njrat | 128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480

Analysis

max time kernel
186s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2022 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe
Size

83KB
MD5

bc702cc32a4b9991061713f237109c51
SHA1

fb5d4a93ecd15cc4ba88d467ac15ff1de694774f
SHA256

128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480
SHA512

ab862328f7a202e578dfce6ddcf749fc66a8f1d02f13b17ab76c7b26876370c8fc2140a890a0bddfd7bdfd1a8accc3a119561fe655cfeb7939808802d59b960e
SSDEEP

1536:iRC1AczgD67rpXxso0+HRrlzFQ7/4wWUpa1a0NfqytDjf:pxc67lXi+Hllzq+j1a0NfH

Score

10^/10

njrat ddd trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

DDD

frankooxyz2.ddns.net:48443

Mutex

581153482cb6003050ef63cae0773a6e

Attributes

reg_key
581153482cb6003050ef63cae0773a6e
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of SetThreadContext 1 IoCs

Processes:

128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe

description	pid	process	target process
PID 1428 set thread context of 4432	1428	128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe
Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

1176 msedge.exe
1176 msedge.exe
2116 msedge.exe
2116 msedge.exe
4248 msedge.exe
4248 msedge.exe
4248 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

msedge.exe

pid process

4248 msedge.exe
4248 msedge.exe
4248 msedge.exe
4248 msedge.exe
4248 msedge.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msedge.exe

pid process

4248 msedge.exe
4248 msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

pid	process
1176	msedge.exe
1176	msedge.exe
2116	msedge.exe
2116	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

pid	process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

pid	process
4248	msedge.exe
4248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exesvchost.exemsedge.exemsedge.exe

description	pid	process	target process
PID 1428 wrote to memory of 4432	1428	128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe	svchost.exe
PID 1428 wrote to memory of 4432	1428	128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe	svchost.exe
PID 1428 wrote to memory of 4432	1428	128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe	svchost.exe
PID 1428 wrote to memory of 4432	1428	128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe	svchost.exe
PID 1428 wrote to memory of 4432	1428	128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe	svchost.exe
PID 1428 wrote to memory of 4432	1428	128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe	svchost.exe
PID 1428 wrote to memory of 4432	1428	128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe	svchost.exe
PID 1428 wrote to memory of 4432	1428	128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe	svchost.exe
PID 4432 wrote to memory of 4248	4432	svchost.exe	msedge.exe
PID 4432 wrote to memory of 4248	4432	svchost.exe	msedge.exe
PID 4432 wrote to memory of 4636	4432	svchost.exe	msedge.exe
PID 4432 wrote to memory of 4636	4432	svchost.exe	msedge.exe
PID 4636 wrote to memory of 4760	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 4760	4636	msedge.exe	msedge.exe
PID 4248 wrote to memory of 4984	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 4984	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4248 wrote to memory of 2424	4248	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe
PID 4636 wrote to memory of 1088	4636	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe
"C:\Users\Admin\AppData\Local\Temp\128fb9d8299a5c35f381b45e78e30cb844cc4e356dbe9908d360df89ef056480.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1428

C:\Windows\SysWOW64\svchost.exe
"{path}"
2⤵
- Suspicious use of WriteProcessMemory
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffba71846f8,0x7ffba7184708,0x7ffba7184718
4⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
4⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
4⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
4⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
4⤵
PID:1800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
4⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5560 /prefetch:8
4⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
4⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
4⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,6252823293093220947,16622442844490893958,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5780 /prefetch:8
4⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
3⤵
- Suspicious use of WriteProcessMemory
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffba71846f8,0x7ffba7184708,0x7ffba7184718
4⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4415653423824408689,16384239981032918618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
4⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4415653423824408689,16384239981032918618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3272

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
471B

MD5
6181e4e33ee379d858217e9e3c32d74f

SHA1
f7ae858f7037e536203cbf1704d2a431b6f5f059

SHA256
14844456416b1ef58fdff151b4cd0968ae95acb524ef369f225bfa0991e08a6f

SHA512
d4196c5178acfdfc1f176bb21166f5974321e0d0550b44330c2a2dabc7b3e56521eaaa10e1cf5731e8eba4d82a7e722b658bad8154cd06afab4e8178e5611eca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
412B

MD5
e8f4a398bee127bc9b767751445c364f

SHA1
d5d643857fb6c554488c127dff96216830e9f3c6

SHA256
1e086d2a00f0aeeb41b6036b1b47eb049928875fcae53a78f2dc09cf4229c8c3

SHA512
48c2795c7bebaf9a65fdfefeb0b58ea19223acb6a062096ecf1e2ed955dbfafd272f8d15a3be87606f3372456cf155184af2eeb7fd812b5efd79dd1e58f3d1b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a58a7931227f93b9a54bc982c0d99582

SHA1
7591b129f025f2003039a81830b9cd5d7043d3e2

SHA256
a6751ef5a8d88960e0fc22e205155f766e840d13c46c962166f35e3bf8367ac0

SHA512
24eec66ba6b79cebb2b920cdad34f9b68fcc9503a2e4bc718ddf3d39b8f959ee1c7b0e73079b31a0e8acc98960fcedeb7e49f38b8f5036aa21294048f7f1a79b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6102471af38b45f30decc8db2f59a8e2

SHA1
35428c52f58b3a35d5028929b6298d6b95d6bdec

SHA256
57e3a5210c5872fc5d56b4111a4d07e512ef54a79128391084c167c101a9d7c4

SHA512
1040720fe63680c7a17ced8026e3a2e31e0e73066bd0c3d74e5cd4a19c0e6f23dc30e0a41f62d92c0b9cc9840895ece4b3d36a200816e400feec49e54599b3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6102471af38b45f30decc8db2f59a8e2

SHA1
35428c52f58b3a35d5028929b6298d6b95d6bdec

SHA256
57e3a5210c5872fc5d56b4111a4d07e512ef54a79128391084c167c101a9d7c4

SHA512
1040720fe63680c7a17ced8026e3a2e31e0e73066bd0c3d74e5cd4a19c0e6f23dc30e0a41f62d92c0b9cc9840895ece4b3d36a200816e400feec49e54599b3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6102471af38b45f30decc8db2f59a8e2

SHA1
35428c52f58b3a35d5028929b6298d6b95d6bdec

SHA256
57e3a5210c5872fc5d56b4111a4d07e512ef54a79128391084c167c101a9d7c4

SHA512
1040720fe63680c7a17ced8026e3a2e31e0e73066bd0c3d74e5cd4a19c0e6f23dc30e0a41f62d92c0b9cc9840895ece4b3d36a200816e400feec49e54599b3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
213d0954389a12333d38c1bf4c914c4d

SHA1
2a97c33114b5d0767bb76972ace964d9c19386e9

SHA256
1e811e43411cb252209e1e3f165a115e6e37387ac8e0cffc303798650b11bfc2

SHA512
e547600f20b323c226e0d81067332e432852b666fdf11a65f90738b21943e6e6290902d66bbde64e3b468e55f4928b7d07adc16da90e2f933cda3415d01057b0

Download Submit
\??\pipe\LOCAL\crashpad_4248_NAWFIEBOGKXRVUHC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4636_KLYTHHNHMBZHPETA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1088-148-0x0000000000000000-mapping.dmp

Download
memory/1176-150-0x0000000000000000-mapping.dmp

Download
memory/1428-133-0x0000000075100000-0x00000000756B1000-memory.dmp

Filesize
5.7MB

Download
memory/1428-136-0x0000000075100000-0x00000000756B1000-memory.dmp

Filesize
5.7MB

Download
memory/1428-132-0x0000000075100000-0x00000000756B1000-memory.dmp

Filesize
5.7MB

Download
memory/1800-159-0x0000000000000000-mapping.dmp

Download
memory/2116-149-0x0000000000000000-mapping.dmp

Download
memory/2424-147-0x0000000000000000-mapping.dmp

Download
memory/2492-171-0x0000000000000000-mapping.dmp

Download
memory/2500-163-0x0000000000000000-mapping.dmp

Download
memory/2672-157-0x0000000000000000-mapping.dmp

Download
memory/3628-169-0x0000000000000000-mapping.dmp

Download
memory/4248-137-0x0000000000000000-mapping.dmp

Download
memory/4432-135-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4432-134-0x0000000000000000-mapping.dmp

Download
memory/4636-138-0x0000000000000000-mapping.dmp

Download
memory/4724-167-0x0000000000000000-mapping.dmp

Download
memory/4760-139-0x0000000000000000-mapping.dmp

Download
memory/4820-161-0x0000000000000000-mapping.dmp

Download
memory/4980-153-0x0000000000000000-mapping.dmp

Download
memory/4984-140-0x0000000000000000-mapping.dmp

Download