hxxps://www[.]downloadcomputergames[.]net/2021/10/spider-man-3[.]html

Analysis

max time kernel
1680s
max time network
1684s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.downloadcomputergames.net/2021/10/spider-man-3.html

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	Process
1716	msedge.exe
1716	msedge.exe
3880	msedge.exe
3880	msedge.exe
4300	identity_helper.exe
4300	identity_helper.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 3880 wrote to memory of 1704	3880	msedge.exe	84
PID 3880 wrote to memory of 1704	3880	msedge.exe	84
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 212	3880	msedge.exe	86
PID 3880 wrote to memory of 1716	3880	msedge.exe	87
PID 3880 wrote to memory of 1716	3880	msedge.exe	87
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88
PID 3880 wrote to memory of 3024	3880	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.downloadcomputergames.net/2021/10/spider-man-3.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b18146f8,0x7ff9b1814708,0x7ff9b1814718
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15573249815831196324,677337981450474724,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x30c
1⤵
PID:380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
ab5eefb7dd9bcef4375ff9506d8740db

SHA1
d6cc17e880b70909b1d6f04d880e9d485d704e29

SHA256
3958cba573433f7cccdbabc09a6c1cc16a75ffc6738c432be3fc97791534f259

SHA512
8425d3e781a7e0500e3d834fe7b40aa0f645735e993d2f4491d7b3cca73b8a77e513ceaa42cd7f81810ddb7d0262b65a3f638e6d20a81d80571aaf79c1efc3ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
25KB

MD5
e29b448723134a2db688bf1a3bf70b37

SHA1
3c8eba27ac947808101fa09bfe83723f2ab8d6b0

SHA256
349cc041df29f65fd7ffe2944a8872f66b62653bbfbd1f38ce8e6b7947f99a69

SHA512
4ce801111cb1144cfd903a94fb9630354bf91a5d46bbbe46e820c98949f57d96ec243b655f2edeb252a4ec6a80167be106d71a4b56b402be264c13cc208f3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a7cbcaf690b07180e6923a9810c023a3

SHA1
f3b75d7e0462f01382ad145aef706f2ca1c59239

SHA256
3a4ac4fae799e4411e68f010d3a1e28bf5b469382ae48aa0515886ed74d2d5db

SHA512
4646efd11720fa4c25078cc2bc8db6fca5960f6645ad5e04da0b18944676e782092a20760dba9ca2c437be81b84a2c1651c681e6cbc1a61ee0349fec2e0697a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
737ab249b1b684664097d87c3486fecd

SHA1
901c3902f6007f14e0931f847c3e1cf35ee09329

SHA256
6987dd87da76d2235e1e6afa46f14c98563f98e5f0d42941c7366f22bac1cae8

SHA512
eb650de51ad0cbfc7ffafd69b991bcf6584da169fe8653366da0a9bd04c996b802a582b066a22faa156345dd48602a830dbc46494ffcf5910fcb6947e533c1b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
d72ae5e8647e8651421d6289fd97dd77

SHA1
8567944f6785a6256584fc51071092f10cbf190b

SHA256
93aa500a5e2c2dab031514ce774073c30de7d1ed622d34eae286d72d18384cf8

SHA512
7854cf6ce62d6ddbcc6231a57ff05428fda1455834d4cc50dffcf50ea2c3b7c4a87497bbf7cc9afbbc70ece86786b401c26def06df0bd61cf536f5709042c422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
563445f0104471c87a55cc855ee4b20e

SHA1
68410eaba6e82c880658e82503a3b2af8722e37e

SHA256
b52c3945766392ac761745dda6831dc1f992fd0e2c10f8b9c1e726b53e8fcd00

SHA512
60c8c5f39252830e3af039183e8b58420fe96c0b44e26900e1ad4b4707010f6d13f14f6965cc176f12486f694debbf0ddcf6fb2433167fda832a4ce7595ab814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3b49a06942525c06ee74de98c7c660c3

SHA1
cc8e889509a9dcbff0c214803380eb7b44d4d4b6

SHA256
a1354f685c3f3fec5f88f50a04bd0edff7b38cbf9a952efc98209103e9353d51

SHA512
b60b1f1f44e95baf8a8220e9fdd9a60a2bdf479cd2d469a00fd4bdb1092e82176cd893f303b88953889df01a700f7d103c65d275c6c0b55d47bffc7a43171663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7a52022e1de99431feaa9dd41b965e4c

SHA1
cf7e1bd9019e9d3e2b03241e55945fbb30c88e82

SHA256
9698a1552636eae859b2b92844b05cb83eda1cb9a9c5fb42a6beed9d823bb2c8

SHA512
25f1cec957bdf49dc9e6d94cc219ae577501239432d032e03b0c6c6c3942a8f703d1bdc502ffbfd0a4537bf50426f92dcc2bc6e36dd4b082cbedd35964294878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5b291acc8fc2884f1b15fdeec920e14

SHA1
9eff96a49a36847d20814bd5075d3ae90c613b22

SHA256
c58e95d8333338ed60cff638f6598580419fc22d375b4e42243cc5b588d03bb3

SHA512
75000207991b3037c1c4137112331afa42ad6d403071cbd7d00587dd0bb48dc9db41c9ea0c1a3b4a84a16244010981db0f228250c53c097ab8737daa12b1ea07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c33fdf0b18a782e6a17e79c945e3544e

SHA1
be2122bbebf2f3859750f7d720178f1936fe6fcd

SHA256
81abd1647c67d09f27de3d5e68a77c903b0150ca0a650636febcd8f4088400a3

SHA512
0103914864bf38a7cd8761c5a2d7e1858b6c88ac423eb843b16866e9b45fcf6a934d5b19b08def389c7104b6289f3a3d33623b26baf0db9a57cfcc943dca0365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a9a997235cdc2e4233f6be9eb321003c

SHA1
87518693fd7efe34417841e1b599838d416602cc

SHA256
26ba8f89451e012102b5da1fc46f0ab5242656e71b365db299dc2179a5741150

SHA512
813e83a55725eaeeb9c2b0dd97241da58d3fda16725303321c4fbf127475120bdc9ef122bfd851f5b180f94adc481477759a4b67211fb772293dfd8e9ec535b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
87f8666ff6798d6ef500e55d8d754887

SHA1
48481a058456a227243b7d90d9ccf74feb46fe3f

SHA256
8627e59db17f538a159a95f50a9dbf2a4624d449a28198e98e9c9b597713ae9d

SHA512
f6c83ea4b758221e2d5b533e32c052f13ef2975e053bc8ce4c9844437d90a5afe3f0ebaff9f5d4254ce976d97e8e728a85938b3ead4468c6045e625fa0c1915b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dab889a9067d1784a96c3d26a603f2d2

SHA1
37b0e9ed8d5e114a2cac9a1931958cf96df3cd37

SHA256
1b58778df387dc065f597dffec9e55b4fd2d9f2085d730cc0fef8f75de95183d

SHA512
fb6a7128bed6c2764236d3c30edb002f419956c496def475452bc94befbc1d5d9426e12010ee6615c71e143a9f01fd59aef11113c2ce88410a99fa9669a03c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9a639aa898e8b8fb1de7a462cd325545

SHA1
88b2308a621a86dea1150c68d99bb13a3fccb165

SHA256
fc525ca813d47d49fce98c2d6f61efe764ae6953183e70528136c91c602aa14d

SHA512
93cfd4182af414ac7d176fa36fc1c00529c31bf164438b0060632e9b968a0c2edfad0418e2a257fb8a891ab7dc7c36486a471936724a044c70d9420f2020cec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3786998ea612fd870430c26068eabb94

SHA1
e086bacbe2f22eef4c2374ccdb44ae34dfaea1f0

SHA256
75855817012aab7d11e2a2c43a93ba08fae0a8fa72c3bd274e03f20e36cd6228

SHA512
ca9b867ad6f129bcf080cd7d7f5c5fd88da2dc9410a48dacd4adb8d432e68e283761614f3f1e53ba957fd15345adae39224f348fcbe7b63444fc76d8c72b2b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
167a746cd6eb365cccede884848aa65d

SHA1
78ee79919f503440508414d2d2aa5a7706b2d3ce

SHA256
2367075f86510d2bb4e7eee83755b393e2a91d434c91c62c134aac5df8f668f5

SHA512
020976c746867fe3b86071e972760541c87e59e0d67b95ddcef7b2eb40110f21eb1adcf95f7749bb4ebb39f1e597ddc9aae49dfd95ee0bfff4c307531e123fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8ab806ffb3cdda83762ab0b7f0c43bae

SHA1
a3dd9ccfac16f674b49ab16e32251c62e5b30482

SHA256
6eaa76f9d98078c895848c0f49044d8c2533f4f377bcb1269939af15152c3947

SHA512
12e2a97719ef002a8e78113fe6ce0e9d52cc92eb9990a6f5c46da3f250f2cdea53fbff1425bf780d02a67571f6238fab4b875c96e9bad8b3670729f9f7514625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff3b1326ee67c7f10e6cf65530a74593

SHA1
f83e5b150870c78e49880a111fb74349f16cc1c2

SHA256
1f023a101c53c5d13f1e0783eafd3b686edc0271c13e7462f5c100b784a203a9

SHA512
47a0267a1ff02a2bc35d8282a587f48275c643efdb13f128b0bd8e44dd8849151d2e0bc5204ee7a15eb7ab6454b435930169a62cab5f526b240b6b10e385141a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
8a0b6a0e332e0a9d3009da47866a3d72

SHA1
07f5dece9f7d57d9068923f70e85cf9facab7af2

SHA256
30223d14b0edaeabdcaf55d93667acbf739fd5f4f493504bc3682e0dd8e011c1

SHA512
1d6fccb477200e77d912445ff03312e729491ee18a1bde0df182644ad85b2a296c555fab09eb9dcdada91b13f8ec6fc39a1a2c76b414c85c92ea991af712fb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f4d0.TMP

Filesize
369B

MD5
85a9f715ce4dd87c19098acef6eb8033

SHA1
463e988da4e1877be447689f413b5b1696fc935a

SHA256
6ccbcbc2c30bcb515d3aac36466f22f0fec772eeeed7d3e194e8c780b493e995

SHA512
57311663fa60b023c4bfce733215036bd1f6e1b93181749af422b668ed4b126e6c609261f292d839d35b5e796b61a03b2404e1c3f75531e50ff8d0c18eae39e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f59ec2a685b995e772c8ecdfbad879b6

SHA1
ff26d093bfcf9cf247650baac8deaf8caaa0eafe

SHA256
4296cd5ebd474ac8b012e6c0f380a3e57c85e472271180532daf4a8ead50bb95

SHA512
7abed8d7d0407487adb28cb1c377b10a5b16dc6adce1e3a31729a2b9c7e1bb2677e9746a65e0b380661f88df76607d936f23e72a422818579c051332f8f83fb9

Download Submit
\??\pipe\LOCAL\crashpad_3880_VHJOUKVLCBXFOFTN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit