hxxps://script[.]google[.]com/macros/s/AKfycbzpusQGQ7PCcI-_961P7CHExDcL4fYb57b3WBnGWZrrugJKQkFcyrLfBE1SpEw7ZG0DHA/exec?ykudtwj76mvvw074mx

Analysis

max time kernel
298s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://script.google.com/macros/s/AKfycbzpusQGQ7PCcI-_961P7CHExDcL4fYb57b3WBnGWZrrugJKQkFcyrLfBE1SpEw7ZG0DHA/exec?ykudtwj76mvvw074mx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4376	msedge.exe
4376	msedge.exe
2684	msedge.exe
2684	msedge.exe
3528	identity_helper.exe
3528	identity_helper.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

msedge.exe

pid	process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

msedge.exe

pid	process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2684 wrote to memory of 4652	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4652	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4676	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4376	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4376	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe
PID 2684 wrote to memory of 4316	2684	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://script.google.com/macros/s/AKfycbzpusQGQ7PCcI-_961P7CHExDcL4fYb57b3WBnGWZrrugJKQkFcyrLfBE1SpEw7ZG0DHA/exec?ykudtwj76mvvw074mx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9406b46f8,0x7ff9406b4708,0x7ff9406b4718
2⤵
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
2⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
2⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
2⤵
PID:1380

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
2⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
2⤵
PID:3792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
2⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
2⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
2⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5504 /prefetch:8
2⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
2⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
2⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6428 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
2⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5204 /prefetch:8
2⤵
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
2⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1428 /prefetch:1
2⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,1669102178699021400,2464710387448766054,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6620 /prefetch:8
2⤵
PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
e69f3da48c7a39a6927d49938435664f

SHA1
65b574adf8dc82c46e11f84ae6f8c43b3cbcbe01

SHA256
0e48ac405d31311d96c6a98587a321f5d4edb244982f07e9e8bfc8c965e50ca8

SHA512
c991213501f325e49f30e6a086d01295a08d048073613a756df444acaede5bddc40a78a65fd74d1960febc670ed70161ac1e3b545b20dbbf72833bec48b14869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
4761ab6068b72f94b5706b0fd29d7203

SHA1
d277fc6303bfaa86bf08f78ab267d99912749dc8

SHA256
8485b5a57b5e00226ec63303b4c7678b2a725de860d4ba00d2934bf991d6e776

SHA512
16f00faf695f3bb6113fed8cc8292e9cfaa7ea4e3b007979535b6df7e13d3fdcecd32f4d0e64b1b75a8d469219309209f6759df07de6aba69a7e8c4b77f57923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c4628b4182b1666799c19f17a7116d10

SHA1
5f5edbcd224bfa6df866af75e5ad9c6bbe426d75

SHA256
9ab729329d15999770e63b74ef3189c2ee714f9e23e61bea5f09157554e9b7bd

SHA512
8d629ef86d6b2e50afb890fca92baa2b7bdaa985c010051362513200d5edcd2761a46db5a915a6e60f4872e1a8d43b0e969adc2a6456fef2c9a3c8df0307d768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6fd64f145012c2fc310f4902a5bdfe93

SHA1
fd9d902479ee67fb26b6e2147b70439a13317ce6

SHA256
9c150fc8b010819ae931bcdb3a538afd4d2a4e55f3705ed16aee462c37768b04

SHA512
d4face102100073c9834cf9bea2f5f68e4459a8e15c0900750d0f0d5d8a90f83c9e6ffd56c68b9591915e2674f06fb0ab6334d6d88df88c37165669e699d96c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
59e6092b06671bb8199f4e0e73e06440

SHA1
731ab0d1b03990f782f3499566a19441788e2eb6

SHA256
b75bb0990e2057e962a1a247dbd83661ea9b6e5cc6e1e288ecc0c5c8470731b8

SHA512
2191b4cc82e4c889f2ee7db08db54a912a274107a4ae9df821c21891e72a15893870a9f80a4e3630b8534b7a842508db9e336a01e8e4356917c69c1d6ec2b414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5fb5cd55563f699b018bb5b62c78f2dc

SHA1
d94575ea18725b6b79566215f26bfded3e9f2585

SHA256
67a08c971f37df8598b83335966c95f7e98708618e5249f912a433f825cd6281

SHA512
ff3ad8b5142d8fbed4c71437b5dbd1da3d539b22fb7ccf10d1e8619d94579725b81e60a5e4dfc8a85b305c764521f9736653cc62af95875d7d699b2e36c856e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d508c3367c0f375cf04a4117f1e7c89e

SHA1
bf77c57286c1fe5daf6a36d45a1f70a18e9d1987

SHA256
6074504f3efd70ffe7720538e5e82f4f05ae50a6fdedad05ae9d68eecf33cce9

SHA512
c33062a5dac3cc72f1b6a07ae0772c6acdb95a9576356180fab6fef376ed613207fbc8ee852032a5f0137e6dfd5feba4a7c2297f884c1df0d75ecb78bf5116e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bc4333f8c2273a73d9adc9d3799f82ea

SHA1
f5b4cccd082cc7368edd6ec2c0c8ce18732156e4

SHA256
908bc0360cbf8d269cc2892d36eb613dfe0c8ac20e6ce37557b0eb92659d3a8f

SHA512
ee40a319a50445fca63ba579d6443b67f8bac3a5a1792ef98ed09dd3a5974c40142be0f6a71e4066874b1244d683f2701057bd2504db75a2729268d74649105c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0d861a1651e01f3fb20d3a73d1d26ce8

SHA1
d43dfa6abb56003de8c3d1ae73f9616cbdd34e31

SHA256
1ccdefe6218742676e58c9a50ed187a008a10ba0b788bb0e184bde154a89f1b8

SHA512
0633bc6bb967b1e2794fe8e4979ce96552704eb1b2efbc39c9d726a874794e83e894dedbb71fbf0c88896f39bee874f9bc81d7be3111f600b0ef0de20d679ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d53a815912503eebd06f10840c95f00

SHA1
c0292ecaeb4c64eb9b4283b342483281c00d4d53

SHA256
f9524779b029fd371aea91c08916a7bbeef8a38b107b4d957d8136c835810d71

SHA512
16e5283084b16fd8104e17e0d2ca56294d53a187d08ee980598b4d7f76e9159d053de75e0ae01601fe868bd8e47846f946ae125c392c9f5562d3fb70aa26a074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f9830859f265996681fb62f8421f30f

SHA1
5548fdc4cde11b2f5ad02551208f3db14fec4d34

SHA256
66890ed1321a2de18ca2d279dbb151c00e18c998f0463f5082ecb6b2f370da65

SHA512
b546bc9384b693bc4b859aa2a8edbaaf7fe8a0ae9abacb26763644ab97caac9a22b447898af22a7e4bddb7a4bf225e71f7ad29ee16ae6c3ff3b3950d7bb44242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6d1db0c35aaad2536c6fdb86591f676

SHA1
9c402915840ab8f17f32abf980575d9919a74e3c

SHA256
1144672842489172d0011285ac54640cc5c25c89db89b6102d9626dc1e1ae08f

SHA512
9dcd1b21a50807eb665cab05d9b3ede93b554da26138b3dc2eee2d78641379a9864ffdcd772e8172ebabf3c0093fe646b4ffea55152fbb20957f1732d4bd8c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
caec207cfdb8a49e63fffc62cc38e2b8

SHA1
ab248441531b78a6f99652a2f71f100a183c7eea

SHA256
6d9125d3a0fcfb18bae38de7bc749e75a6312957771776ec88fc0a60dc02e7da

SHA512
0812c65632272d9548ba7082e5fb8e6e117b8fbba18fcedcfdf64f0aa9bc4712c30b6f19b0dd486ead781195c5cf01a50354f0d33c972a7ad68f68af37e90cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
bf3ff37cba1948d19b342d96b5a60065

SHA1
be4be95bde32d4aeaf36e6f865b49ad0eed2ee96

SHA256
27b4cc456697a1d2d8f9d53d35d7b03b030aa38a40d32199071a8d7c5c64e863

SHA512
153310c9d3e0cfba393c325b046a628e68d0f0b23c082c3598b14d0fe8c6a5ab8f82517f889586bf505d724fde66fcb91c04b7219911515ca4b3b78317332aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
0ec2c4cfe0889d7290e8a9c2771a766f

SHA1
4e0271bcb0674287cdf7c18aced0ebdb9675f2c1

SHA256
16d737d9a208fc8003629013eb65cc52c8bc5db13ec26531dc778baa060c868f

SHA512
af92037c21a940b62e0cd124fff724f68e7c7530f03ef53a7153e1c883a4e9a77334fcc3a755a4e71b3fbcc0c5c9c7ea5f4812e43a67d1174e9183e6416e16c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a3a2.TMP

Filesize
204B

MD5
150adaa89d485be7cb6070c8e7a4615f

SHA1
4f0264dbb3d37b522ef7e103574da93c0e80e629

SHA256
224a7ad6e9e7c9fc7f678ee1f46975a7b49f0402069785b3b36527b63b0159fb

SHA512
534ebcdca9e9d8446b4a4ad26c8a7ad377000a7276453690744c9882298a3d02a829d8b85e9c6ee95a2f3ef8cb4763e4ab2f0e9bcf1ba2cc13c94014fda969a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f54df9bd-3d00-4ac7-b843-8ca1ab68a0b1.tmp

Filesize
6KB

MD5
a7e0eb1d166f94db1a850ddbd2279b15

SHA1
05caf875755d272d91125dc94296b7e8affe40e9

SHA256
bb0e86ce2c72a7a737034f84c64ac25567838ba49a069f8d3f7eeec68a661ead

SHA512
69d6baa91fe98f3ca9db1abc32994106786fbcba5131f1b3bcaf5be7f5408a35188d75cf1d9f43258266e32f595acf6c0938ae1b673111f828d3d9bd574f7784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0bd7f259115026eff3590896ce0a0bdb

SHA1
287c03a7d03d841604e711e29fdd7f2dd469c514

SHA256
3a3742ea0a7fce2dd33ff2017a13cd2542aa674b70b0279170762573db95e251

SHA512
7d76a0736b0e1a224912e22a8005fbae404dc5d76c22ed29a18f1d8976d2fe07bacbdc15c101922a13d177e1763e0f50ab333a7e09d2afc379d27714c5963a7a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
1bcb98c95004644177fc76c2a95bea1b

SHA1
b09bb1ca63925a0aae1db319571e9a622924f101

SHA256
a562b715b68b0841e2077527d7dd81ebf08449a908a4120ded0da5891f0edf21

SHA512
a86af1c64a4efbf3dd8962dfde5ce4da37eaa0fdf3f20024a9d61356a30422c3fbc5b629fdbb753a260eb089902252115129bab6a3beb61cd167865dd1b20328

Download Submit
\??\pipe\LOCAL\crashpad_2684_FRKWWROJSMVNYOVE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit