njrat | bc4a3e67dd760707d72e013997625924a62e35f5caf5b2492c07c712c29af40d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2025, 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe
Size

1010KB
MD5

4de9f1ab1f842add1fd7954e320a6dd0
SHA1

78b5d45556ada1286e7125f2af156bf96742f94f
SHA256

bc4a3e67dd760707d72e013997625924a62e35f5caf5b2492c07c712c29af40d
SHA512

95eb0b92b40e361246084d4364835048ba381aa21af9b3ef2d0334436933d5caf330ec45f52c7fe6685f87c022bfe259ae6eab71864f2478903d713ca2e8a53a
SSDEEP

12288:5tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaETQCA4q6A:5tb20pkaCqT5TBWgNQ7aETQKq6A

Score

10^/10

njrat botnetvictim discovery trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

botnetvictim

girtatapke.duckdns.org:1437

Mutex

36a380dc559c5de908a35bf7366d9bbb

Attributes

reg_key
36a380dc559c5de908a35bf7366d9bbb
splitter
|'|'|

Signatures

Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3084 set thread context of 2700	3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe	83

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
2116	msedge.exe
2116	msedge.exe
1500	identity_helper.exe
1500	identity_helper.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe
3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe
3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe
3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe
3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 2700	3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe	83
PID 3084 wrote to memory of 2700	3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe	83
PID 3084 wrote to memory of 2700	3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe	83
PID 3084 wrote to memory of 2700	3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe	83
PID 3084 wrote to memory of 2700	3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe	83
PID 3084 wrote to memory of 2700	3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe	83
PID 3084 wrote to memory of 2700	3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe	83
PID 3084 wrote to memory of 2700	3084	JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe	83
PID 2116 wrote to memory of 4776	2116	msedge.exe	85
PID 2116 wrote to memory of 4776	2116	msedge.exe	85
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 2704	2116	msedge.exe	86
PID 2116 wrote to memory of 3080	2116	msedge.exe	87
PID 2116 wrote to memory of 3080	2116	msedge.exe	87
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88
PID 2116 wrote to memory of 3504	2116	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4de9f1ab1f842add1fd7954e320a6dd0.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Windows\SysWOW64\WerFault.exe
  "C:\Windows\SysWOW64\WerFault.exe"
  2⤵
  PID:2700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WerFault.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c4c46f8,0x7ffd0c4c4708,0x7ffd0c4c4718
      4⤵
      PID:4776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
      4⤵
      PID:2704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
      4⤵
      PID:3504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
      4⤵
      PID:3180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:4948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
      4⤵
      PID:1076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
      4⤵
      PID:5076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
      4⤵
      PID:960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
      4⤵
      PID:4212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
      4⤵
      PID:4036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
      4⤵
      PID:3520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
      4⤵
      PID:4408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
      4⤵
      PID:900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,10692053992194397080,4622372691000442605,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WerFault.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:1076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c4c46f8,0x7ffd0c4c4708,0x7ffd0c4c4718
      4⤵
      PID:1680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\014db32e-9761-47a0-958b-1ae554e82def.tmp

Filesize
5KB

MD5
a5451b9ce54e1faac010d0c2e879e115

SHA1
eab7b9dda5588d0613cd0bd80526579d0add0e16

SHA256
419404ba5eb7d2d113d2dea70ba57139011693f21e418dd11a3f58153c03a9be

SHA512
131dd4617c44b25319b337dae631a95b04b690fca6e303d6ff722a348671febc39eacc07ade5ad4763ccbbf5cf14a693435fd647fe2dcb46292ee6ed563798a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
5fcdf17e72c1d113ac94e81bac32b92c

SHA1
2b850a07deb4cc65b06b89ccdb48eaa2781ff65a

SHA256
ad0426562e636569f0ee030df0636af1873304f22a6044fb13d765167e5e9664

SHA512
aefd4d2275a5df0acb7a6fc5aec9c9c67d6b0da1ff8bc6c30b32ef5612b2756d64f4e759659d07e324a64a59bc137e4bb18aa383079530733123b48545710aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb4da76a92ca92c2f8b04c1af264c5e3

SHA1
a25ed63203d64ec72b3d9b01ce9fa7272c3ffef6

SHA256
c0b46b70c521b910e49bda45e64996da3205669ac8e3600eea62b7e53140cf0b

SHA512
88068304f77aebf3c1ad2aae92a2a0469a22b3cab8db6cf2c094b1f29a43471447814449162374ad3b98b416921b5ba67fc708f88d06a3bb0919b5da25ca5e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
225d282b8044070a3a2789510c9ac968

SHA1
f11128ad5f1f6e5c2af6b5841bf0f3647cbc3285

SHA256
26df4c3082da4824e41754d767cb934a55610b3b29c96f426db1f2f18cd0b045

SHA512
d4687cb4a6b42315f42f6953f2a71a604065c41d5956f3f6f66b884e59b1abba218b54d1e2aaf9f3c021f0bc26bebb5535dcd446a2d1090c06b613ad5cf36c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
6239720a628e66a44a2ba70bbb772192

SHA1
1b245972a02507f38603aa548c5a2605ab6db3d3

SHA256
a97fdf7d10f03df6c7184373f6b8dfc6cbdf85d67f33c0bb9f00b25ae39d7acd

SHA512
0dab6d3a20bcda44a56644f95d17a315869c66426aad52146647d80f6eb6f86c5a373f398e8fddc0aeae341741d8cad57f2cc70f39c1aefadb11bec8e9a91801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5843ab.TMP

Filesize
369B

MD5
334ff68193d614702502f7b6dbb42f08

SHA1
c263918b9c45919b97ec81a9c108f66630efc410

SHA256
4ce8798d31e87d1acac9ec5cc762de91b5f5058c7e2fc340aeca7f9558a5afa5

SHA512
f655787b7d565677388135937e816bcf703d714d5b5dd968bddb333d93f425a33aec69b9097a9a8a4aeb6c896a4c6c5bb1c0506e4928de1792a9e106138cf9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
028c64c7325eb58a34161a7d8d587287

SHA1
580f49ab427358826bb984e6037aef565f0cda1f

SHA256
99bb61a09bf138b0cdb96cf2824fa4c6441799635da7db097fb9e5fd3d061193

SHA512
6fcc7b417a6bfbee27e89a02db9b6c91c03745a0d3614506f30885e60cf0aa943286d9ddd5eb12aca51caf368e3564d85fe596eb36123d1cafefe7c376ea5ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\autCFD3.tmp

Filesize
23KB

MD5
ab5192eae381d5ff2047f3062bc931ad

SHA1
9342d1cfb62a3ddef2987b890ad3099ba710ab09

SHA256
c2e8b3ce86974162097644e41c9f3a52127d88524a319f3d9ed4e00e035ad5af

SHA512
94993bf7495bdab4482374164fa397bce3b1867af039cbb485e2512931a940e7a155981a1195f490c34560dca91511100665ea2863badd6320c1b6dc4264e728

Download Submit
memory/2700-8-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download