e7ccdbafb8782edbc217403a4c82c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

MD5 3bca8411b45106afaa963d562c371631
SHA1 78857d33a65e7061ca18a3540c304f01e7e85325
SHA256 4503345ee70aa9ca0f90012b665743d7c13ec7052e7a943222287973b752b9c7
SHA512 a6a7e9af6613a30730a0b87be76f87144a3483afb756445d462de7b22543027e5e8f5822e0337ba2d7b65e413e526da962783d05d226c0d13d113d57d28b56ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 a6d8b691988396f158d0d0d20ef997fc
SHA1 903b61a61a81d630b13c3a7449d3cf056bd9d610
SHA256 a69df55f268af6f8bb9f80100ecfa5e1582b8895e52df6c7e313401a9f1d402a
SHA512 2c0428f87be7a96265a5f50c0fda89f0b2e313f98f769e8392ec0feb129272b9b5ec714d6680169c302e570d303bbd4ea136c1f748afeb41a7232bd7eed371a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 311bf82a94a99a391ff1b2e2205e48a1
SHA1 bd5f8a7f151b642d0c44b86232f1f79f5d89d972
SHA256 b6010899768074e11c48ab4c6847e7cb57a9951b6eee7fe254df9158d90c2026
SHA512 f15d84c64ca31997a73b36425dd459c2868bf3023089437668f59e2dea99d242d99e310f2308f740a04ed734f63c5ae5d03c8b420fc9188bc39a5ba672260a22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 178ebabfb15b063e9977825a5bbe363a
SHA1 47a243408a5cd7dd21fd76c18bbe4ae79eece0fa
SHA256 a979d600f9a11ae94c94eba2baa079d926ed5f938a99e881e915886384bd4ecc
SHA512 aa7e64dbb6c2fdd08119053829f4cbe875ec88e2eae373d739dfe2ff381e8f799eade752c234895c10fc4fc51f634cfe8810ad808e06ef9a8f0493d34ab28d4f

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_349462751\manifest.json

MD5 e0909520982fc48e47a6451443b11741
SHA1 0e46425274933c153ebf5a03f25e693267a8cea2
SHA256 2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654
SHA512 3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_349462751\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6.zip

MD5 6ef9b7a7863a1a1d6bc10fa7332db6f1
SHA1 6a967dcf6ac46b164d6c0ff65c2e304079be24c6
SHA256 fb89691c605186454d35d150afeb02f561e107d327400840a364350b23a43e9c
SHA512 0f263b696c26402a2f0f5d327c7fed53e1d421375302e940a0132674e63b0f4d91b69545b698f4e49688c859045b537d361ef71a172c3030413bbc7c12890fe3

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1404122043\manifest.json

MD5 89217e000f3145a2523e43f947208e79
SHA1 cd7915d003ee87f2babc9ee9add12841022710ac
SHA256 6722a860c855cf94a54fd1ffdd3801c4c949f5b67d8601ad300264931057f2bb
SHA512 385257ef9c67d80006eb350ac79718f30e08d810a1568454806f2505b482e0093f784d0d4cd24078317f863db500898343ce69391c0ae7fc767697f6da38eeaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.5.15.1\keys.json

MD5 03f15dff10ac451682f8a308674ddf77
SHA1 c723e23c49bed8a52b8f947b2cb8879a110fc94b
SHA256 f967e18d5b1839ba801212f032e7e6dd92f7ba6958bc3ae9b122d9fadf2b1bf4
SHA512 df8fdc89cc1e6f2edce49b41bd9f71dc7f7a8daab40f1355415119f9c0a0d5067337d966472ad49f855ecb9a89bee8d1711d8a869589a03e469530ee8d7e0f3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 269dd6c3e9bfbb5db07ce0c0accb8ed7
SHA1 ae89b88a7593a1a52ac81d27c196bc26ef561ec8
SHA256 1c9f7af8b991e195c051a62d92ad4411c92362cff861efc2748b8683d589c691
SHA512 842ee90ef76266feb26eb58032f119b21fde074cd375579377d7cca6f7ec5219fd49a6083b84560f73ff4ba7443c8b06d00409e89c77604781f1de69619e89c7

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe

MD5 780594098ed58a69144af5e289901d03
SHA1 da441fd8867a76dee5506e6d8bdbd69ea69f4b0c
SHA256 c13e4ba68439d2065784825adeb066a2a258d35ce0027a7e419a07f78d0f0ade
SHA512 bb89389f14a866b286cfe7dff24b9974287d2240ed76447940a1682f3829ac3f86624601dfc369cd4503b74b59b813e18f500a4eeb0ffd3d692355148265feb7

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Server.exe.config

MD5 dbfde188a065e195708a51d2cab58507
SHA1 36db24ef3e6fa2f0893507425dbfd178555aa4b9
SHA256 303f2ee77f41a12f2826b58d4087de1e56352443a57b88a1b921cbd4680ac978
SHA512 0a8ba62dd35f51d4e8e3b4ef6015a650029e56892701f435399f11b9474a33b046cdbc66bbb7221979cbec595dd813b80229446149f66fb1f07cdeda7c89fd4c

memory/4588-1282-0x0000000000760000-0x0000000000970000-memory.dmp

memory/4588-1283-0x0000000005960000-0x0000000005F04000-memory.dmp

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\MaterialSkin.dll

MD5 022f385e55d9d3d42a33b4ca999bf22a
SHA1 5d2f22d51d2e87ae8d1f2c1acd3f08f4fdddf107
SHA256 3b0e1b3af6d2b8b3d02b6cd52849277c9c8066c2ae565e68253d4551c37492d3
SHA512 7fd663b56a2894d1db2ee1032067091f72a4ac301ee8cd392030c6ab186e3bb960d8e35a8591204fc23e9b5a145a2a9ab0092b1c9e6ae5c9c2dc2adf907a891c

memory/4588-1287-0x0000000006590000-0x0000000006C04000-memory.dmp

memory/4588-1288-0x0000000005750000-0x00000000057E2000-memory.dmp

memory/4588-1292-0x0000000005F10000-0x0000000005FC2000-memory.dmp

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Newtonsoft.Json.dll

MD5 195ffb7167db3219b217c4fd439eedd6
SHA1 1e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256 e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA512 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

memory/4588-1293-0x00000000058E0000-0x00000000058EA000-memory.dmp

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\local\Settings.json

MD5 5a8d834657fbcb1b254fd8246710d7f2
SHA1 8f71b23975336ea9bea863fda1a4470a5eec1fb8
SHA256 e74ed4df8c42a3bebb85be5c8c3eaf8c6d3456b29898c453237561aa54ff99cf
SHA512 1ff5b90b871709c4a26b62dea0f23e4893ff1fbca40689a3f79f84923369d0a4644500d922497b02743fde291ebb2aefc84dda31dc9e4b2df1f71940ba1d0e38

memory/4588-1295-0x0000000007AF0000-0x0000000007B12000-memory.dmp

memory/4588-1296-0x0000000007B20000-0x0000000007E74000-memory.dmp

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\RjControls.dll

MD5 889492bfc195bf189ef7649233da68af
SHA1 0c1c83d6965340593e7607d86a2ae06f6cea4e51
SHA256 3ee6c31ab5c76286cc58c94fb11b00c8163bde35918ebb39cc6d4c3bfc62e36f
SHA512 52d5fae0544501a9359e0b420e31c3191d93a8ffd5aebbbe05c2a4191e417c0afe28be58b21957bf2265ebc186878c3f9be63a92043caf747ab4f071fb109b5e

memory/4588-1300-0x0000000009F20000-0x0000000009F2E000-memory.dmp

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\ServerCertificate.p12

MD5 a4472e78ee606f426a623897f03a912c
SHA1 22dec2c55f96c1d1c5bcd0c76d551fc4eefc57fb
SHA256 b8177366a1c932b61b18711b0547b6e6cb92ac64816d4c415e715e37803ad231
SHA512 90fdb478e8af73fb6f8d63e5b1edffadca41d129a7960141095d6724be64eaf6cd0bf0e2b96989a16f4a2109ebd53e599688a51aea0c817da33cf694eae4960f

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_2108344599\manifest.json

MD5 e7314184e67b4501f5048c2e5f181d96
SHA1 f741a8a1b8c18c8d4974f937ef589b134dde5419
SHA256 7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a
SHA512 773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4aaf258ad667eb5384a558ed31e1963f
SHA1 2214655909aac54e8f2385371259d53601f90a35
SHA256 7aa6b93aaf3557afb81cccf7d9ee40caeba44c08e4fa11540fbeaa95c1368cb5
SHA512 eace7dfb43b1f5e550a7d01fe2e76cc67a56c01ee681e8ca5afbb9aca68ad3b9484950b80be6d80ff5e6d8d84fcf1f45d18788fa5434b10cca2b01d16f70187b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 578c8773649d9b536b09ad78018ef48c
SHA1 f3eccbce24c981ae12d8ade17e89166f5cf1a108
SHA256 fd46889fd9e591b8100fdf8ce92f7580828683d0ebb987ee26139ad97bc9b544
SHA512 b0340c7a69d961215a6cddcdca7d8fae53efa6ba862930db9cf3b9e13587867f7b06e45ff633c5de4ed2f38cdbb7f14f41e5ce0fd8d176b9075f9e66d3ea3e9a

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\local\Bulider.json

MD5 c640915d1d6bbf049e4e87a82cd4ab8a
SHA1 56dee0223d2b9d45b4baa693ab7c9d520bd06089
SHA256 4843c6f6c035bc9d778d58fcd2aba4a8c37aba378dfdd56ef16e06d8dc8d92b3
SHA512 33fda797de86545989d8ca47f00ffb4a7ff44fbc919c8ca4ac129f999536233b622fc177932ee9f554b405265fc3a085aed63ea3e15285301c9678680c94a33a

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\local\temp.ico

MD5 4c84bfc72d502e0ab8f956277e009f8a
SHA1 49647abd196f132f40d26efb2f9a5a0be3ef9e4f
SHA256 01c6d342e29e5ae750d1a1d4ae8107d7022bf4a4fcd1f47aeb6517e0737764ad
SHA512 6dbf57ac43cc75411199eb47eba175d11059eaf3660655e130b61376e94e2e37335a2aa7c1b6710eef4615d775be0d24a95d49261aba737df983fae926212adf

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_18000524\manifest.json

MD5 01cb8b111843d1f1dac11d249c24c8b7
SHA1 c4f1f6f219f325caee6363df7f459323109f2f6e
SHA256 b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a
SHA512 075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json

MD5 1c865471f98902a3818e8bbf46360342
SHA1 932497309e942f67080b84dd37dbd634117135d4
SHA256 b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d
SHA512 d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json

MD5 8060c129d08468ed3f3f3d09f13540ce
SHA1 f979419a76d5abfc89007d91f35412420aeae611
SHA256 b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92
SHA512 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\v1FieldTypes.json

MD5 c1a0d30e5eebef19db1b7e68fc79d2be
SHA1 de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256 f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512 f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\dnlib.dll

MD5 3d913aab7b1c514502c6a232e37d470e
SHA1 28ac2d1519ec5ea58b81fe40777645acc043b349
SHA256 bdb84aa16678189510def7c589851f6ea15e60ff977ea4c7c8c156504e6ac0ff
SHA512 311e8f73c52dd65cbaf9f6e008b3231090ea99edf3471bac63cca4156a37a0d874ac590b19c01b15e05345bb6a5b636a11698bbd4e88c59c138dd3f358800027

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Stub\Client.exe

MD5 24b70dcbdf39074f85c1ab2f0e0a3223
SHA1 9bb3ebd03a59cb5606d8cd7b90edee45ad6e2614
SHA256 5f70e4fa11017918e51ae7eeb9c46b8cf3e1d3ec71b46309878885d38749f797
SHA512 a631b67e6a3f3bd7411a119cd82fa6395e865b55f60726fa6bd2eafe30950a0e0e31f61a906a95d7a817def2c86fa91264f63cef856190cd521d260784ce39d7

memory/4588-1415-0x000000000EF40000-0x000000000F066000-memory.dmp

C:\Users\Admin\Downloads\Liberium_Rat_By_ggsquad_v2.6\Stub\UserMode.obf.dll

MD5 16e5a492c9c6ae34c59683be9c51fa31
SHA1 97031b41f5c56f371c28ae0d62a2df7d585adaba
SHA256 35c8d022e1d917f1aabdceae98097ccc072161b302f84c768ca63e4b32ac2b66
SHA512 20fd369172ef5e3e2fde388666b42e8fe5f0c2bfa338c0345f45e98af6561a249ba3ecc48c3f16efcc73f02ecb67b3ddb1e2e8f0e77d18fa00ac34e6379e50b6

C:\Users\Admin\Downloads\06wt9uvbxedu6w47.exe

MD5 f61613d0529ac33d006acfb6a0fa5188
SHA1 7dc993210d72c78cdfb98c7ee46ceb7e59da2ca0
SHA256 80413a41c4e460898f05f2439e75d9e1d0e7f7e9eb2b6f38d0918b9903150bef
SHA512 69a75d604b109c79de43fbe8326fb0334bd59ecff47af6e4bb8f8eb2a9c71603767cf2d4bd26da5925cf83770b567f30cbe813e6de6582b86bedaa489bdbf3e3

memory/3484-1434-0x0000000000770000-0x00000000007EC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 68b0d97ca57785aab1b368d3f0dfd5bb
SHA1 3d51dd1fd137fdd3e9ca74cba2a6ff1c57092995
SHA256 34c707d9a277d74a328ba2b9640d264dc5a4be98d532bca88e6b9fa36c23b30c
SHA512 206a18f42f3d69fe1debab4bed797707ac2105648f96295eef0e8a3cfbcfd6ab2d96ee7e5c581e76e9a1a17c03e59f6877f1875c881a5a23be5ced56ec4c87b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.11\data.txt

MD5 1bee2c36cebf096d8a559d5c4eeacff7
SHA1 c695eda67f31d729dfc336b8a471ad6346a39031
SHA256 5e4014e267eec120e673cfbc407e4340c234a7898319b35a304ed6ea343a7999
SHA512 ba520d383be95d8b15140b7e38e4e7ac03077bbbb8ee5326ac4162be9403bc9f0576e53840fc22cd9c4038f19f60bdeb7b4e8e0125da6ed80670238de812b4b5

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_451790962\manifest.json

MD5 b4d869dd7052d78d29b3e439565f1600
SHA1 caa2cfa31729f4348a02514eba0235e72b88ce5a
SHA256 0f8ee89c4a420bda691d058cdd96c874c2edeec84145c81c957e98d05e351d3c
SHA512 1fda3488df8c43ad413b2e69a5e2292322fe837f7b27b88302b4e591e7e13fdceacb0af9b8bb92ca7c0d2b39abffc776c6cc35d18abb86ce91f55c719b43480e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 50fa22b09558e651f2f6c864fe1889d6
SHA1 88ea1fc1f86e858114a9117b8c6ecf18b78fb8a7
SHA256 d3be74ae93739081e6b432a76b5b3b08d8a83371f4d278dc04bf4e2a2639df22
SHA512 74627edcf4c091d2e15a618fc70532513c1ac3cab09cde951d2d395837a7b7b5d002e2a14ddae8a35007f39b32f7fa20d0f82b28e5ce5f62c5ff7d6a61c20782

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1108697881\manifest.json

MD5 0abdce2e93f6542edfc9dfbcfb61ce89
SHA1 08067386e18ea1d48d916ecae2d2583a5f6df6ce
SHA256 d912b0ee06353fc36393d1c187a22d37d467e14ddb389a930ff7317b6760531c
SHA512 ec60d26c4b1c1e437c5c88fd9efc504843551a51d3c1b036a5b518cbaccec6e86fddca534b96d490872c6fd53a874f765367d3784473b948f112a51addc9f730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.7.2.1\typosquatting_list.pb

MD5 8aeeb5c136b1deeeee3677f4b93e2575
SHA1 c716557d8d504577e2d22bb710e94663b91c80f3
SHA256 b8d2c9ee5824a35ef1bcc746200cc710bad4951d4ee16be4acb8a8f503bd4856
SHA512 a5b927c20ade622589e09a7443e7fef2ae2b445b22aa773c4bd05c248d48f0bd0e7e2f3595441bd40957c08f29d660f27b7238030c51303d338738e2b1c51b17

C:\Users\Admin\Downloads\inil0imd2jepg2kr.exe

MD5 31a1a59b3d9d776591f51f05a226e2db
SHA1 75a37267c3f5e22a3536eb097e3b3e6e1a4b65ae
SHA256 fa49cf273d33d57102ada2fc3e7314f91e605c9184e460ed00ac8ef5d19dce47
SHA512 217429b39767136982dec657b3939a7f3e8a97d0b80ac13bd75d2b2fbc05879777ba5d7b3f34a43a648aef028b0fc2d691a555c2167cf33179754f1d8b4d4ec2

memory/5112-1534-0x0000000000100000-0x000000000015E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\06wt9uvbxedu6w47.exe.log

MD5 8add56521ef894ef0c66ecd3e989d718
SHA1 2058aa5185fd5dcce7263bef8fe35bf5e12dbc7f
SHA256 01bcb6c8348b83208a7c923fd840130a0bc7b3a188b62ad8e270a296ed94b724
SHA512 af99971664282617c18db6a27ddb3bf57eaa291d79ef66828319de3eb38533cc813f7d322cc4c9e687aa90b5c91b7874ed8e725c3cfe35e139e0581492caefb2

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_795975215\manifest.json

MD5 b0e549dcc425951a670808d628ab5181
SHA1 63c37e4fd9193836f0100cee2bf76585787ae94b
SHA256 b2c8ee75956c3bb7ea6865137c441b916badfb99c922c17785875e784c96e29a
SHA512 d6dc7c7ddd5ad8ca06a831faa6bd399c8af77e0b21cfd039c608f366fb54b8d4553fc8f947a070544f472966190cf1ca5a236d1084be824b06684b6c6e8de0dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\crs.pb

MD5 916f38644626b7201f29c01bc659525b
SHA1 c259bfd1ccbf1347b6a0bac43e7aead100ca7092
SHA256 8ba4acc8582041e5caa5dc4c73ade421b52a8b018e70f12b7a1437f74c6a955e
SHA512 33539525ec8bf13ee832365994dd6b3bc2162ef64e032baa1ab6e45d701125d08009504c254e85b763b69abd93f10366a4b44e5e62f7705c988c089aea447d19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\kp_pinslist.pb

MD5 563bdb2192acf2c106832f696df5d84c
SHA1 898eee38d08e09254c39dd0d1707c98f95cb2fa6
SHA256 2efcd280779456d767025a4f2915012cb9b11af2b8e199d3f32152232bf09460
SHA512 550e3dbaa0a5d74763465318b6f14035e16e1d70602ca36a5636d159875b527fae51f0c7f81e380797b4871283dbddb964017e7a16857228a621284d7aef00f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\ct_config.pb

MD5 4fdf7c8ca48768f459c97b25fdd10d9b
SHA1 d1f0ac34a53294875dd7bc03dfbdf5c7ae65a4d0
SHA256 6a350094ab9a19b758f6660a58afdecc44e83b3ce8c3521fe3b831d5945a3911
SHA512 7322c942946b83ed8cf8875613f72ab5fa5fcb4ca1671bba22bd02404546f8ce099b2941cb0897b3209aecb85b6ac2f1b98f2d11678e5304b55ae3974192042d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0fc6f7c5-ba86-48f0-8560-dff2f42d25af\index-dir\the-real-index~RFe5c3deb.TMP

MD5 ebc82e5e310a4a4700638458b241ceea
SHA1 32a7d9e961378de13e5347cac76f20844f5eeeca
SHA256 7bee9440e010a30d255ff9758c1e3489b1e202d0f611c357c75cb3bb387d326c
SHA512 2980f1e0b1fd0f8b4922a6ad7a3e054b9856aeb361611f4aaa5fe7f62ced2dbceaa831ac6d2f15207becbf9ec710d731f7e422210418fb25ec3a49dd28f2855b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0fc6f7c5-ba86-48f0-8560-dff2f42d25af\index-dir\the-real-index

MD5 72060c97f6234d695e87c1d208d6f394
SHA1 07c9293efed4a1a6964c5339026bc3b17b968a29
SHA256 16ee55347a64faf0cbede2648c5f55450f367a275cff5fa923bd6972b4515fdf
SHA512 2d2d3e7b40a0f570acfcbf52e9a95b350ce210cbfcba10ad29dbe024171c82110481a2d09c8409158763c893886287686b92474904358a7ca1ffd5ff262348e4

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1976642119\manifest.json

MD5 811f0436837c701dc1cea3d6292b3922
SHA1 4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87
SHA256 dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d
SHA512 21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

MD5 f5f5b37fd514776f455864502c852773
SHA1 8d5ed434173fd77feb33cb6cb0fad5e2388d97c6
SHA256 2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e
SHA512 b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 5067ec626678c2a362bc610fda891797
SHA1 73bb9409ea01daa506203f59e314c38aac42c066
SHA256 67174ff47a5f7b3b6fbac642c13eded97e23f3734974a09e6e6fa9b426c72e48
SHA512 cd776b03e4ae398ff8d741c6897c30f3a9055b755afd7f68e7be2478d16972e5a31e4f7f1d4da071fb4909ec436d84e137b25c7e4174545a1cd9fddc3d56c3b0

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1613740460\manifest.json

MD5 b721bdf2924d658186ac8868dbd2c008
SHA1 914aacc65bb7933bd73aa06f8bd2ca0b04de3858
SHA256 dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3
SHA512 4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 75fe100388eeca8098bebfdc71db2232
SHA1 c927fbf6e4fecb4d13e5a491dd9ed3526b23afb5
SHA256 589d1aefc1941dd25d09c7398f7632a69c6a5721cfd3be492b2d8c27981a7249
SHA512 ad6fdf4a962c9617e3bef1856b8db2b3ecf438454a53556ce0dc411be4f967f11d7690449a4cd82f907e17a846015c197552a38a086055b28dd850dc17976f59

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_2122496097\manifest.json

MD5 ba25fcf816a017558d3434583e9746b8
SHA1 be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA256 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA512 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_947824402\manifest.json

MD5 2617c38bed67a4190fc499142b6f2867
SHA1 a37f0251cd6be0a6983d9a04193b773f86d31da1
SHA256 d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665
SHA512 b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1559454108\manifest.json

MD5 a4edf901d950a9758ffe578ff1b03212
SHA1 cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5
SHA256 aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd
SHA512 835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE

MD5 aad9405766b20014ab3beb08b99536de
SHA1 486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256 ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512 bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules

MD5 faf01ed2c0020f8fa512ff379d82c211
SHA1 233d104dfe718231837e33c5543085b6dba5cd8b
SHA256 192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750
SHA512 8ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.60.0\edge_checkout_page_validator.js

MD5 03afb46c48ec22865708e6826a3a302b
SHA1 6566e24acf922c9d4034850bf1dac39786be0655
SHA256 03daef0d9039418880c9414c6cc56841b9d3facd790b2480e302c1803296b003
SHA512 6df8038a494df3412e2224b238da025d26ab477a02a1cd9ad809369047ac54fa745faf7bff4c209457fea59da64d23ff953b8213ed12cc1a2f4151a057df6c10

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1162520442\manifest.json

MD5 3c22ea3bca074127e886b3c3d4cead69
SHA1 e6442f0437b3375c06e33c3080a42692bd4262b4
SHA256 107c9b046abd5cd2c31fa6d6337bb91c1e42633c08d8eb84bbe3feb7bdcdd488
SHA512 6b2d04cf57c074e27798127ef7b2ae9b0dcb9a7e7ce5d3be63b67fbdb7d66a57ac2bd9975fd32e5fdb08f463638ec3801f475d41f40044dc8892abec687f598b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 fc3769606eb621f25ccf5f5e74bf0f7b
SHA1 3b371243477e5d81ea8c78c003e599364c30fde0
SHA256 444accc9fc3ef60f0b1a48ddb7e343fced76a3bdcdabdf517a07b7508e2dda29
SHA512 3d2b5ef62d6e5e66185462c50126a846943a871b074e1d0426f02b236d39610648f5ffb5e2498ddde55d831a74991f0b24818e4fcc4abd76b7aa1221761f09d7

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\manifest.json

MD5 b276b32c82b4a75c2964172e184cac48
SHA1 b99794d13ae8fd9491f5970365fd20579ff8cf78
SHA256 6cf2e01d3865122a8b9cc9e74762c85d71215cdf5853a24663c53eff79521255
SHA512 d0e7364ace98d6e489ae66adf5f05063f78052463aea6a64bbff2b44594c07b9102c7032f925101bdd36bfecd71ecd1d29af3ff37b8df5e989bc9378f3913c8b

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

MD5 8595bdd96ab7d24cc60eb749ce1b8b82
SHA1 3b612cc3d05e372c5ac91124f3756bbf099b378d
SHA256 363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831
SHA512 555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\Notification\notification_fast.bundle.js.LICENSE.txt

MD5 7bf61e84e614585030a26b0b148f4d79
SHA1 c4ffbc5c6aa599e578d3f5524a59a99228eea400
SHA256 38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179
SHA512 ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_271968590\json\i18n-tokenized-card\fr-CA\strings.json

MD5 cd247582beb274ca64f720aa588ffbc0
SHA1 4aaeef0905e67b490d4a9508ed5d4a406263ed9c
SHA256 c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5
SHA512 bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-checkout-eligible-sites.json

MD5 ed22bc3ded6df0109b9e594867473559
SHA1 ee39eb80dc23f7fd764199cbe4a153c4edc2e768
SHA256 2abefae3d72e7c4f5cdc94eb0ee552612d843a26faf4a7bd061c73839e19d7eb
SHA512 fb337c0a0107dc37a3067bcd6f60ffb8f63ee892a0ff729dcdf67c7a21fec95a742a274853e8947489108d7543c13b9479e02574f490bc217e8a182f08543aa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-notification-config.json

MD5 4cdefd9eb040c2755db20aa8ea5ee8f7
SHA1 f649fcd1c12c26fb90906c4c2ec0a9127af275f4
SHA256 bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd
SHA512 7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-tokenization-config.json

MD5 ae3bd0f89f8a8cdeb1ea6eea1636cbdd
SHA1 1801bc211e260ba8f8099727ea820ecf636c684a
SHA256 0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d
SHA512 69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18356.18355.1\json\wallet\wallet-stable.json

MD5 6e57b65a604224b60edb31cbec433a72
SHA1 cafbe47c5e6dbfb189bec99b3fdf612dd8b1a824
SHA256 0cec355c59fd6dbc59b6044d4dc8f403a499b256e9defeec4b7b6d21c67feed2
SHA512 4d2d3ed510869ead82211ff2a8370636e18779331e80ca385746023ea76bdad49b7009848bd41af7c607460241aec54d0a0a903324d2fbcecef08e2fa95f0641

C:\Program Files\chrome_Unpacker_BeginUnzipping2584_1682441626\manifest.json

MD5 578c9dbc62724b9d481ec9484a347b37
SHA1 a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d
SHA256 005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0
SHA512 2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640