hxxps://drive[.]google[.]com/drive/folders/1SZDTpSeEH1AJr8F71wv3s_2MwTB_wKFJ

Analysis

max time kernel
445s
max time network
447s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-09-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1SZDTpSeEH1AJr8F71wv3s_2MwTB_wKFJ

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4488	msedge.exe
4488	msedge.exe
3612	identity_helper.exe
3612	identity_helper.exe
3644	msedge.exe
3644	msedge.exe
1008	msedge.exe
1008	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	3824	7zG.exe
Token: 35	3824	7zG.exe
Token: SeSecurityPrivilege	3824	7zG.exe
Token: SeSecurityPrivilege	3824	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 544	4488	msedge.exe	83
PID 4488 wrote to memory of 544	4488	msedge.exe	83
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 1292	4488	msedge.exe	84
PID 4488 wrote to memory of 4220	4488	msedge.exe	85
PID 4488 wrote to memory of 4220	4488	msedge.exe	85
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86
PID 4488 wrote to memory of 4168	4488	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1SZDTpSeEH1AJr8F71wv3s_2MwTB_wKFJ
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe15eb46f8,0x7ffe15eb4708,0x7ffe15eb4718
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1996 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5452 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,602729321692095915,1462244933083197047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4368

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BlackStacks\" -spe -an -ai#7zMap2459:84:7zEvent9722
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
25KB

MD5
3209f0de4464a04bd57fb901ab54a013

SHA1
2881d2b7690986b80f2bbfce7d09c844db31c0da

SHA256
bba64a3357c9b3e0c927c3fc328eecab84a001572df83121c4bdb3ab5baf69cf

SHA512
21a0056b84d3484efd74f2ccf06f3b3d7c8236b7eea55f45930b3fa87ffa105b8c025455e6113e8165b33f68f1e4090a6153737cdf538cfcd5a8a1cfbfdf4b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
254472802b9108ad6332503cdb5f245e

SHA1
b2a67099de4af4517a9bab3a2b19cb23eda8de9c

SHA256
5fe67574f2b616ec62edaf799bb6a8281f4f00c724912c34a95321a726833493

SHA512
20afe6fd4e9cf6233d4626dcedd112912a2236b0acab62dfb9559fa5f0b3b2037c63d197446c83ef6dfa15e85852168d9eb88666521ac56e536f763a53805980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2524e34e5bd3f3ea4ec5556a3d68a4db

SHA1
7014635b4a612b0c14c5373b3c643c4163c663d4

SHA256
1fa0ed2883800cea13bda1d1aa7468faa5cbcc4011be62ce19b8430584849b06

SHA512
cff803c8dcdaf8ffc3e4d2826496e7640903586083b4aac0b000392ba73ae4ea290815340e3b9156f0871c3c3fa7d9807f6521d83fe6024a75cc7b997e4824f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
634819d17caa1735443c4aadead3c16c

SHA1
365fba381012a4dcf6c2f662523dc50437df068e

SHA256
93077f4d3d33f60cf4cb74a53c9a0e8eec321c40b9ead96deb90ad95001c375c

SHA512
5f5c2ffb8125c44155c83b3b77e745bbc76f4fffc9e0d30312f57a696d78239b4ba0f73a1e4c534d921a2fa2537434dd81f3912256053e1ead899cd6eacf375e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
119aba0a5f172d3ab0011e333006b24e

SHA1
b16b8185473ce21ae8f6e01b6bb47d38e5cc4ea7

SHA256
1a616b469a18d3e074e75ab95ee430ca20e3d4d90c563ae8c34ea0616d8d5b75

SHA512
87c62993bcad513031707617a71c7549759ae3f6fcc3387c231bddefc55f1f0641e44fbffffcb905e9c9b13597023bc5ea7255619197506c460635356c664817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2d6df95d43c1661218a3c604fcb82311

SHA1
86c083abfdff0797c328cd00f3d38d6a2ef87b61

SHA256
f7a3ec8d1aafe6c70d8d315f06814ac7a60a6261faca0b8390837c3b075417f2

SHA512
f766c938eb2edfe3bdca21232d4416b871bb994ab64b149e1c31b40d49f3cf43f3e29b58f6686614d415fb06aac6f2133559f0235c8bd3fc652fc7f2d481cd55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
acdd4488d77f48568a7061795e1ce330

SHA1
c037552711553767929f7b9511a57e42b9bb0aba

SHA256
67670546a14ea0b7e6927286fb9de547507585534c52dbcb0b9642eb11730f2c

SHA512
88bfc497a7ca25dae2d48991150620019746afc31cdf4991c5c164e85086247448b260c60c7dd9d2fc68161f9f84053407bcd1d582607df8afde8d507f291572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8a32726dd863b8ffa64145f4425d7d0a

SHA1
03c7f4e6cf999e77dca723d71893bbc45fa9c3ee

SHA256
e9daf3ec15d55c77fb725d826341ae9fd4a8bc0e0eddf0eef9eda3ed837f9dd4

SHA512
42fb0497426ea3e428354d0993c2a9ffa80f52c803d119d91b8659c12ad33cf4cb571fe8ee107091b69aafd1cc63a9c65a3be29bbdf3fe8af094a359e1f2dda5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe1dbec2d2c2fe4f4b974af64826f728

SHA1
6d782e76bbb88fbba2629c1541758ed29dd81e64

SHA256
157e564eb8778dd0e506e553b11998b0bdbdf7467e88c2ac4e63c0224bf5bd43

SHA512
f0350af106998d0086aea327bfcdb01b4d1161cc7de88e1ec13aa56a949a03b0998ba7111502c0be922a2a4c3a5ca73efddef706cbfc514ba3ffa3090ce424d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b3c6c4ecb2b30d0fab83630bdc47f66

SHA1
aed34643b172ffbf9a4dd49f46bbad9d2943d8da

SHA256
200c3326fcfcce6d332e957b4817dac1ecb0ce8bb938461467257d0f43cb8d31

SHA512
c4b5a3039875e0a28e7b66b79db6276c73488a5932b32a4992a12c19bafd0549ffc9b2bc0a83c8dab34b5d195022d71fb3702710070f1ef893d3befd3615046f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0b5211f66863342287bbba249adabfb

SHA1
063a36e0e6b7adefaa636ccbf3f137ff050b0bb1

SHA256
f28304054df16f77f3e9ece8cbb94e18368dd5610a9586b76075ce79466328a1

SHA512
2b692933828f7070e64af54c3d0cc95f9d1e32312305060e8602821f047802281ae6c7be706e7feb8f645f1deb12e6c5cfc8d035ef109182c28d5138732eedfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cdb59eec9f6a22387770d9eaec276f1c

SHA1
1406c8083f21ec873d16bc288e29ebd183bcfa6a

SHA256
d268b046477de1cadea0bc227b7fa6d482cd83972fe46d1c78a8fd00259ad0b2

SHA512
e838a7b99e200ae5b59b163a531d89329fb9f3996168b5dd08c6ad476ed0097a8e462139b932c885c0dbfe9880920b3abe3bdf0b45069f3a045dce6e21653b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
adad6e181afb493a9ebcf1c339471a7d

SHA1
52c94d5a19bd5e26701ec8814dc93ee7d5327422

SHA256
e21bb35010ea57e7f2293fa95a45872c9e11ce19f494d1eab07960d0cfc4b0e0

SHA512
747a99ab62a386a6654c5f651d2b051974164614f460cc4bf0456ecf9339679a2a3dc515f47fc83bd0b1c18687c2fe9662449beb6a52320cc0e32b04c806cd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e7d41becf4f0fc6edf3b59b8d4537c2

SHA1
26ca583bde69d388728c8f798c7432923f1db81d

SHA256
c563172e5776cdbb8d36a1e3542936439ef2343e3e60217ca5f95301216e0142

SHA512
223c0b7d97ed8453d6d28ce45d402549522d086d64f966651cc7ac32472a8bfc298743d78a696ff683afbc174efc4a50e58016928c7fce467354ce96312c2d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6805788315dfb122b452f3fc8d1333d9

SHA1
bdf9cf183736e131bfaee3813ffce1f71e4fd7e0

SHA256
a9e33b188382ca4926c1df9a854b3a508aa1449163d0868e3dd4ecabc51ca0bf

SHA512
369fe3ed0cc04de34dc843b28417d91890c9f9a5f4dfdb703c070320cbcf3ba697d1ed49bce944b56f29979e4cf84efa105555902d6cd6cee191f6ab8c8d8a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
263377155c235b79084974034f15474b

SHA1
5356ae293c76dd83e0822ef2df080d21aa26aff7

SHA256
3f86d99e547de534e2423c945854cf0254198e4a0c228e4dc000724590c9a0d6

SHA512
d58774cf8ff8e3d56a8fd6d69d40058d904eb325597bd2ce919bf9e95ff5f4dea159f6a20f42287ddd6b597b64ae6f6a15565512cb5760c159c10bbb272e0b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
56fbaeb808fe96695e8c09a64c6e1d0f

SHA1
cf59720cdea31ae0e98a3a3eed9bcf7daeb830be

SHA256
f97dae13798ab5fe9ac73d9d6a37a14953f572544d95e3c0b5af78ba94e5e340

SHA512
0d43fc040d57ba0486b41b3a686241961fdc8f571b8575a12ca4edcab161614a834cd8b671ac23709f353df6a8da2f5dd7db3aac9e14f5fc822d1e25a57dbedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2a90b3e5c951cc5d941df9511dbff371

SHA1
88508e067cdc429ee36a7aadb1004e7bf519e6cf

SHA256
b774f021a5646561b58c35c7ab64a338922763f199fffc0af41a9bf00ccb3ede

SHA512
8fac95a50a857e01a0e3622fb349e50dab19e56f70909b424755182d93f4588483766cb0fad30466b82581be6dc3853cd005a51b5c55bbc03e2419aaa195790d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5e0da5e7e48b951356cb2ddcfb4db7fc

SHA1
5e3fb09bf544134b9723e28fb3af101b9b128796

SHA256
5fefdd4c5e93f6b22617b569194cb6b25a932dc40e5571b76a0bfd32b43969b4

SHA512
3bf5eafb4f4afe52eb5730c1dea823ecdf9ee780a5d734db95e80a341dc6eedb5c206037894fb265c73f6b7f5956f3c5700769265432247fd64132efe09cf2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0f553d8c1663a1b023cd8b111450f1dc

SHA1
ab5851dee0fc1f5780ad2afcd28b62607ccbfd82

SHA256
9eaf6865a73016149b24e20995cbf0cb44a2b3b2bc54dc6323864aa06183683d

SHA512
38b8d57bb0bd5b80e1c2620b909192a91cc4bd716c2bf7c3f30473a073047a415dbe799825f3ebeeb62779875906bb3602df55ae8ae4e9b3c0016ce64e65b438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ba41c8583ed1763530cbc538e3d11b9

SHA1
48465950ea951029ab9515bf1023ae4d2d975de4

SHA256
a42d98ac279cb664b59a8a3647ff950bd1cc543d8f5eb62a79a5d420d75600e3

SHA512
095e05912d4ac69a62e9c425dcfe89b1c02a9b3cd755958fbdc2d06e785e11a8baca0c772a5d7fefb31bc28af56648b2ea701b3c6a7b4b07cb8028abc31a1408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e167.TMP

Filesize
1KB

MD5
7123426bdde197ddfd463d4cc9bcb0ff

SHA1
9aa61e0fa348ab04ea7c7e905cb22d0ff5f932bc

SHA256
0c642b72f9dede821e4dbcd878953a3b4678805f79e599b90242c24708d71bd2

SHA512
20d49e22877038dbcc561a04c5e63d150606e187f36d31ebd5198ee23de85cb40863745d22fdaa44631943bdb05b8fad129f5b511461a67bf887ffefbfdbb91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
991d729e2bdbd63391093704ccec761f

SHA1
6ce1d0c1d3975a411a63d5d148be5bbef91cdab1

SHA256
4249b2f62bd9b585388e934be441aad8d4f33c6cb011c7f672eb655aa88dcbac

SHA512
3a0cbe2b6867a25c60fa24799db53f4faa7720e16368491379e48337924fb3bb1fba29563e0e697e38ec66e56510dfc69012aa3a5b7989bdde141e8231315a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a583e4418a46dca82f199dd9aaa556b2

SHA1
157163e04684c456dda34f4d4b318ffb015075e2

SHA256
7f56f2dd399e60d362fc2c9dab2e638fc736b37ff15dd13f34ce4ceedbe50ae6

SHA512
fdc88e794338571ee3085d14e2fa7b1843efc8414645f25bff78fc2e5d66abf99d5afc346cb7dc2a2699dbc9c1b4c1b46a684b57f10a4777d5f18e904561a8cc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 379679.crdownload

Filesize
665KB

MD5
77ce183246704405ca6ff3a43b044885

SHA1
0aa0a7a7e97469d08f6ebab32656a1257876a34b

SHA256
6d39f64e9a07c48e06ae7a6ee480d9ed85115f3cd883c7f3ba197b6d6da00754

SHA512
2756ee0bcfb414dc507b6e88404613c25ea52007a396fe9268e9e8fff691916969438ef9016c021179493f0da0d4e4f0658e5ccedbcead2dae4d65b050780295

Download Submit