hxxps://goo[.]su/drop-take

Resubmissions

14-02-2024 11:12

240214-nay6asgf71 10

14-02-2024 11:09

240214-m9arbagf4y 10

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/drop-take

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs

Web Service

T1102

Processes:

flow	ioc
32	discord.com
34	discord.com
36	discord.com
39	discord.com
35	discord.com
37	discord.com
38	discord.com
46	discord.com
47	discord.com
48	discord.com
49	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2576	msedge.exe
2576	msedge.exe
4600	msedge.exe
4600	msedge.exe
5024	identity_helper.exe
5024	identity_helper.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4600 wrote to memory of 2648	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 2648	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3560	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 2576	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 2576	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe
PID 4600 wrote to memory of 3668	4600	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd2a246f8,0x7ffdd2a24708,0x7ffdd2a24718
1⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://goo.su/drop-take
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
2⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
2⤵
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
2⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
2⤵
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
2⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
2⤵
PID:1764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
2⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
2⤵
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
2⤵
PID:384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
2⤵
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
2⤵
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
2⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
2⤵
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
2⤵
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6184 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
2⤵
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1610277346074308895,3888652748464210297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
2⤵
PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2392

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
44KB

MD5
0a9ee07b05e4dd492e69c5ca159f354c

SHA1
494b7715922b7b8f56b2b17a383d36342a206731

SHA256
0124b37ad05810f127517996e6b5e47e95c4981eb9c24c23eb78b75324e3913c

SHA512
1b2dc8682659cb74fe3c36201bdbd0fe10c65c435739a1c2fb8f55c5c85188abe22582f77b25e0db406d92c2a1f4aa4abe74675728d16ac18173f33fd11ad9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
f3bb7ec92aaa1a4af982a8b97c61c241

SHA1
4e27f70c67b71405de915d0d1acea4b91cac0dd9

SHA256
65f95a642cc10af59913248ff4bc84a2a9c5e6aeb4698d0ebf9e37496e98f133

SHA512
15a2edaa8e584064f6cada245e3165e0522813ae7dedc0a6df2b28e70dcb022ea5e848cb3665eda84fb624422a9d3e47ab888cdc2e50cbb5b34418a8458bc439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
1552d267a77fce7d7eb15c714616b15b

SHA1
ede9ce452145784a0627fde2055c832172e54d97

SHA256
6846c7814dd1f561986bc4fbe424d4a6777619e8d3c1fd7790f25dc4d936d035

SHA512
481c833d1010b77adac83560be9e7058c7a33d80a3e9ebe7347228cbfe9da86d07d8ef2192bfaf49cf00421e26da3d6abe43e0c59657855961ab9e52da9a7cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
1ff56d145d826833c5e824eb3fb7bb6d

SHA1
7ca016f8b17e442a48140e99e9d046b552975f28

SHA256
46f75e65c48a6d932bc642148ec2d61e7e3ca78acf145dd2369a183398c9df59

SHA512
6e2da5fd53f2625f2e6a784254ba5a53ace94b5cf33c439fe12ff9ee19810b061c466cbad8b3924918fb43f12a5e36944be1466e6725710e93bd850e11f151e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
4f93b4ba6e797d03e523f1156ec82715

SHA1
17760aeeabb6248ee83d085e7d328fff2c7dc797

SHA256
ecd9fb901f85e654326510377c47f6071050972c3a06287eb48ac66001409900

SHA512
865b439c6c03d9ed013519f7d318c2079c878fa5b125690aae80f05517b1920376b33293f11c5b24812e1cc4d24f580b0fa9627da7aca08cc7e1d06126a0d98a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
ec42e0bd0d5f4407fb310d7fd7edbacf

SHA1
829408b40ea84c98a97fc7ce2022eecc0246cbc9

SHA256
8955dc207724aa17e03b879f7aa463aa6ff7735a2f3c2cf6c978a121a3520f22

SHA512
32e94a1a544167558351beb74c5968fa8fd855c1c7857ad41491a3ee67abc2006ff9a327e849988c36748ce673ea59c98ae37cc98b0862dad0e061db572475c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7ca4c4f7b8e3147c7d7a4a65052e2016

SHA1
0005c7b052f6a8a8f8ddc17dcc85e12e098646d5

SHA256
e5a18df585392b2bf55c2c7fbe0f4935307febe9bbaf8c09110864ec6a1622a3

SHA512
6b0fd525b3fca68fbdcad1213660e2e3da4d1afaeb659c29b7ada9ebeb4f8522f6c68ec253276f812d7ced5b7a62f88ca59eebee607cb6a6f5bafe05f14e4bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
1ef8ea0d6dfda53e83e4c83d075d8918

SHA1
eba8532acfe1132b16e0e8904adbd91a58146893

SHA256
70020a7bcd072f74e4b2aca784068b2da1162eb0ef9cd465bfe976cfaa4a2423

SHA512
6e249437f9def50d2cb20bfa3a2c7a7dbe3a265328f2a4013ed853373a72382a0411b6e31d8a56f1a289193e450d58b00f9548424c3b94083ea5eeee1f053101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
5c00eaf7baac26f5dc6884f779612b68

SHA1
4dd2bb35ceb4af3a564cb4db6e439f607e3ce2dd

SHA256
ee8ab781e67abb0d0e3c9c1730a138f21c891a13d21e314252bbbb98fd2c5f17

SHA512
92267a71874c3be8571da8deb942a896cfc87ed9739e3a2b589df2b8429ac1c67de800f6acb1b34575ac9b24de9dc445fa3cc5b7072309dcb2b9dc36e5b5b1a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
d8f1b78a82676b8c9866ad7ce1e3070b

SHA1
0b27b67f99bb39352975bee2404925772b0dbc44

SHA256
c2a7d013ff4186a0f53995c9839f1642d7296ed0cae6ca817b22f1f968a0816c

SHA512
b3368bd22e86958c1f408540441916bb233dc4be64814af92b989524627e81662c8d31a55e3dcad5707aa59bd6aee0e7841c658bb9be5d36c286137f2fb2731a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
1003eaff59198fb8cd57d5dbd827f0df

SHA1
fd067c6dcbac0b9ae9542f268f76e7e66cd730d1

SHA256
d6f5d75e7776f336c068d4f8ecc3fe40444c232d996ec86a076c780bc3748af7

SHA512
06ebe0b2895c6dcab533aad892e7f295822f3dee13d3144660c6ee85bb94ee23771060f8f52669e890e520cbba136e2befac38a6fdc008dd20b1682b7d775a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
77708856e85696b0ca8755512edf9fcc

SHA1
9704a3e3fa58ed4704cfd4296534248b8a01ced4

SHA256
de66589f132a8f8e8b65ded59067068ceb139871872ffdb8c34782468ed622dc

SHA512
a5e06c5e1dce660d0a36435f08339013b354bbae68c3b9d2e781494dc408028206b49815d867a4c03a54ffb3b775328095c955519aafa01bd3d5693dbb1b4cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
fba19c3ed058d5fab0c2e9c618dd4f08

SHA1
6b3e7f030b4f0e65a7e882b39ed67e6f2048f10a

SHA256
c5df3b0fc0ace9208d74beaa5e419ca9543ddff0ab0fb0066a1b658fb41fc93a

SHA512
4614eeb50e70e81d2a5f509a100ecee8b8fe957a9b06d4461087a42edfc7742efec5b7899ac463add2a4a8ffa426fe0fd6887777d4c3297f6aad9e0bceb52cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
2d2eee3d8aafc92f01ac35d697d17358

SHA1
fa92ae1f6c25a42aed7d7ea5e589c87f863c033a

SHA256
3d29fa9d21b0f5ca8bf896f328847cd08127ea2ad1f1b080f24fd373c784cba4

SHA512
b34270dd709009ecf3704a5b157c38f3cce51830719ee0a94a7e359fa3ae2d8ce195cbd2787314c66d1159d053d9f7b54a1bff06c9b8e160ba219f63afd79cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
63bd11b3c98f88efc114bef69bdde64e

SHA1
daa7ec0b85540b57a736aa00b8fe6e1c2da9503c

SHA256
5c2f5872865ed367ff08717efbbe136c418bab5e4bdcfe9cacd445f8e712eeea

SHA512
bc2a4b27579bea32edf69f47f51a7d169c416ce79b4ca9fd65630219b05572dac8bc73d78183cedf9f7e9ed2cc8a52950e284e8c61b9bacc73ef54522496ace6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
7b2ca020e957904fd296e74c41b53748

SHA1
d133de1c00ead49d19d14fdee4385b54d55d864b

SHA256
02d1713804870a5317291792d1e7d7782bc2e0e4c7bb370f2d3c5b10928eba9a

SHA512
3935b25e4619fe457e6293c9487362f6ce7c975f4c1ab0d2efc6cbfb04afdbd91e242ce3d0bf50c03ae5efdaa1ec4f69a2511585b5a99a5e187d7e00aaf6c886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
c5cb61b8b68f045b297a8f69f3535cfd

SHA1
db117de0d279dc4f65e4d5736af46d9dbc832591

SHA256
61ae839b3ef534f652060810cc1c1229de193c076f1dea27e5cad2bb88d83fed

SHA512
dc295eb05d791a8b0ea047b0934e9b923f5edbded6ca5b3aae0313439b709b83696b9a892b8659413feb41d2115c97b7959277e3e981476a6b8ddbdb39b7348b

Download Submit
\??\pipe\LOCAL\crashpad_4600_KTHMYZAENREDFNHR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit