limerat | hxxps://github[.]com/simalei/njRAT/tree/master/NjRat%200[.]7D

Analysis

max time kernel
386s
max time network
390s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2023 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/simalei/njRAT/tree/master/NjRat%200.7D

Score

10^/10

limerat evasion rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
123
antivm
false
c2_url
https://pastebin.com/raw/DDTVwwbu
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/9kHA6nwH
download_payload
false
install
false
pin_spread
false
usb_spread
false

Signatures

LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
rat limerat

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
1444	netsh.exe

Executes dropped EXE 1 IoCs

pid	Process
3688	New-Client.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
249	checkip.dyndns.org

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	LimeRAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	LimeRAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	LimeRAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 50003100000000002f57a23e100041646d696e003c0009000400efbe2f571c3141575b472e0000007fe1010000000100000000000000000000000000000024e37d00410064006d0069006e00000014000000	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	LimeRAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 78003100000000002f571c311100557365727300640009000400efbe874f774841575b472e000000c70500000000010000000000000000003a00000000008c8d8a0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	LimeRAT.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045988481-1457812719-2617974652-1000\{1C088F51-D24D-4CA8-BF5E-70C3EBAF5E48}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 7e0031000000000041576b4811004465736b746f7000680009000400efbe2f571c3141576b482e00000089e101000000010000000000000000003e00000000009c3099004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\NodeSlot = "8"	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\MRUListEx = ffffffff	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	LimeRAT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000c31f7a1b9be7d90164f83d2046f4d90164f83d2046f4d90114000000	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	LimeRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 = 5a00310000000000415777481000436f6d70696c65640000420009000400efbe41576b48415778482e000000773302000000070000000000000000000000000000006f723d0043006f006d00700069006c0065006400000018000000	LimeRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 00000000ffffffff	LimeRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	LimeRAT.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 770471.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
5060	msedge.exe
5060	msedge.exe
2076	identity_helper.exe
2076	identity_helper.exe
4696	msedge.exe
4696	msedge.exe
4876	msedge.exe
4876	msedge.exe
572	msedge.exe
572	msedge.exe
5636	identity_helper.exe
5636	identity_helper.exe
6064	msedge.exe
6064	msedge.exe
2260	msedge.exe
2260	msedge.exe
4172	msedge.exe
4172	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
5264	msedge.exe
5264	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5536	LimeRAT.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	1852	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1852	AUDIODG.EXE
Token: SeDebugPrivilege	5992	LimeRAT.exe
Token: SeDebugPrivilege	5536	LimeRAT.exe
Token: SeDebugPrivilege	3688	New-Client.exe
Token: SeDebugPrivilege	3688	New-Client.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
3440	NjRat 0.7D.exe
3440	NjRat 0.7D.exe
3440	NjRat 0.7D.exe
3440	NjRat 0.7D.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
3440	NjRat 0.7D.exe
3440	NjRat 0.7D.exe
3440	NjRat 0.7D.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
3440	NjRat 0.7D.exe
5164	NjRat 0.7D Danger Edition.exe
5164	NjRat 0.7D Danger Edition.exe
5164	NjRat 0.7D Danger Edition.exe
5164	NjRat 0.7D Danger Edition.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5536	LimeRAT.exe
5536	LimeRAT.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 924	5060	msedge.exe	78
PID 5060 wrote to memory of 924	5060	msedge.exe	78
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3288	5060	msedge.exe	88
PID 5060 wrote to memory of 3748	5060	msedge.exe	87
PID 5060 wrote to memory of 3748	5060	msedge.exe	87
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86
PID 5060 wrote to memory of 1956	5060	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/simalei/njRAT/tree/master/NjRat%200.7D
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd88fb46f8,0x7ffd88fb4708,0x7ffd88fb4718
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2672 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,2430594776533139613,5820770799657309214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3600

C:\Users\Admin\Desktop\njRAT-master\NjRat 0.7D\NjRat 0.7D.exe
"C:\Users\Admin\Desktop\njRAT-master\NjRat 0.7D\NjRat 0.7D.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3440

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x2d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd88fb46f8,0x7ffd88fb4708,0x7ffd88fb4718
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5484 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,6991717478708252032,13873843123846977491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5308

C:\Users\Admin\Desktop\sloboz\NjRat 0.7D Danger Edition.exe
"C:\Users\Admin\Desktop\sloboz\NjRat 0.7D Danger Edition.exe"
1⤵
- Suspicious use of SendNotifyMessage
PID:5164

C:\Users\Admin\Desktop\Compiled\LimeRAT.exe
"C:\Users\Admin\Desktop\Compiled\LimeRAT.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5992
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c netsh advfirewall firewall add rule name="LimeRAT" dir=in action=allow program="C:\Users\Admin\Desktop\Compiled\LimeRAT.exe" enable=yes
  2⤵
  PID:1188
- - C:\Windows\system32\netsh.exe
    netsh advfirewall firewall add rule name="LimeRAT" dir=in action=allow program="C:\Users\Admin\Desktop\Compiled\LimeRAT.exe" enable=yes
    3⤵
    - Modifies Windows Firewall
    PID:1444
- C:\Users\Admin\Desktop\Compiled\LimeRAT.exe
  "C:\Users\Admin\Desktop\Compiled\LimeRAT.exe"
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5536
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe "C:\Users\Admin\Desktop\Compiled\Misc\Stub\Stub.il" /out="C:\Users\Admin\Desktop\Compiled\Misc\Stub\Stub.exe"
    3⤵
    PID:2548
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe "C:\Users\Admin\Desktop\Compiled\Misc\Stub\Stub.il" /out="C:\Users\Admin\Desktop\Compiled\Misc\Stub\Stub.exe"
      4⤵
      PID:1220

C:\Users\Admin\Desktop\New-Client.exe
"C:\Users\Admin\Desktop\New-Client.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Lime_RAT\LimeRAT.exe_Url_jr4dhwsrlerd0a0deyvnrrjj5deihvlc\0.1.9.0\user.config

Filesize
674B

MD5
853bc66e6155f4729fbfbe758a958958

SHA1
7ca4e845ae9988de3e08123525a3133b87aa6be4

SHA256
77c84c69cf088aa06ea4bac793e97e0f8ce78ad3f2df19bfac0a7b6cd7070456

SHA512
c2c0f3a07b343e2d9c200e2e8e39c05f4850c96cf97b6784e37c36184c224ca94a66f98ffc4b03be1cb76fc78d83cc49ef50c29179fc5f3e500f4b39e8cc433e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
76837d62bc6603b8d690f06c07f6d513

SHA1
5c1ce08ad0f886cd861f7948222dea4cd542e366

SHA256
5dd147fb75265161036d65bb301d329cd5b59c125905ee8d9dd8dc2b5cfa79ea

SHA512
2a7fc74de1db2f93a9b441f9e77ee4db155cd301748c5f3ae5ff2a1d42a64085a9b6be5a799c237bc06102adb4ab387101a05fbde55e35473fb307668c0766c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7b3bbc78-6473-4fbf-ae33-cae985a3cdb3.tmp

Filesize
2KB

MD5
957f080602ca6c09ca78cb4acbde736c

SHA1
83b5a976a3e6d282d408236d273bda9fcddb70fd

SHA256
a36f940291e6fc3ddc0fdcdf4ff49031706353b989a73c1fc030dbc53475eccf

SHA512
64279e3733f52ca71af29bc92d8b0dd22049884913d2b066d2ea9d97fe9a360c3cbc23d9c764fa096ea58b70b29b7c5cfcac742e8bf621d2464ef3075d0aee8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9cc980bab8cf8b480247f0c6be243596

SHA1
3c6d3d32bc45adc8c9c09ab154a81e53b6fb5c57

SHA256
00451bdd05a58c4860913635d36b2557b975f5a4c6585506373ef9af03b1017c

SHA512
863e89b3276ad3867a98c1a308eec07f3d57b3876b4a1954948650e1edea95d2e349ef28a9302e7656ac074decdd6b0e2861bcc23b89d654aa8371f33c885b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d4c7ef321645b75bd1505e54f3ec167f

SHA1
31bcdf17f3a6228e3d4794278af2171a546bcab9

SHA256
88f38944b91ff17a3e35dc8a42574ae4629ab5516e02d745da95957efd9d2485

SHA512
b9316f5edf6c30e7549a4b5662bd27683f1b7fd39da58746aeb5dc9ee4f2162a51be3843a1acb843264d19d302733b0b1ba03697267272bbb52b79684f4842e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
887472a55b58469de7f812ba0d733b48

SHA1
92d02a92ebc6f5d02c9f3de5e7d4a1b06948a936

SHA256
aba2601ce20555962bd8579aeddf878d97dfee15a991389b58a2927a0b55d1a2

SHA512
58f0eb1c13ac3b59ef427d8524f4d6838b35f24f5e620b21949fd6d8cf11ad640a61266d8161ceda4b32575c3db21b01b54b8e267a220e2df5162c46f7fa10a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
a75f324f981ef02e3313e9e77654e2e0

SHA1
19838d02926d78e49dbc77726d5b35781aa15edd

SHA256
185bcb90aa64f18c2f095c492e4bce05734d0a3b69350fb58d2f0bc623006fe1

SHA512
100ba20ade37e40ec5045ed9c68276a5f7d30e64274464fbe5b50ec649fe937111b40be931f44851a14f433cfe1622c93d5c298486a1c6030f2e2b21a4a20b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
69KB

MD5
7f64f527eb916de76d5559f2af78c4c5

SHA1
a08d47d130d2025d8c678609fa857e4da5d34105

SHA256
76c12bca3ea33b6d5d0c248b8a7935e467a3cd35257cae3829d16a3dc5abf891

SHA512
6c706f7a5465a6bd002c004726e35719a1df7a8ce84d3ca620db22ae9016c4285cc344e8d080898fca2212b9c2e801e43951a55b46244e080086bf1dcedee56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
b16000dfcec4ffda43cc7fb902f22a04

SHA1
89eacaa72c5beabca0c56364dbbf90ced3ee8f27

SHA256
9dfe27fe892a5a033eef826779572d3f0a3e29bf8dd499c6655e66c9612ab6c3

SHA512
642fc72a2287d111abe9a611c02fcc6ccc86afa1ba413c3d63bc0ad20d5b983f06c6ded7ff296e16462154f4a301353cba46ed7585de6423dbad86c8b1ee6244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
1004KB

MD5
44998cd1a5f8b691b92711500528083b

SHA1
ee25f8610e070fa7281df5258c6223e3a173ed19

SHA256
fbbcac283c7c8e29d24b4f44d2160c78553f1b166f4e3d39d729b50cc97e8e75

SHA512
948438982b8bf7b16718b99be411a17bec95e6c352a03aa88fc64e38c49b91a4291af258ea8741b60d17ccf731628c5877786063a9b5864c09bd8bce82f1b3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
47dd24b62acc81a29d737962d3630da4

SHA1
50beb711d95316c2e953389fdf3ac7c1ea270ab3

SHA256
9571048a7ddb7f35621246252a6ef48871fa1eab1f4c6f6908ce3761f93ed4d6

SHA512
ba19378cb93d063d6e075bb27aa5555ba54a9eb8788743ecf1e0c4e70dc496f2ce1ff5962b663e8950a853ac9ea5978354c8bbac302bfe223ce84410ca7e402b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1e8c31e3dfd798b577cd6c40d9948190

SHA1
27ae640a6d77a5e137d53c4673280cb7e8cc96bb

SHA256
6be95f56d6207d91c74ef13d14a4260efcd28d016288d42ff411fa42b15e8527

SHA512
db56553872822069b44178a669987abfa0f264e96e8c7de5e0638a46ab88eb618a403828d4592baceea7f6f11cf2365f03b9c23a9b71543e13df2e0ef503eb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
681e5f9e0264449848f15304e6db121b

SHA1
30f6873d0b86d48ab143a71c7447b643bf7a1a15

SHA256
3382cf8d09758381563973a150748270bbf2aaede4516f08ed03617d5814a1a4

SHA512
74bdae3b5adf7d6c52b79b308c27203d77b5df3b6f623dcb32dd4b2067f9722500ffa9e9c853629afec932cd4adb6eded0c0654e781463dcf04242669fc15d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
824b25ddffe9363d523716d4445ed6fc

SHA1
6dd7a912eab142bec96d92ef3a8c3fa85df4f0da

SHA256
2e95c30c5d9c8b58235740861a563240f8262fbebad4866eb4f3947e65caf5aa

SHA512
329caeffbe1cd3be744c6263186d311b82cf1fb6b9b331c8307e62001ad097d7c7810e4521d7fd7fddcbd4b4c0f817c77d6f24faf02bc6e9af50419cabd54655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
824b25ddffe9363d523716d4445ed6fc

SHA1
6dd7a912eab142bec96d92ef3a8c3fa85df4f0da

SHA256
2e95c30c5d9c8b58235740861a563240f8262fbebad4866eb4f3947e65caf5aa

SHA512
329caeffbe1cd3be744c6263186d311b82cf1fb6b9b331c8307e62001ad097d7c7810e4521d7fd7fddcbd4b4c0f817c77d6f24faf02bc6e9af50419cabd54655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
e55ef51d8bf7b998702823dda6b5e099

SHA1
e2c6bfa52b9f0def9c7a334b28b3fe15cb88152e

SHA256
4e52ad1ac3de60146a56bcd6516840ce7f1deb88ab055cb9dec579702c6d60a2

SHA512
2e0a1f5fb34261ca8ca302513be4958be7b639ead781e21adc5a04d07f0cc8b01ecf9184e35a648a83f55527b981ab3f0b48c396b927fa637e2e1dd91d7ac78b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
6ba924e63310c21f24f0eb6b085f539b

SHA1
94f43fb3bb3a1db6b809fb71726a5c4a50256055

SHA256
064c131a8235ebe802310d65bc38afb1e088079c80cc6dbf26dfd30a205f4c1a

SHA512
f37f7a5739dedb5b5ebbce5144932d15c2a2bc6d06667bb1dbdd1036da9367b84d8228271777728ace1959f2e5cdfab7646a8692b7b8abd963356ba994a1ec73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
192849cec7531792ced5d00ee989de2a

SHA1
8665bb10eb04c0e6154ef2dd6b58395c4a38c9e9

SHA256
fc63b0c9007868575c61158ec030028093a4a17a5df07ad290a8d90467986b95

SHA512
f2199723d3eccffa52912c92e6d4c8f00b2d3eb4fb298b8fd5cdd6fd7d161ebcb4587ec2d3ec5364f04dbfc45d849b769e499fa082446362760a03ee32281326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8c5475d9dd5e8c617742375db02b5dd3

SHA1
c9cbe22d42cd581e6c1a9522d71c1edf348fed58

SHA256
2fdc1dcceee1085cf0cd42b9489bbcd5acc381d213db6e4a683abb39529ac521

SHA512
04808b06ee56c212aa34ce0ff5addb88d0a078f77aee9c56c4fd9c5f209b62ed16d60989465bdc5582e517dfa54bbf916d507b38037a6cdb91f195fd13af561e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
1b066c28023358d1935cb5d429fabdfe

SHA1
7aa72d8d6c799905266084dbc5593ce325c2c29b

SHA256
7b7e7cd4493ab311c7d54c7a0a5136157b01bd6e284ee8d3498f861618c8fead

SHA512
5dd9fc4c64a15146525208e381fbcaf4c0538348e101dc0de41e59f2574fbb99571ab24b4c8288b264353640c19edab55869d0e688113e47c082bd031a58ea64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
d13ec3dffe699d228b9cd078135b32fa

SHA1
9f9d899189db8d04a03d23f8482eb41e97fb0d3e

SHA256
35f5f746e5d7a06cbb913ee6c705f02a0ceefff2ded6b386259666a65e5385de

SHA512
543943a7067a41397b28a56708c7e30a6dc4843cdaeed3041732e7a284f10a89fd9a86933675ab9ff9ac615ae0e7e99f7e2fbc0982674fbae18fdb61ac1beb3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
13KB

MD5
b39a3eaea7e68c9bc4781e86046fccc8

SHA1
6a84a128de5a7cfa931763bd833744aac915c8ed

SHA256
f40777a07e2b21186aafc1f6ad8259b1aec755f89ac75c63690e65414ccde992

SHA512
c3a39c205d6daf63bc9d88d15fbb31d39166990486226c9a0b141f884a82e683f8b8a8f7ab9815af1d747f226348bc7c6f45b0b7240966438d8e20169cfc323d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
de8b40acc3da1c1f7c4addebc8b03908

SHA1
538788a1e7148a9000be889f9c5034ae4a683610

SHA256
20b4518e4ec0891aaa937ac967135f96db6062c004994dbb65f52d52c37ee88d

SHA512
1248685e84455a551d35a10cb08a0781e1e5d99af6a094735703173654aa6c5d14d63e8a72419ed5444f4906001dbdf62e84956b0cf408700bb6a63031ef5642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
df74dc4974747ff519b40ed9ac9cab66

SHA1
b9a566fdc43f9ea0c008f0be6084e87cd130206d

SHA256
502d2111ef0e443b1d886095a6ca9ff5b5efb952ddb431086e9ab818efd4234d

SHA512
2953dd3912574d12e8d2146d7e7882e8bb150e7dcd9e7447ca66a61c69b7c6ae18d5c6cef3f7ce78fd890509f16237caca970f76055b2776131bcef237dbc479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3e288c9d004ac719f9c4c17fafd90ccb

SHA1
370b7716375977966445d5a517efc32b1475c10a

SHA256
3bc35fd239236a39eeee6a2c6de2ea79ed1e05a334c200182bc0d72bfa187400

SHA512
a469d4dc7af0281eb858075f651dcd80903013b8ea54590f3ff129194b948d90a86661b3ff0a4c96a2148a42a523d287eb2af1ee0e51b8d4b6f1b5024d28925e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
a6d346f58cbec0a6e4015327b25f1537

SHA1
750056e65a8b1c20b1a6051f5adcdf35821a6ac1

SHA256
1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56

SHA512
74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
a6d346f58cbec0a6e4015327b25f1537

SHA1
750056e65a8b1c20b1a6051f5adcdf35821a6ac1

SHA256
1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56

SHA512
74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ef69e4ac3c2d305d1070d022392bbd80

SHA1
c0aae0dc21cf7aeff74980eb76b80618c7d59cd5

SHA256
1fbc20bc05d8edb4a02415c30edf364d019ca08c8e0699c83940f5958398a223

SHA512
988d987ab50ef79b0d730b6dd1f3e1e4217db7feed24c495cf59abe383566ebc3a31278bba27c6c0aaf6a0f0db43f1f7c73cd46c2d144861aad3f0b410af1395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cc9d36b5f6a3dff95fcd925fb8b1637

SHA1
17be562fdacd99be191e173472f7f1a875f3daf9

SHA256
9ccc4dd70eb28d4d7b9653d02a55e37cb92130d58767e3070417eb49046012d3

SHA512
f565444edf23f6396f328984848410696d148a668c6e00acff7395391588760499308497c53ba73e7bc9c97339fc32d050b19a458d7d99c45b805d272dd33fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec2c9d2d06ad590ca1a5714f60255942

SHA1
033d92625b2d55158e2cbd3a6c1447d5d972e9cc

SHA256
5e0c6dc235b367beb1e7199d91dae848973559333b18120649cd33e02fc125ec

SHA512
66f7dac82c1aae91113fd4db337dfbdabce6845ce6500cf060733221f49d5e0559e0e779545687c8da6e466ec43d30672126af6342a7e182f1e2c8f6bb6e8cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e54241f24187d03378c19649be3d1453

SHA1
59e86e45b2ffbf64ea98c8751ccae86a69eba02f

SHA256
79a0fb6731ad66f83e812e9fa8a92161fec33bd34a50eb69cd4ff7e11f8153bf

SHA512
c7f35de8a17cac4cb7f0317d9e2348fb8bd3f0ce9acc7caf654118f2c7a4137f665b7694a6e01c811768cc4a69d9451d2326c4c0cc7735b4a43b7dfde71cef54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd83a4aed0353945db3295970b87aa25

SHA1
35dc97292d682a06dc122b63bbcb1c459ad37f80

SHA256
264c3865c59553b8e9d19198264744e31d9d3e6baf93e3645ac56350bea9fdc4

SHA512
b4df02ee54146b51d69cffde640538c83f2994fcfc2236407456d1430957bc737fb1d210ca5c6300d8e6062e9227d9785a0d8857abac71803704089b2c5cceb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f151cc15deacaa7184cf09747a079e25

SHA1
5992b4c88cdd02377dc647b048c2cb513e66e46b

SHA256
7321229f7dee4e17bd216cac69b98166f060929f775b9a621d4e3ac72fc12db0

SHA512
16095bd50267349a65d2d833ad24f2d301a7e4bbea3b98c39de516e27fb3308974c8efa3c60566a28ef69e94e04ffe087a4359f233fe8cd0f7fba1f52d4c1ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
95970924918c34de1e321cc3201e9b0b

SHA1
d5107ac679470dc291a2a31d06d3269fc5061d74

SHA256
211189d20e4b711b48899c3e0f8324d8a31621c555540980f7b919272aef6ac3

SHA512
fe51b916041187ff5687b4d6a82dc47c921c8e36564ffb3cce10f47d17fbbe3d7302e490490ceb7143b09ef984a8dd77392afc9d029eacd995de0b12cdeb17c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
53b4dd6c8a5a312d56fb233d99edad43

SHA1
658efc5b8bbf887f066d9ae95f96028549c4c3ba

SHA256
c15ebcafafb4e7fffc88d8339e28a9669d5ef50abbc2d1cf6243a06d4aa119fd

SHA512
51806e08f21fbcaecd8658bd49fbfffe66369dcdeab624cfc77acf6b257d2228f47a5a1aa250d2648a6a766887cb15e824bce6c64e6faa96ae4dbde8864f5a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c9b16f472f217cbbdee4b52eb10db8eb

SHA1
07874b00ebe1f37b1cd644b523bf7199a2df5f30

SHA256
9e60635a23a5245278eb960175df85668245b969a3f71cfca85d0e6c02ab0e85

SHA512
844e21816897aa5903d30f947c7c5c2e60b955bec55fba1628819e014fbc9149f1320e2d1a0c080db77c3747e619feff6c179273eac1ec7bfaf555c863f212b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8b137ee3aef06118ec53c1ae905f68c

SHA1
f73f3a65ccf097dab0a2717fe8b834921a992744

SHA256
7ad7a36084f16906cb5b394f35158b4ebac47be601d5c273f0d1ab7bcfd2c95d

SHA512
10537fd4fcd9f868a6123460c1d968fb6bf65debb6105d0edda3c4651de8d3b1bb6b60780acae1929dc53fde1f2f552ff5d6939e6212cb1310d8685b77520f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8b137ee3aef06118ec53c1ae905f68c

SHA1
f73f3a65ccf097dab0a2717fe8b834921a992744

SHA256
7ad7a36084f16906cb5b394f35158b4ebac47be601d5c273f0d1ab7bcfd2c95d

SHA512
10537fd4fcd9f868a6123460c1d968fb6bf65debb6105d0edda3c4651de8d3b1bb6b60780acae1929dc53fde1f2f552ff5d6939e6212cb1310d8685b77520f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e96d235a407ee4e03aec510006feeb0c

SHA1
f5cdd952c39bd6bee59cf509adc5943e5a619398

SHA256
04f40057c848dfc3e83e22ed9f28b6515ff03f3d9fd7ccc29231f067d9dab040

SHA512
7d4d3b7f088c7bd2ff825bde6778b0bbcc6206e5eca9e1355ed0bf643f941bdcd64fe58da745fc9559a4df02d6f4bf8bd2ac5b2655f838c4d64541cb39a85254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9c2fd678877796aa658d20f2959516fe

SHA1
75be8efb5abc579b35db72f7b6fb37a2ef5a5b31

SHA256
7f725e5235b26a92c28346018c9b07651f95c9ee992cd28835cb842f7a38df1d

SHA512
9fe489e811eb24abf402db2344b46342de4c11476addc559224b91f962cd659c3e97bd910d03296b794bdfefa464ccc1e76ec777d2a1b7e4fd7b7b5147bba2e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4b5438e5794d983c5f5adcc029f2aabc

SHA1
5acb38741fb8b7a3d291dfeb5323ef93b0428dfc

SHA256
dddbea56c8f278bf9815ae41749b70a57ade660106ad54645e54b88d173971d1

SHA512
777607dc31440516935733e146f6d91b69e8caa726ec22dbc96e7b71fa23f307b4de7583a0fd8d632f158cf80884128d5908424ab747da94a2061546abb17331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3abdccfda55bdd5d330fec14ab2679e0

SHA1
0bc1a4e9ea64f979db881915f95653a58917f0b3

SHA256
2c796cdf656c5f0776acf6e72e3f31104b3c42c0143872d00b1bf57c9fa5851d

SHA512
4ca633cc042a8ce8c458ce95fc25964b07aa41292559651d732ab9b01d78a91a88ad86d8e64d34167a44815961bd6c551449193036518e9358a2b40ce90961cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6b6bd47f12e650fb7d0d5619552ea2cb

SHA1
2c1f8806733043de8eeaa69989fc12e24c061711

SHA256
0bbfa15df23b47f0263d8cfdf6f156813907f8c0a1d81f1e8929fee1e8b13096

SHA512
4f69869d47ea5b798d013a15e92c3b0d1741acaaa9f240caddf9a9f8fc456a029e6b26d5c6cd7a80839d4c9511d9bd1e68402c814836d79bb4e4b08ef8fa1130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
719B

MD5
1346891ac7ed2ffbc38870c9d54f0ad7

SHA1
20e8abb5d22f6358853be4218abd5c6b2d3a5a6c

SHA256
d012fabf58e6a861683a4b7de5ff5c3e6c694390f83572d5957616ea00d46f2f

SHA512
6cce7fd12c4577f7be5e248545371a01f305aff114d3cd9271e7ffa3f626c96860f6d9c9e04ec61937d539545d942d674d0ca230b773119357b49c23c59dcc01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
b73e490c8d6ee3ff803235d30ebf807c

SHA1
fe9222e69916137b371f977bcd4e467390f12262

SHA256
58c410cb41726df857ba9d62b83b10c0a8a02eb73e74c5944d16283cd12a3cf8

SHA512
0c269b171e932c02f457f8c75c093070c03e20370e0509a43de98ce9d61ed7028b6452357b6143d2ba0d76d001a79ea2916427263f5cfddef00a3e73d731c81f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13340624335833973

Filesize
16KB

MD5
4747d1e4fd5b7edc45b766f5d46f15c9

SHA1
9d605e7ac735aabdd241f769110d73d0f774528b

SHA256
bdc5e8db1a9573dd42d8d5c7abb22b851abf1392217cc2ce83e35a6e055acc7d

SHA512
d703b07e1c6e341e7dad4de37fa35aa8055100e4638a05291db87d54fd7e35f66ce61fe8db364aa4b298c00eb528e44d7a6eb9d010f1551bb1a873c7254f07b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13340624336036973

Filesize
7KB

MD5
7b18c643caaa35905ac81fe4f8b87fc6

SHA1
6094bc9d025141da703e2e294c8a441af76c80ae

SHA256
268769d4267356a2f679d61bb4adc461f8ef6956c29e83bdfad7a063d7a7ed34

SHA512
c4856379a231addc729901f980121b014c2459029122823708f1b38742479c521d5e1ca618aa6afa6ccc3df571cdf24506e0d6a1928b9321c8a83136c0c73c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
4288d3b249ffb14de84797acc79d0b3f

SHA1
19e2f5886efb8b6863478d40a003d4b929979293

SHA256
86c9b9e45a5b02999f00e97794a0b6ae03f57c86830b76f557f83ba04cb2df85

SHA512
91b75da5bc4d100376cf4997f9a0bb194efa0680815944d9c8a3fa1d0fa8d97e5516caae1b940ece5ae6b0cd8c69a7789dd47f5367c45c77929ff012743e3b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
64b48e50dca9cb16dc3b2511f2ce090f

SHA1
0a059c235b11ba2a66bf32027048a6e8bc49411a

SHA256
a2d8cddfcb4a031d9188b8b76d9690cceea23884325d08c601050e1345e8691a

SHA512
648eb691040f152e765ba0dcf1ac5aaaea6066675452b9789febc9611ce55e165d65eae819cbb8b1eb3bc1e7720185ca423ba198922b14fd61b4a8a9c09865c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
3fc810e37ab8d9f268b1f81d4af4de20

SHA1
2f1f361c0ddedfcdd425b5b3af029cfb4c7d9987

SHA256
cf148ae5a8cae21617a6840fdcfc7bff90a197786dcf2cc698c7106688b027b5

SHA512
ab00062f662a1f002c27982cf2c04d5dd34fb035cb2632738c3b81ef25165b98dd5d1c44f98efecba8091e57611b8a1f94ee3edc20f346dba0548b1f16993209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff25ff0dfde7726b74c45b82842d758e

SHA1
6c7d2b076937279430758f4581de62382b89ebc3

SHA256
4a0cad4280001c0d487f6834d8515ae4fa29cb024148f8f789abda1a34871652

SHA512
e13f6737ad2dfe66af7cfc936b0c1566bf7d8960797ca6c5bbf096caf7ce45e7439b95cd70def08462d8237c5fbd13741e3c5e1d59f1b500859ce93752c64c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9dcefc9e62d4e1f11838d17bcbd6411a

SHA1
848e31d8879f75ae61df0babe1603dbffb90ea58

SHA256
ced003421fcad86ba336509d4d2482e18df2015c90c013b5634b767272df21aa

SHA512
dc239fb1ba3a7987fc577a306fd08d010a310398ea1e5868cd33ec0ac44ef3122da9ff5ceffbac6ac4c3be4a5dbd3d08510779837989974ee4fcfb5489e39bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c64c7339d12026721a0f51a8dee65827

SHA1
de8c252c1c8a664f55958a4f2e2d847cc8a9aa7c

SHA256
d4e128b32a6702d61006678b0ad47cddf4f6570297a8c59973f7c51b7b6e67ce

SHA512
dc22d6dbf2759710136256aab80c6d4a3ed8e2745071322824d82bced9efd55eac11e7bd5222ef536ba2e39bcedb78b03831e22bdd7ee8c9205cee647a681faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c64c7339d12026721a0f51a8dee65827

SHA1
de8c252c1c8a664f55958a4f2e2d847cc8a9aa7c

SHA256
d4e128b32a6702d61006678b0ad47cddf4f6570297a8c59973f7c51b7b6e67ce

SHA512
dc22d6dbf2759710136256aab80c6d4a3ed8e2745071322824d82bced9efd55eac11e7bd5222ef536ba2e39bcedb78b03831e22bdd7ee8c9205cee647a681faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a648cb025bbf0186b9017f37e05bf262

SHA1
0c8297888ec8b2bacf415b48601448526db2fb28

SHA256
3e818343f39203c2b84d9164c50a86ef480812ad15225448c50c6390a31717be

SHA512
57fd08e8f46972e4caf11dce22af6d1fc8c283e74e541371b65f622e2b5df772bbd4466bcafc451ffbe2ed4a078438a22c5a6e817121fb00534e00455b993587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d0eafe7e936d4abe3f35a4afad493c32

SHA1
92a5a1cb91f19d5aa457845371f7e2288b8cd849

SHA256
9efddb692b38037b05616107a0ac85b4de42c09f746b80691d831809571d7d4c

SHA512
5a4d8036963a10cd59daac89b368d0635c76dc38a5fa5d03646c754002e6d3aa398bc653bc3248e111b681509919f154b1000d21067ad8576c7e669b44663b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ebfc5c3bb0d6175d3f51c3fd763f83c3

SHA1
b827827d1447364d54c86c3ebdcf0bcbe4cd365f

SHA256
e2aed834bea09e01ea723327c0cd0e7eb557362c5c3cd7e9b7e1f417ec04de29

SHA512
3f93b0830c1533890ccdbe880e3fb047f9d39766f6daef69b80901fac53f08172708062fcba18989cbaf77b116282002165249b2e977f1287efc800666d6b23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9c42924fd5ac7311efa15b074dafeb2

SHA1
e71cfc634c604b2272d66e87f3961d4e2400543c

SHA256
f3de0ff7086a42952c89baef65e8a4a9ed192a9f40aff78d5525d227a93a1855

SHA512
29e666635eca1c34127bb643177109bb932cf5385dbe7236e4d2f090e7a86b239c3d99c5162d421808d32825ef49a729122659566a22e07d43462c793555d980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
4331deb3d9c3565a5691d21bd418b054

SHA1
5305c4857e3b49bb5b5c51e17d53d0c3cd299bd6

SHA256
47fd048a8a662aa2f41936860a46fdf8bdf40e58eb1af7857be73e1aa609b30c

SHA512
8419a40f046d854d3e485244b4bd3ad1ff7a23c0627865f720acc1d51799bb24e83d36469f98e76737cbc68b07783947989e830e4580d65730ec4eea25aa7c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c081.TMP

Filesize
874B

MD5
406037a4bb8564c6f84a3b378b7c969d

SHA1
602e1c5f6be738a7f6e340922144926228ea28f5

SHA256
6d59c3741c59a7808f619ccde211d3e3ded018e509ba9d0165ae038e5dbdaae3

SHA512
22e7b9f65c1beb206248d5c8d48cc83e11985e140cb1b214bc80f1392fd67fcb51ce0f086286253df0c1f7f0e48a02dc970c9aa7efb7f36fc7554a5b3d15e3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
95d29fedf5d0ce054e189da19c50323c

SHA1
c0533354cd3027da260715935412c87438e74dfc

SHA256
f5b69b3d46566200cb2dcf545d6b25818fafdffb391185fe9f22ae90716cb077

SHA512
d0ab6abb3813f94e9a1e7f3058580f0161d385eebf99625893d2f3c2208ef98a3686db94810e6aaec18e3a4e0125f2434919681d5fceeacf4def1e1d5100cb00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
139B

MD5
2fb09f16cf72b98880092ad064969cea

SHA1
90a73da8ab553c5b38a8942624133e83a71c59b3

SHA256
711af65f70cf64d199b02e5d1dc69f87ee0b8857cd1c9c41790d3691059ebc44

SHA512
445025b2cf10ca5aef2ffb463e5e43d5b1c1eeb2b6dfa4ef15a66bf2bb15844f8725521d24e75269419440497e086c240836b5014750757487189e3cd79b82d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
4bfd72c9e9fa005a9a2e416448f42f8b

SHA1
7c8c31794a02621067dcfaa0341db57de142bf11

SHA256
80d77362dcb7f6c4a1480435d584a3d3d60ddcf88721bde2416ff5849a3c2976

SHA512
40df03576caef1be4a46d421c07b2daab99830f0c91ef19a6cd2365bb976b131987750bf8b58b6fcb75ff3d196dcf9e0efc4f6e02e1335eb913c01f8da04f9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
15KB

MD5
66e51d4e15bbf1100d42ef91c813703b

SHA1
b6b748a79ab9292734e0bed5dd538b5375300459

SHA256
cec0e2e54037de2cac75fb90700c376cd804cd76fd0fe503cecd3d2b15f4b401

SHA512
543ad19fa311b9646a0d217b1a88a0ceacca465b839216846354ab9b478255d532c9bc69b636dbfc9a5740c69e1450ebafbcaa1266faa50aea6af646c0f62c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
b3f6d3dc287eeb0c7135ce3fff750575

SHA1
294d6d9f783cdb2134100fd18688ede2ba2a7ae5

SHA256
2bd23146870a741df4c3e4423712312cbac33c56e609448d375aa41ac51ef002

SHA512
b5ec1c1d0ddf5ea868614fa6808d9ed86f1d8d78176a3e0392bc6c29f8ffd2377f910612aa609eec13a424d4ece380ec87a66f205c9879a1f7ca273b13b8ab03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
3a6b4b726db5715a33cdff5ece11ba5e

SHA1
a862c9b770d2df540622b83404190517e6b36f02

SHA256
1aa0c039a4df0788bd0dcf189cd8cc1996088ed1c6f9c3b5de7cfe47b1f72fa8

SHA512
97e49b6ed97bccf25ca66c6028ba2ea9675724004a3a23f001e42bf68903c67a8f9a00b120d9f982a174f6058768f70dc204f8d4751eecbc13a66a51036feeba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b31f462fe1380dad1e1c6bdf26de6ebd

SHA1
cc96c4b887e1e0eb9d1b39b0da01caf46463b77d

SHA256
6a6e3be1c6f442a79cd041a5bae223da8aed49fce946edb8f89219746ca19000

SHA512
a2db1d05855e44d21217b0d6f67ec548f7a0e5b73f52724cdd05ae1d87b1f7cd0a5c13c63f1c1c0c9795bad8060946bb488e88246d1a6692adf4871ecb0ded49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
55e6a0271ca7954e6634a6f98cd3c487

SHA1
96c73e056de4ec18a7caffacfd1d39d372197aac

SHA256
f5d052510ac9bc4d6440674db9d045fd72189baf9c113ff5929b092364e09a56

SHA512
faf6bf5d0e6251db6c5d0590a6dbce6805363f1ffe43f3a73c257ce82ec96d705f3e85e326af2c26096cac97ddb451991e753f1a7aca81f29ad79655a4777713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
78231e4b154ed6b96829bb5736d1a55d

SHA1
d9834caace909444b274bd32f8736735cb8ec5e0

SHA256
2f54944565965c6552f8e43db08cc336a78ef6b05a8a398488a2f83b7483843a

SHA512
f73ff26208ca209c7bba427969b4a51ce627d9169f1c24973f820787f3ac524129e53beb39a5141a07d25e79002b5372240f7343cd3cd2207e5e57f5480bc5dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
5d42ceafc34bbee7f19be89edb29dd1c

SHA1
1e09b631d5bf005c391ca8226ed91b4f14a38796

SHA256
9548230394693b1fc9cbea8c254f9159563245e2a9f61fc5b5c5019204c7ed68

SHA512
f4adc791b13cae7d7852e169d3fd78d5c1d72a91d420596439b9a7e7254c2f3e23a892933c34a7f63d44e751a7d993b171d138f8c78f90da7a10981a93b19246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
8df8b77bcc513cad9526df782b4cf1d2

SHA1
09b1c7901125158acaaff9e69a7e7ed2c8ec03c7

SHA256
8ec948470cf86e5ed8d1870ef050b7a32c23c994e7f32cffe646a23d3ce1d0ea

SHA512
d551927c245e22022fd23a419e2e238f6723066ed0d6eabcb8574a6f171c328da50be8cadb716b63ea4e798909d311ad993f11e2b012302c17a360e10c01be1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
16KB

MD5
f55234db88c6538e3f4ad45c114435f1

SHA1
c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

SHA256
bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

SHA512
8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
17407556cc3795a5a006f5e16557cafe

SHA1
3bf3f5f3dff6069c83bcee8b21f84ea4c2b97f67

SHA256
479f0c1045d46a425eaf660e2fea1d9489cd60c432acb69fc12da618264c74b7

SHA512
86d8482f1a59fbe54cd5e7a2b58e49746dff4b1aa35bf00483c801b2875657073175f9c40ba550c593ccbcec69e5c5d9bf0ab3e7b6b641870e46c30c0e149cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ff6fd6e55b374b38bbc031df59dbcb9

SHA1
c672a19fb3e4571d6a1fec5ed8211d6c767574fd

SHA256
ebddc4b63b6fa38c126d3a548624e25e4b2bfb1c8991f7fe161092e67ed7e924

SHA512
053d9febb3804d7ee196b227330c1c9fcc1a2a13d891427ad0d23c7792e92480f6b4569534b3f99c97a68624befe646be77bc0608f8aa19ec097145120ff4646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2255b8c546d7b92754fe3d8df59f4c55

SHA1
7a270a3802c407f20e0bfbf6ead303c5c7f38ad4

SHA256
987828d74b82f5e7b9a591e4f45b0a9af68cfc46052e521fb90ef31856e153b8

SHA512
016e3bc8665e88c39603f7c8571f27bae2977ca975ac7e19c646f342c48e473bf3479b09cdddf8f7c5132a9cda28a14c7f3224064b3137e4998d01c8488e6312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8aa2678ee75de2030fd867a9aa852a00

SHA1
df14fbb6022b2a375f57c07eca731ef9d61d8b28

SHA256
69728fff5ac3e0c657edf3a89054eae197f2960489f52aa24d047808d82a0bb8

SHA512
1fe77542c04b37da9cb6b2bd71b109a12e99e326a548571612bed6ff279e792e4c7dd063e1c997c9ab3f164d9b35fa6f171010b080d2cb3995d35ef228e3c66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7017adfc9f111ff0663c227ef37b00b8

SHA1
916fe44095da06e88bf4fc8d3f6ba1e6b41e6bd3

SHA256
85330d9e35c2e89b8a68b17a6fa4d98667b5f2bccd062ac79c11e6825827ad41

SHA512
6a67a3eafc50604b0abc66f059e94ff8e858f41b02dc85613645025b8aba004bffe054ceef07b5e7837b99e0d21ee7a1ebe9cdb1bb38f80f8d7b663532f1d680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2255b8c546d7b92754fe3d8df59f4c55

SHA1
7a270a3802c407f20e0bfbf6ead303c5c7f38ad4

SHA256
987828d74b82f5e7b9a591e4f45b0a9af68cfc46052e521fb90ef31856e153b8

SHA512
016e3bc8665e88c39603f7c8571f27bae2977ca975ac7e19c646f342c48e473bf3479b09cdddf8f7c5132a9cda28a14c7f3224064b3137e4998d01c8488e6312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b1612ff907ff1dfc50834fb05d1887ca

SHA1
0e849bae1f0fef9cbbcaefee2d4ce583f2448829

SHA256
af4f3061cfed3bcb9d2cf02e49af18011c6734e3aa3bfdbe0991ea54b32a2033

SHA512
1a1eaab03ac7c919290ebd5aedde1238951fa076f331ee6bd9ace7a7d3d1b5c2ec175fbecf65b269c6bb929129c0b645d0fada3761171e0fb197f86f0697fbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a7f0641de29c90f9a03d4532fff8892e

SHA1
e2dc0955c8dba8d07567f4f3e71492dfc1473204

SHA256
a8e98c1ebc769ba7c0f6b69c86c4b0921598342c8e7f7c4a4ebce519ddc8f2c1

SHA512
fc9269cf1d0c7948426be36b749cc3cf974ef845d6098740bd54fef1101509cac5167a00d05c817bb2d0b950dd8121892ecaa9380873527ae723226dda9e8010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2c0ef2f7e54482165b5af2d397cb3e01

SHA1
f139ff00f61ccbe165bb005da10f291de8302237

SHA256
a2322371ea343bbf1bc66ed63898c8ce5731b5f3b921f8f423cb413d21d23d02

SHA512
ec53c27c5c19809f49a11b29d5dec03a6741d1c1a190c6d3bbe1a16b73ae08586f21146fa120d93f2a64078634de0a92e9824ca00aaa05754f6d4680266b0e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
0fba1cded095d1e245e571ef816e17b1

SHA1
5dbf69ff9a0aca4ac71ad3ee429e54763fa65231

SHA256
63e299716c2a202fbd8e909e47826345ccc3a8ec8fc113569d2c615dd2714e69

SHA512
cc5a4ba873c6bfd32371bcea1120cccfa5b9bc6d82a679aeeeb01c597bd2842f6f63c0459929ab256b2c81c906585a1b9aab66f89b93ff5ce5992ae72152c0de

Download Submit
C:\Users\Admin\Downloads\Compiled.zip

Filesize
5.1MB

MD5
5aee9b1a15d337d2b4aefe840cc90dd1

SHA1
11a430b1ad789fef66effaa6a3f79139be0dc66b

SHA256
06500a1a2f152b59ceeb662d7bd5bb07175bf45a9c2528b2f6de58394ada4bc5

SHA512
fa344212957dfb65f194fb220814688d748439d7ea921ad33d8c6fe6cf5b6fe04e263ff686efae17556f4a1db47069e295deedc486b8088b4d0af23fb63742c9

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition.zip

Filesize
15.8MB

MD5
18b9e23e509ff221ebb1b8a0ce4bc82b

SHA1
bacab6a415515e94b3083c4f7ebda6a82e1d4c7f

SHA256
4b649c32035e383706673ffe6471d6c711989a206d6f96fdd905dda207a5f0cb

SHA512
26091095397f3b229439bb4838f3321de63b9084beab20391a3f85fa8038836d9d0a96a44c7de1d860b182d0b072e0c752494201eb50fd36444cfe742d310ca1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 770471.crdownload

Filesize
2.1MB

MD5
d347d9eeea2744c6a266d58b1b07e2b7

SHA1
21898be4cb62d888f320a93c41c27da28f6a8ba7

SHA256
bd4fa273419e4eef08fc6a178c8df0034e9f13c7a0b0d7e742f1ee8ec524520b

SHA512
d8c5ed79190d0404f175308c39680c50b7b3bfbc7918bf39fd161ba1c43dbbcf93dd42a730876a7ee72e565ae8cbc0ce6c88efedd301830943dc9d2badf89a7c

Download Submit
C:\Users\Admin\Downloads\njRAT-master.zip

Filesize
46.0MB

MD5
6318adce1779a328fdd8e33dbca7ebaa

SHA1
00e05604d7a40efb70818e692f004066577518d4

SHA256
5cad0f0bcb8b6167a84e7b2b6c355eccee87ca741befd37fa6a61a5b82b18e03

SHA512
35f76dde85646c6a325d6ddefc7c584214fe7a42f1db453030a65d9baf75601d2c29eb39321c43573ddf7260e6f3de96812de5af3a76f9af5d97c6001574ed7b

Download Submit
memory/3440-395-0x0000000075030000-0x00000000755E1000-memory.dmp

Filesize
5.7MB

Download
memory/3440-594-0x000000003C6A0000-0x000000003C7A0000-memory.dmp

Filesize
1024KB

Download
memory/3440-474-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3440-403-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3440-402-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3440-401-0x0000000075030000-0x00000000755E1000-memory.dmp

Filesize
5.7MB

Download
memory/3440-485-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3440-500-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3440-605-0x000000003C6A0000-0x000000003C7A0000-memory.dmp

Filesize
1024KB

Download
memory/3440-508-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3440-501-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3440-400-0x0000000075030000-0x00000000755E1000-memory.dmp

Filesize
5.7MB

Download
memory/3440-399-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3440-398-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3440-397-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3440-396-0x0000000075030000-0x00000000755E1000-memory.dmp

Filesize
5.7MB

Download
memory/3440-798-0x0000000075030000-0x00000000755E1000-memory.dmp

Filesize
5.7MB

Download
memory/3440-543-0x0000000001870000-0x0000000001880000-memory.dmp

Filesize
64KB

Download
memory/3688-1494-0x0000000005670000-0x0000000005C14000-memory.dmp

Filesize
5.6MB

Download
memory/3688-1496-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

Filesize
64KB

Download
memory/3688-1495-0x0000000074E40000-0x00000000755F0000-memory.dmp

Filesize
7.7MB

Download
memory/3688-1493-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

Filesize
64KB

Download
memory/3688-1488-0x0000000000010000-0x000000000001C000-memory.dmp

Filesize
48KB

Download
memory/3688-1489-0x0000000074E40000-0x00000000755F0000-memory.dmp

Filesize
7.7MB

Download
memory/3688-1490-0x0000000004850000-0x00000000048EC000-memory.dmp

Filesize
624KB

Download
memory/3688-1492-0x0000000004940000-0x00000000049A6000-memory.dmp

Filesize
408KB

Download
memory/5164-886-0x0000000001160000-0x0000000001170000-memory.dmp

Filesize
64KB

Download
memory/5164-892-0x0000000075030000-0x00000000755E1000-memory.dmp

Filesize
5.7MB

Download
memory/5164-885-0x0000000001160000-0x0000000001170000-memory.dmp

Filesize
64KB

Download
memory/5164-852-0x0000000075030000-0x00000000755E1000-memory.dmp

Filesize
5.7MB

Download
memory/5164-853-0x0000000075030000-0x00000000755E1000-memory.dmp

Filesize
5.7MB

Download
memory/5164-854-0x0000000001160000-0x0000000001170000-memory.dmp

Filesize
64KB

Download
memory/5164-864-0x0000000001160000-0x0000000001170000-memory.dmp

Filesize
64KB

Download
memory/5164-865-0x0000000075030000-0x00000000755E1000-memory.dmp

Filesize
5.7MB

Download
memory/5164-866-0x0000000075030000-0x00000000755E1000-memory.dmp

Filesize
5.7MB

Download
memory/5164-867-0x0000000001160000-0x0000000001170000-memory.dmp

Filesize
64KB

Download
memory/5164-882-0x0000000001160000-0x0000000001170000-memory.dmp

Filesize
64KB

Download
memory/5164-883-0x0000000001160000-0x0000000001170000-memory.dmp

Filesize
64KB

Download
memory/5536-1469-0x000002A361F40000-0x000002A361F50000-memory.dmp

Filesize
64KB

Download
memory/5536-1481-0x000002A361F40000-0x000002A361F50000-memory.dmp

Filesize
64KB

Download
memory/5536-1497-0x00007FFD75DF0000-0x00007FFD768B1000-memory.dmp

Filesize
10.8MB

Download
memory/5536-1467-0x00007FFD75DF0000-0x00007FFD768B1000-memory.dmp

Filesize
10.8MB

Download
memory/5536-1468-0x000002A361F40000-0x000002A361F50000-memory.dmp

Filesize
64KB

Download
memory/5536-1491-0x000002A361F40000-0x000002A361F50000-memory.dmp

Filesize
64KB

Download
memory/5536-1473-0x00007FFD75DF0000-0x00007FFD768B1000-memory.dmp

Filesize
10.8MB

Download
memory/5536-1474-0x000002A361F40000-0x000002A361F50000-memory.dmp

Filesize
64KB

Download
memory/5536-1475-0x000002A361F40000-0x000002A361F50000-memory.dmp

Filesize
64KB

Download
memory/5536-1476-0x000002A361F40000-0x000002A361F50000-memory.dmp

Filesize
64KB

Download
memory/5536-1477-0x000002A37E5E0000-0x000002A37E63A000-memory.dmp

Filesize
360KB

Download
memory/5992-1462-0x000001DBAF7D0000-0x000001DBAF7F2000-memory.dmp

Filesize
136KB

Download
memory/5992-1456-0x000001DB940D0000-0x000001DB940E0000-memory.dmp

Filesize
64KB

Download
memory/5992-1455-0x000001DB940D0000-0x000001DB940E0000-memory.dmp

Filesize
64KB

Download
memory/5992-1454-0x00007FFD75DF0000-0x00007FFD768B1000-memory.dmp

Filesize
10.8MB

Download
memory/5992-1451-0x000001DB940D0000-0x000001DB940E0000-memory.dmp

Filesize
64KB

Download
memory/5992-1461-0x000001DB940D0000-0x000001DB940E0000-memory.dmp

Filesize
64KB

Download
memory/5992-1450-0x000001DBAFED0000-0x000001DBAFF7A000-memory.dmp

Filesize
680KB

Download
memory/5992-1448-0x000001DB95970000-0x000001DB9599C000-memory.dmp

Filesize
176KB

Download
memory/5992-1449-0x000001DB940D0000-0x000001DB940E0000-memory.dmp

Filesize
64KB

Download
memory/5992-1447-0x00007FFD75DF0000-0x00007FFD768B1000-memory.dmp

Filesize
10.8MB

Download
memory/5992-1446-0x000001DB935F0000-0x000001DB93D0C000-memory.dmp

Filesize
7.1MB

Download
memory/5992-1466-0x00007FFD75DF0000-0x00007FFD768B1000-memory.dmp

Filesize
10.8MB

Download