hxxp://plengreg[.]fun/

Analysis

max time kernel
119s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2023 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://plengreg.fun/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
2020	msedge.exe
2020	msedge.exe
1840	identity_helper.exe
1840	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	636	firefox.exe
Token: SeDebugPrivilege	636	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
636	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 4384	2020	msedge.exe	47
PID 2020 wrote to memory of 4384	2020	msedge.exe	47
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 216	2020	msedge.exe	89
PID 2020 wrote to memory of 5108	2020	msedge.exe	87
PID 2020 wrote to memory of 5108	2020	msedge.exe	87
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88
PID 2020 wrote to memory of 4512	2020	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://plengreg.fun/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe51de46f8,0x7ffe51de4708,0x7ffe51de4718
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11712491594310357392,13326422227476338803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1724

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.0.1246873860\1560387148" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01d9a817-b179-459e-bcdb-1671ab441d43} 636 "\\.\pipe\gecko-crash-server-pipe.636" 1960 22dff6dae58 gpu
    3⤵
    PID:1644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.1.332013234\1317111332" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7c32da4-eb23-4009-9576-c350b31477e7} 636 "\\.\pipe\gecko-crash-server-pipe.636" 2376 22dff1ee458 socket
    3⤵
    - Checks processor information in registry
    PID:3136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.2.1183993389\1887464868" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3060 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb05fa56-71e7-49f7-a0fe-4d53e5e0d132} 636 "\\.\pipe\gecko-crash-server-pipe.636" 3056 22dff65a958 tab
    3⤵
    PID:3328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.3.675561137\265799113" -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cf801b5-0df5-4df9-85ec-71fb1a912c89} 636 "\\.\pipe\gecko-crash-server-pipe.636" 3612 22d8b5edc58 tab
    3⤵
    PID:3728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.4.916573341\462256772" -childID 3 -isForBrowser -prefsHandle 3780 -prefMapHandle 3772 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c173ab9-ffa7-42db-bd1f-27fd6d9d19f1} 636 "\\.\pipe\gecko-crash-server-pipe.636" 3792 22d8b521d58 tab
    3⤵
    PID:3192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c81518b9914b36bc30d86133692c69b4

SHA1
3f4dbc0229227cf32684ff3378eb8f40cd725bc5

SHA256
585a8ed3e314468d8870f5f46e395b1fd7c927827bf2878eb828a7d0efad0f4d

SHA512
74f7058d008a56e806535ec2efcfda9022365217f1b85af7cb0d59cdf8ca0d6a75c58034ab143bf632395e0811bc2c755728a5afd81a721a55e108f8d49bfce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d78f186b675a6354208e9656b13ed21d

SHA1
473a15ac40d3055535bd2c0b5618c27987be7977

SHA256
8fa812d9f0af152b8fe1d3d848eafb6cea5b7a4245697bba0db09ddd7da8a99f

SHA512
b7bc8652fd1c1a970e5908cfa97c2272e4d5c763a868a453bf215dc8814fe9895b0a83c91bc9ad2b4b27212d19068861fc50ded7d189abd8fe66304945279a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
400B

MD5
b654ca2fd267f1134bdef312d2a66ec8

SHA1
9c93e9646954c8e4e2d7062fe475f5476ed56af3

SHA256
545185c46dc6857010572c754795861aeb9e0570e154fedf4484bd49aa475786

SHA512
f9dbf300d20ea7424f192f31144c1f83ab13d7e0e41b90d83a8010c13c9d5a4b57c2f237ca978fe9a850a175cfe6b77dadeac67b396a3878fc46e814148f3271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c62cda071dcc7cafdf1048e9aa4bc44b

SHA1
8d0d5b9f2eecdda447c2af26e30845351b4db82a

SHA256
2691727f17632ef6b3f5f8c746bdc494b3a4da4665031d22cc2ea34f83eb5700

SHA512
62d90efa284488ee23924c2f28d88a2bfd41c768222807f987e771cb1bdd2399f483709854745dc5d8a37f8996877f7eed1d9e6e211d17306b403e1ad1cb5812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5724305c6afba30ee24b24020efd24b0

SHA1
00e1b75308316d759eb7592b64d45048bac5d71c

SHA256
8080e61feb750b41f90fb39a7e589b8ce8d0ac4d79edbe058ea2aa81c918a997

SHA512
be2c50fbe81bced6921543004a16de85106bbc254e4d3d41aa6b000d26e44762542904acdef127fa2854fc2364f2dbaca6b44ea264c433fd39809104d2e2638e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f711f3ff43c4fe6faa197d699ced4260

SHA1
7f1c0c2f0b8824662ed976cc819c69164253c126

SHA256
1088b63eafe3471a2d4b636eb45788540bf48a1a133f04779c3b63f1ce99a1df

SHA512
9b17aecd013cbac03ca2ad9ed4e428cb08bf19662bbe37f7296615322e576674885e6ee13d593f5077aed258f0587e2c1b35a71c7db42d6f5a094a59e48ba5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d920052657091759fd2c811001b5f56

SHA1
8d777cdd59407258d12fed88539c55d3c68a390d

SHA256
36daad7cd82af11a66a3e5950faa63d952d0d5be45bc0ce62c3223aac7bc7397

SHA512
a44010d7991d2a573b72cfe5bdf9476a80dd3f44c37cd420c6cbb34f211bc43d6da2eef707ecad57c73c9914c36784dcc506ab66ee17aaa9c341c7611e65499d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9619d46ba70e591cf6bba762d8fb4a39

SHA1
487e073adf58990322677abb4889a2a1fa117353

SHA256
fe18466934d2b75195ca09a2bee0ea3fc27a9c2b558509fbce550806fc4d3cfd

SHA512
0ac94e03e39a01a2961f12d989ff2804c29648ed05b76b635c46485aa292182c6f370c658df0d4bc99687d3f63ae9d5b8b9c83f9783c502c7815f467327dc237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9c783675e799dd6c0cfa7db046648a09

SHA1
20b2f3e349f04d83819e6ddb56028aa2ea800a19

SHA256
65ef279465b13bdf8d618e98889cfd8f3480dd4a123410e86485f4f6589f171d

SHA512
0f6f326a794edd2eaab562526cdb84ab14d5c5d3fc6ac468ea8bd5a09eff380552e9732d2a2198081631f983530d5522eb1f0ebce71148a35e933484d9de3b75

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\err804pm.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
bb5e1ef77cd88986b1bff4ce98d29179

SHA1
23cf54472b8317f0c5b45952b5790f535b408328

SHA256
be2cf93b40c296b745d47e4896505d66f6f3c11f96de36d7722678eb5b358329

SHA512
fbbc0d0c42511682f1025fe425807663eec73cc18070996760cdcf814ebaee913f97c5ff896d5a2074807d6d0a87447ee6f17c72ab1277e00bde0bc2fdc1652b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\err804pm.default-release\prefs-1.js

Filesize
6KB

MD5
4807b49c0c5a785f03b72759b4e4231b

SHA1
089f6a9874b4de8e1fca59059e3d76dfffb9afa9

SHA256
aaadfe9641b0ffca54c5daf91ba7f10be635fbbeb11aa2f7712a6369e75fc800

SHA512
61afecd3f1b2ab1c4c707353643d91e71a1698b087495b2e15ce005fe3883231f8f109c55973113dd128cd288b19d4d2ee0f6a78412a516ddd2cb009e07654e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\err804pm.default-release\prefs-1.js

Filesize
6KB

MD5
22f1be6b83fee791ed0e204b2e813da1

SHA1
88cc76f1dbf9d712d8c74aa9a6d36d84df6be914

SHA256
e641534310c41e8cd8555271197ea1fd50cee01b82617e3c49bc9a8d0ee2826a

SHA512
bfbd56192fd7058e5dcc5378a2af38d0ecb523887477711208aa3715e85413291dea9028e717c7ad637d15c1dcd949eaf18a489702c94438d76d0272b27f8931

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\err804pm.default-release\sessionstore.jsonlz4

Filesize
885B

MD5
329182016e876efc9cd87927911ab44a

SHA1
f1d416b0139d73f26310c611cb81a4f0a1c9569c

SHA256
c5aef441c405d71354ec4fb5fa4ba2f2d38a11613fe5ccea8f69b175999ae861

SHA512
2a327f0d9fcf29b94cf6f8d26f0b1154b22c914ac654655d51ed9c8f32e7b95165aeb2e893e16398b5cfc97fd0c092b2edd19552cd8d6627f72ea0170d7fbd03

Download Submit