Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-08-2024 07:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1Gs8EobF198PHHnDKXBLJ1mTmx2raXCEO/view?usp=sharing

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
  • Drops file in System32 directory 11 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 4 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 41 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1Gs8EobF198PHHnDKXBLJ1mTmx2raXCEO/view?usp=sharing
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3852
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff79846f8,0x7ffff7984708,0x7ffff7984718
      2⤵
        PID:5024
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        2⤵
          PID:2104
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4004
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 /prefetch:8
          2⤵
            PID:4256
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
            2⤵
              PID:1292
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
              2⤵
                PID:2112
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
                2⤵
                  PID:916
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5944 /prefetch:8
                  2⤵
                    PID:3472
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
                    2⤵
                      PID:1948
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
                      2⤵
                        PID:2480
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4520
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1412
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
                        2⤵
                          PID:5524
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                          2⤵
                            PID:5532
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
                            2⤵
                              PID:5696
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
                              2⤵
                                PID:5704
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
                                2⤵
                                  PID:5468
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
                                  2⤵
                                    PID:5392
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5452 /prefetch:8
                                    2⤵
                                      PID:5648
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2072 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4340
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
                                      2⤵
                                        PID:2348
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
                                        2⤵
                                          PID:1988
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
                                          2⤵
                                            PID:5972
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
                                            2⤵
                                              PID:5468
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
                                              2⤵
                                                PID:1100
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
                                                2⤵
                                                  PID:4992
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4860 /prefetch:8
                                                  2⤵
                                                    PID:5540
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
                                                    2⤵
                                                      PID:6064
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
                                                      2⤵
                                                        PID:2252
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
                                                        2⤵
                                                          PID:3720
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 /prefetch:2
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:5536
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,6440987491382656839,7517127564329691865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:4748
                                                        • C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe
                                                          "C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe"
                                                          2⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:5628
                                                        • C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe
                                                          "C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe"
                                                          2⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          • Suspicious use of SendNotifyMessage
                                                          PID:4920
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:1984
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:4944
                                                          • C:\Windows\System32\rundll32.exe
                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                            1⤵
                                                              PID:5492
                                                            • C:\Windows\system32\OpenWith.exe
                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                              1⤵
                                                              • Modifies registry class
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:5960
                                                            • C:\Windows\system32\mspaint.exe
                                                              "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_FakeHigherQualityStuds.zip\PreviewType2.png" /ForceBootstrapPaint3D
                                                              1⤵
                                                              • Modifies registry class
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:3556
                                                            • C:\Windows\System32\svchost.exe
                                                              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
                                                              1⤵
                                                              • Drops file in System32 directory
                                                              PID:4316
                                                            • C:\Windows\system32\OpenWith.exe
                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                              1⤵
                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:5856
                                                            • C:\Windows\System32\svchost.exe
                                                              C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                                              1⤵
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:5740

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                              Filesize

                                                              152B

                                                              MD5

                                                              9e3fc58a8fb86c93d19e1500b873ef6f

                                                              SHA1

                                                              c6aae5f4e26f5570db5e14bba8d5061867a33b56

                                                              SHA256

                                                              828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                                                              SHA512

                                                              e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                              Filesize

                                                              152B

                                                              MD5

                                                              27304926d60324abe74d7a4b571c35ea

                                                              SHA1

                                                              78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                                                              SHA256

                                                              7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                                                              SHA512

                                                              f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                              Filesize

                                                              408B

                                                              MD5

                                                              962f7ac0c58b78d2671bc88ece6e7295

                                                              SHA1

                                                              cf11a29fb433489f3790f4d81f0ceb7ca459ce32

                                                              SHA256

                                                              0b55e85db5c73401dda3a5261e1a8300344236ec300e531673b0147e128b69bb

                                                              SHA512

                                                              c758f1f2328f9b69320ffb5d1264e7c544e71907a7853a0197af936809bb05cf1192efc06a468a2ca17e474e209e59b040b516c917f9b503c823289a2a17d5a0

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              f8e188618c9b1a2d9d61acab7955d0d5

                                                              SHA1

                                                              bd66e8892b8aaa2b641313a14c6d7ebb8bd40ac2

                                                              SHA256

                                                              5f5293fce7433259cb3ce8964ac5bd1e77a85882fbb6b57454d9dd7dbe2ddffc

                                                              SHA512

                                                              19320f4b94279b88acb821cde875032c996fe38bddfbb50103b4bece678109aa83189db2fb01d98349e4d30b4f815a1335e701bef9ab6994688654eb0c1c451d

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                              Filesize

                                                              3KB

                                                              MD5

                                                              1a2c8c322c96c164982cd371fd47565c

                                                              SHA1

                                                              80fefe794323778c281ca457e91bc8b4205a0cdc

                                                              SHA256

                                                              5f127d33f99f0d4a40f4894e6952af0ef552dda8e5a45bd22e56eae3bb711527

                                                              SHA512

                                                              57b17f9f032b93148be72010b80aca52b6d0e7a4ca7ed0343497d58578541731bf803562df5808303b37949e277144d657862afd8e4b04753758a3dc9686fb24

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              6de806fec40d5ab0917c613e3f868db4

                                                              SHA1

                                                              6c377dba392871cd61c5052dfc5482e49f827c83

                                                              SHA256

                                                              d9f825e1bb0be8d34ba0eb383f9a83710fbc5aa31a6f78499cba0082b424a1e6

                                                              SHA512

                                                              eddc7f18f01af7416ecb05867500a3e2bc4ec7a6cb7a5d17e9bfff2653bc0d6c4cb94a0b5d18b708e8d855c16b528bdfb96237bd7a16fa29b2dd2b5a03bda6ba

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              5KB

                                                              MD5

                                                              0c2fa9c8eead1ca4de06f4c525f8656d

                                                              SHA1

                                                              af6299c75efb7a6213d68501eb73d0ac6431de80

                                                              SHA256

                                                              98717c5c45b7a9079c5d36b3ff7109c2f764df050f8fd12b45889388406d2169

                                                              SHA512

                                                              261ce58a753c181aad077056f0cb722eaa371d9fbb9dcccb221366ddfe285d156b67cb2a083915e8b5df662bc35800c37b36d8c581f670f08e81890a9aac70b8

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              7KB

                                                              MD5

                                                              f7f4be23e9b2341b83438d5cd8ff2887

                                                              SHA1

                                                              51f7565979b6239bc41b43b3bff572ca95cfae1d

                                                              SHA256

                                                              b5a85442905be71406d4ff09640d39f4305039ad65f8e0c80ab9f36820855cd6

                                                              SHA512

                                                              e4e9a467f8aa5377e673fd25462efa431318dd9ea4dd8361794cb91805b169846fc5c6adcbb7d2eb4d68203888034d43828cee6bcdc5909b76d70e5fec4c9b80

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              6KB

                                                              MD5

                                                              2f1967cdabcc6a0cc05719c0747882ea

                                                              SHA1

                                                              ee20afb96a0d19bd5ca062204f7b75dee1eadb51

                                                              SHA256

                                                              4ca34310632378dba99cf0fdcf4940420dbaa8cf31f4ed9267ea305394653e8a

                                                              SHA512

                                                              309926ecf35e0c035bceb622f52c9c33011c7b8b0f4397d035318e07a8ced494ec10d9ce65af932bec4519ee365d8280f759eceda5a3e71891114edfb6313faa

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              7KB

                                                              MD5

                                                              fcbadf31bbb5df721ae1ceed52dea684

                                                              SHA1

                                                              860de84e2798232ba64e0072905b77d3d2e92bda

                                                              SHA256

                                                              2ecf34e0296f1bdf84b6180c587c76d71b31138e31b7046eb65b55076dfdc572

                                                              SHA512

                                                              ecbde1352fff8398b014eaf162864f5b6f9dd646842989231cfd12718bef6607da836e4b76dc9872ede1b469bc775d15864f2499b2def20cbccaeca22bc25e16

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              7KB

                                                              MD5

                                                              0dfe0108d15eadfc870153632d8a2a34

                                                              SHA1

                                                              304b9cb18aa16f1bea830208a66ec2e0b90452cd

                                                              SHA256

                                                              d457e13a5fadcc2ea6ed083d631c198cf01cd5ada340588930abbc62ee4e61a6

                                                              SHA512

                                                              0a072215b45a516dd8e835c90e7ad05f868c042b2c1cced46e169ccc898c071121e7bf86fef914a50bf53b0d08285bd7dfbebb7824e914fbdcb9c3cebf837131

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              60859a7340cf55e0161625e32cf70bb3

                                                              SHA1

                                                              a76c7df1c242df995b2747812eb4696512ce64e1

                                                              SHA256

                                                              e11efa75a4f9222147ef201596e098fc054f54b82962e8e94299ae2572df87c1

                                                              SHA512

                                                              167bc0004d775d658302114089abd6e3e410ab0fe86aefbf7fdfbe67d6daa4521714a89d6b55814d478701d79dec02ef3b8b3cc77fc48d6c46670655f9ae70e9

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              20cacbe3fdc706ffbf5fd6a9bcf42a18

                                                              SHA1

                                                              c80a89a184b1c7371cc7f5a9b7a69c1ac92915df

                                                              SHA256

                                                              edb964b575b0cd2623fac9d01d1f8b81b695190fc691e642ab3921018bb61aa8

                                                              SHA512

                                                              a49c0e18f87cb5301a93d1364fc586b3f63b0a9aba0d8a91f8d7c6733ca6450b34231e69e882b12d9f0e3de96ca59e0af7cdc5febbc01214fb56990d14705118

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              7a21c471f07e3135f8f9575ad4d95c79

                                                              SHA1

                                                              acd07d6d507180ce169bb4b240bcf4167e2c3d2a

                                                              SHA256

                                                              5effd6e94afa71f918aa41a5817e95bb3eba10b310e045401ee9e9e4eff765eb

                                                              SHA512

                                                              7850a809538aa4617b0066c697b99b20e15939a7d1be59f911f9e3b83854c2f2914ae52c7a802859e2f30429f983157ded8e214a6dcab32d39da5c2eef86d6ff

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cf32.TMP
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              95af0fd98a9cdebfb17efe372ebe250c

                                                              SHA1

                                                              38247cbf488b8dbdae47982bd69570e5b798c9f5

                                                              SHA256

                                                              d3867d7c501c59e86b6c3573bceb4cdeb15db406516fd9bfbc5300e86cd9a4ff

                                                              SHA512

                                                              fecb294c397f8db9b0ddead762cc180d94a32b0666c3185a9318efbb4b4847ad1e574ff9a360058a8f13949a50d5f7fd43add12770ebc01d9185fbc2335ef9e5

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                              Filesize

                                                              16B

                                                              MD5

                                                              6752a1d65b201c13b62ea44016eb221f

                                                              SHA1

                                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                              SHA256

                                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                              SHA512

                                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                              Filesize

                                                              11KB

                                                              MD5

                                                              411e01f623149b270f82cef8238a2c02

                                                              SHA1

                                                              573bb4d2a0b2f7d8b54a226c9e002400b74ce7a0

                                                              SHA256

                                                              93de6909f5250db5276cc3a730cce61db10d25d11a92f9edd072be893495d904

                                                              SHA512

                                                              59bdcc7f82c1bdad3149db6da7ea26f9e75cfb2a532e6437254cb878ad33b76c08ecaf3426b59f07524536cf188922cecde46a91eb121f023e9acbffdb6763e2

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                              Filesize

                                                              11KB

                                                              MD5

                                                              7f67216834182d1297a766dbbc5c1492

                                                              SHA1

                                                              d4bb38ace6509cd2aa359abd1965d42cd9fffab2

                                                              SHA256

                                                              384091d9add7a8b7008f16c9d0701a3d6cc885801a9c40d90eb78bbc8a3def37

                                                              SHA512

                                                              a17e7480075a83ab30f0f098987f5c6c04460e4d26ece6957f3e84226e4357bf009eee871f2337bccd1c1c06e590af4cd79071c1305197aac9d6fe8da147d806

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                              Filesize

                                                              12KB

                                                              MD5

                                                              3f81fb52a1eb032e797bb3b769e57764

                                                              SHA1

                                                              e84d82510c1cb1b9ea0429fea10088bdf7faefd2

                                                              SHA256

                                                              aa104ab001ebc337c1fdb2311f07a80eb9d787ec05e79bcda4e17d30d3e5dfc5

                                                              SHA512

                                                              b60e7c5be7e9ddc558e708293645be2170fe5eae955e41a40c57318633bef33c192d6ca42877a8d7c50a3db135a200955a72bd6ac8472195147692c896dc1633

                                                              Download Submit

                                                            • C:\Users\Admin\Downloads\Unconfirmed 636313.crdownload
                                                              Filesize

                                                              10.1MB

                                                              MD5

                                                              2c752edef5b0aa0962a3e01c4c82a2fa

                                                              SHA1

                                                              9c3afd1c63f2b0dbdc2dc487709471222d2cb81e

                                                              SHA256

                                                              891846bf656253ca1cdd28584a28681e9604e2a03d74cd6b99313e3bff11daf8

                                                              SHA512

                                                              04d25fe7d40c8c320ffc545a038ad6ea458df6a8a552b0e0393b369a03b9bf273c72f30169bd54e8eb10757c04bdddf3859c601c1eb9e1a12fe4d15658906dfe

                                                              Download Submit

                                                            • C:\Users\Admin\Downloads\Unconfirmed 822170.crdownload
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              0833bf225ca2f4f13289ae6c2b26c768

                                                              SHA1

                                                              8a7c08ee57d70f7ae50eaf78225721df883ef0c1

                                                              SHA256

                                                              a6df46f9f76585a19bd18c60cd26332cf6f3117397c03f087fa48b8d8ba8cf38

                                                              SHA512

                                                              5ab580ed9d4a82696e02cd97345ac7b535f4ed68a13f33b6596f4246d19a366098d23d0b8883f0c4cf66ae369502105100624bbd0f2e16a1a3734fcbd8704451

                                                              Download Submit

                                                            • memory/4316-137-0x0000026ECCF60000-0x0000026ECCF70000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/4316-150-0x0000026ED5350000-0x0000026ED5351000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/4316-151-0x0000026ED5360000-0x0000026ED5361000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/4316-133-0x0000026ECC5B0000-0x0000026ECC5C0000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/4316-144-0x0000026ED5240000-0x0000026ED5241000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/4316-146-0x0000026ED52C0000-0x0000026ED52C1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/4316-148-0x0000026ED52C0000-0x0000026ED52C1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/4316-152-0x0000026ED5360000-0x0000026ED5361000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/4316-149-0x0000026ED5350000-0x0000026ED5351000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-570-0x00000282D8BC0000-0x00000282D8BC1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-581-0x00000282D87F0000-0x00000282D87F1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-575-0x00000282D8BC0000-0x00000282D8BC1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-576-0x00000282D8BC0000-0x00000282D8BC1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-577-0x00000282D8BC0000-0x00000282D8BC1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-578-0x00000282D87F0000-0x00000282D87F1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-579-0x00000282D87E0000-0x00000282D87E1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-574-0x00000282D8BC0000-0x00000282D8BC1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-584-0x00000282D87E0000-0x00000282D87E1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-587-0x00000282D8720000-0x00000282D8721000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-573-0x00000282D8BC0000-0x00000282D8BC1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-572-0x00000282D8BC0000-0x00000282D8BC1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-571-0x00000282D8BC0000-0x00000282D8BC1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-569-0x00000282D8BC0000-0x00000282D8BC1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-568-0x00000282D8BC0000-0x00000282D8BC1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5740-567-0x00000282D8BA0000-0x00000282D8BA1000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download