hxxps://goo[.]su/drop-take

Resubmissions

14-02-2024 11:12

240214-nay6asgf71 10

14-02-2024 11:09

240214-m9arbagf4y 10

Analysis

max time kernel
179s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/drop-take

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service
T1102

Processes:

flow ioc

41 discord.com
42 discord.com
43 discord.com
44 discord.com
47 discord.com
37 discord.com
39 discord.com
40 discord.com

flow	ioc
41	discord.com
42	discord.com
43	discord.com
44	discord.com
47	discord.com
37	discord.com
39	discord.com
40	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3904	msedge.exe
3904	msedge.exe
3100	msedge.exe
3100	msedge.exe
4816	identity_helper.exe
4816	identity_helper.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

msedge.exe

pid	process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

msedge.exe

pid	process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3100 wrote to memory of 4776	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4776	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4888	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3904	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3904	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 464	3100	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://goo.su/drop-take
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f14846f8,0x7ff8f1484708,0x7ff8f1484718
2⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
2⤵
PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:2688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
2⤵
PID:2628

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
2⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
2⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
2⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
2⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
2⤵
PID:468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
2⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
2⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
2⤵
PID:3824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
2⤵
PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1
2⤵
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
2⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
2⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
2⤵
PID:2956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=180 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
2⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15608308176077353101,10260759605028434051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
2⤵
PID:4348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
43KB

MD5
db2a509594a5a1893b68ab6751b4821b

SHA1
de248758ad71bb86150de155daa2fae0ef82186b

SHA256
7205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51

SHA512
37a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
89KB

MD5
c88eb8f8ffb47da10636b6d9575ea13d

SHA1
bd9c7de66c699ef9e5a0bd736122796da21b2886

SHA256
d519e8c9f6672a9747df8697eb0fb6612e9d353e5491e0587bafd78c548d1dea

SHA512
30633cd97698d96b552081d9f31ed4b04c1373636c43f94999e40d3601a8bba986a868a9b6791ea273c15fd55f1d0d39c59ee0dbec21bf45848de242ea67952a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
46KB

MD5
6ce4dd3094bba499d127801a9b51bd7d

SHA1
d63b7441d3a6622e9ccef027a30c50c35489fef9

SHA256
1b6ef2a74828472cc4d1c2bc9117212282ff1b2c8e0c340759c897c44efebfef

SHA512
5f5313f04872f565d366c8d363b94e430a4ec451a15969754d5d80a767faae0755ca3224284395138af8afb3a9f7c30efb7342c6a81cfc225ebd55fefaeea624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
32KB

MD5
764b17e1da6963ebc217a49b77a91522

SHA1
0684a8b6fe9eaf83dc0712902ac5c9721f7e0a42

SHA256
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44

SHA512
c056727c4a1cef069a45e030e55784c46251d3aadbedbf058b8941ff856496a7fe0eef174750d063247fe7fbad1932732c0ae06d788489f09c81a08ca287fd73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
121KB

MD5
48b805d8fa321668db4ce8dfd96db5b9

SHA1
e0ded2606559c8100ef544c1f1c704e878a29b92

SHA256
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954

SHA512
95da761ca3f99f7808a0148cfa2416b8c03d90859bff65b396061ada5a4394fb50e2a4b82986caab07bc1fcd73980fe9b08e804b3ce897762a17d2e44935076d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
117KB

MD5
4f7c668ae0988bf759b831769bfd0335

SHA1
280a11e29d10bb78d6a5b4a1f512bf3c05836e34

SHA256
32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1

SHA512
af959fe2a7d5f186bd79a6b1d02c69f058ecd52e60ebd0effa7f23b665a41500732ffa50a6e468a5253bb58644251586ae38ec53e21eab9140f1cf5fd291f6a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\39212d85180e744e_0
Filesize
12KB

MD5
62e7c9441e743a64b47744497673c24e

SHA1
adf9c7bcafb0e03984027ed84b60480fc243feff

SHA256
c0c5cf6128b6742e66407c838aa4cfb4dd102533469f22eef8f3621475dcf36a

SHA512
cbe43c60b7610ee7726e7c0c5b7dfb5cc682ca1894e372b9d3c819784c8377ac1e7a55be0ffac97410d206e755f3736f6bad58864cf494f0c65bf300e6e1ce87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
2680b921eeb2c67838fad592c6b9451b

SHA1
e1e13c0b10eed7e5c4aa0985502d9229e1b8fb4e

SHA256
b44c76a13ae445e3510f29fda31b6e9b20ce04c45b11e5a6be9b0a63cb2e03fb

SHA512
3dfd9ddbd600c4ee03cb9ae56ff5968be2beb740528f44e3f5f0f70b036608ca108efadf93759fb21f1026fbd74ea15aac3c92bca6663644c33135c11e70dca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
56d8f531a397b839748a6414af6f72da

SHA1
bb64c37b99b5f7e3bd116a83b7b6e6a58523e368

SHA256
c056410b9d67ee89dd1fd6b3801718582ebdfac8a38f7608582cb37cebc0d275

SHA512
bc488cf51093a0fe7a3fb124978d82019fa4a0c49443ff14b9c9fa86a3748621760949c6770db2526be4e4b8b9e8cb626e69319848b28b44640c8053857e5136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
8cc0b2de3a340037e10fb2a3846961ee

SHA1
42002f8913c4754983a4607b0bd53bb5334b3a8a

SHA256
a1eb4e5a5da3e948870c7f4b40309425f155b5308b41550d815f108f7317804d

SHA512
e09151f4ecd149bafc1affcd71328039428b998c9a1afcaa9d6651984a7b1b7ef44fd2ef22f147815d89d2610a4b0046f1169183a98451f84e9d38b7ac486e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
36c2f20ca1555b8a45b48fb7ba6a3f3a

SHA1
4dc831551efcc0bd63e97b74033e4976c9db9ff6

SHA256
d6e12bfcda1bb8f288e2dd8d95c22c012137922bc27c32da80a1f8aa8f83a730

SHA512
97bfdffdac646e9182874df3b3b6e4d18882cdf322de675e91f6f38d9d7eeb957490810fe716dc6a4b5849dc255dfc92ff27254d85a10c45441aa45e23eee008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
ce96efbd8d3f1ac298adaa5180b60f47

SHA1
c75fc276c72b132395f18fb602da04fd479641c1

SHA256
6d34a7a8c0f66aefe400fd5ab3e1d8d57f2c7b49f9cd80ff88f8ce3470b7b886

SHA512
5eb146252a39bc709cb67979ce2e41bb1ebd41bb861c5c1fb3ad51cf16cdbd758d3338d09ba2ca6ae35c07ffdf8fd7733c6bd7f8cdfa750598f7c8dd39990d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
d9e0fcd6c7cae72ec59f67a7a1b5b8c8

SHA1
846bcc909496088eb06b297d5398e33c55185cdb

SHA256
e758daed890c21d813bb35b6b4315c4d338fbb9b2ef3d8b9b41a2086ffb13cf7

SHA512
37d4e78972294eff2504d7627445fc3deeb1f4847d23a07cadc34994078bb261060e7f47123a4140cab2cee9dfded55a44e20e6c25746305519deb14c203f25c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
04e0dfb714fc77667c1fdd57be16bcd0

SHA1
6e1e6606080c7b142a4c4c1f97ae134ed30d94f4

SHA256
8f6ab8bbfc2b260d387f8029c04da2e7215dd20ed5af0f7d00c6c65f2c80dad8

SHA512
2141ffdb0223e3a77d390b032914d50dbec8f76c913d344537c2bbbb6ff311084ac7c9c58ac311cec4902f7434c3a7cde24cfd2bbdcf128b39f35b1700edb883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
970bc223cd1cf6b5fb76bc70ceb7f181

SHA1
642b70104da463697001a83ebe4cef0f651014c7

SHA256
48908a0ca971d84c3be965bb9030cb1f57023fee44fd64cabfe5befe5649752b

SHA512
9aa1816b69996aeeb464407c3bb35696a67080491f5821a9b5f2717a30ee3ad858fd7eaae4c4d41e59be5e2643a09e547032da543f0fd776c42da8de30f8c009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
17ec6fe89ef3c8e987d7e539a746ed43

SHA1
8dfea651fba8275b3f28ff3b92a6efcff7dbe44b

SHA256
4280dda77984c12f0754632b95e33a8ee3be484c696f2d673a11efffca25cccc

SHA512
0621524c12191ae5e8d205dacafb9b88faef27f925fb403ee666dcb299fa8394de505b9027693d22ceec76b6e8d71ae19e325da23a818d0b411694682f59eff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
0132cd23a21364e386b35f0398d3c015

SHA1
ba452d93fea44270ddae36ca1c7d8a5cfd0919d6

SHA256
f4f1889ce5ef0774b129ac1e2854a2fcc7642da3284df2c5c57046fec8193a2c

SHA512
e920f283732cfe52121214936b04acfbf995fb0ebd9f7f1489d735a3d8aeb5b154dc5bb2cb48335d63662b5b5c0600039591d3a5c6bf520e55ca32724c909c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
a618a023c687cca36d54542a7120b287

SHA1
7faeccd8d3951da0863d4321018683cb317d1084

SHA256
579539e91f57cf9949e3944d9a6736debf79817efc5f56d0827930829eb144f2

SHA512
a59656de9b8a41c328195578d46cc7043dcfc35b50c3e7feaf93e2da2daa63223a36e55d60b2b5182f8a4cf679598bd3d9f7e3452952b0ce71f86a9bf6f0b475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
aab87e8ba4c7f6a34c3d48fcdeb3cf70

SHA1
b571d8d9d1fba4c42bede040185a6134a646c93c

SHA256
6b36b3f86efe2bc6447c79b69d64af419727ea2e52eac4e4a77cfa1b5ac808e5

SHA512
b918dfe68867eed5c3f38daadd4c643bcf7f8c37ff18652d54099d2960e6da0fa1ccab2cbadd4d59a97fdc1af4ca6724b15ce912e9a934085ba7523dc548fed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
827ff7bf612fed6ef2943bb52a936d85

SHA1
3549b8980787c1d94a5130c00ee9ffd710005289

SHA256
f9a6a44fc3ed94b051534675f2801e7826a7e568330a4d3d009b785bf6cfae44

SHA512
aac01efa8c6303a9cee99c3810b8d008ffac7d56e2ab6d69a1de55bd6660d4a3129c6524d71518aa09adaed2bd610f1637d3b408add8f829a1ccac2170c24c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
8e8b326654f04ef8561e3e3c542f2a4b

SHA1
d222c33696bb2a31a92121aab72327874f939a16

SHA256
887ce05303cddb2d30ba285ccce694332b2a118686cc304c71baec5263d9d5d9

SHA512
b9a0f5748affd153cd0e72712400bd183f4025a71a4bb23d5bde5521e3b62f4af5970de7ed881df78ba641cd6340d4295e2fb217b55cdb348a4fe45bf6dfa76b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
993592c65107d8a01d6cd7e786bbdeba

SHA1
cd09a2dbb2842f22a995d264ffeb6d78a65feaff

SHA256
bf764485d22677e1f819f7b12c5d4545b9aa38f9569805816eeb68599df347bb

SHA512
8023a8dca07d76f9abf4af0c131097b810bd1e17940f0141a417caacf12744e8db53ad1cb9c53695a63d3e4f444ef6247a56b1e774604885202c2de41a9508e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
df8068af1544e9743163fee29cc34a9a

SHA1
0c816c96337308874089c01a0ddbddd00d5edec6

SHA256
5ffef26c7f63250aad798c9529664e14eb5f97e0420cf2124f2345c67026f58b

SHA512
fe4ffe94e091a0a0b0889d0194b55643ad85e77256865db1619719fa91b2bcb31cad32fc223e78169883803bdd405d52eae32e9fa3ea97c93dc3e85264bfe4c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
49c1ce28454878e8026195b9a05ea1eb

SHA1
4edeae7e2e461228d1218df2752b69ec4c7de24b

SHA256
7a1ae2187d2d595569aa4d535b48c90a0008020c45f1fd1dfeb4cdb49a8d0540

SHA512
75eaf6b57e3b1f69d87a34b4b94840e11847ecb50a34c0081f3d71a4bcd75f77a081d89eb938b7bac7b393492fbf0802a19568e2ed79807651fbc2f9a1dde617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
3c28b543f57b127d8308a65746779489

SHA1
8776ce256d3ecdafdcca8d443c55fd2522e28a87

SHA256
83e463c5e734937172c07c2421b97559dfd0e0bc83f25652fcf98ceb95f0d188

SHA512
066d1e52ef485ed753a049cecf938b7a7a2c57638cd3c3871cb8be241876680a7956d1d56890d7d6bd6d76ad4a361e92ded5c3d1ec86536e715a99b7ae49a413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
8e2a330543f7da603329c0fae3b67b77

SHA1
027c667f1a01d03c5cd3ba3928d1c276cd4fff1b

SHA256
53b9352854a74608b1ce9a9eeff4b862ae39aa94e1664743a4981b5265e86936

SHA512
88ce7d45080a6077bb51b37fa0eb12cd461d62e0803a1cddcc9dfc83b57638884a0e7d269fe7354736e605389586465216423a076147f977f9ca88d74eede503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
3e679f697b5ee3b89ba79c52b739aaf0

SHA1
f3e5dcb68341e878da3fdb7ed7d1de9164a4f0e1

SHA256
66a63a97eea4b521ce8f471301e626ac6068a7ef83e348656405910aa0817d8b

SHA512
885dfbf436ff987fc46cda0ec9eb8c59525432fb6dd9507cef0daa8f74ac120263426847cd2c01aa27531370b53e7a4990b71b255d9c52d2a06a4ff2ef9f8561

Download Submit