hxxps://goo[.]su/drop-take

Analysis

max time kernel
149s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/drop-take

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service
T1102

Processes:

flow ioc

39 discord.com
40 discord.com
41 discord.com
42 discord.com
43 discord.com
46 discord.com
37 discord.com
38 discord.com

flow	ioc
39	discord.com
40	discord.com
41	discord.com
42	discord.com
43	discord.com
46	discord.com
37	discord.com
38	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{876C5F56-B3C3-49A3-BFD3-0C6671BDD9AB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid process

1352 msedge.exe
1352 msedge.exe
3092 msedge.exe
3092 msedge.exe
4816 identity_helper.exe
4816 identity_helper.exe
3728 msedge.exe
3728 msedge.exe
2828 msedge.exe
2828 msedge.exe
2828 msedge.exe
2828 msedge.exe

pid	process
1352	msedge.exe
1352	msedge.exe
3092	msedge.exe
3092	msedge.exe
4816	identity_helper.exe
4816	identity_helper.exe
3728	msedge.exe
3728	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

svchost.exeAUDIODG.EXE

description pid process

Token: SeManageVolumePrivilege 4644 svchost.exe
Token: 33 3728 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 3728 AUDIODG.EXE

description	pid	process
Token: SeManageVolumePrivilege	4644	svchost.exe
Token: 33	3728	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3728	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3092 wrote to memory of 3888	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 3888	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4460	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 1352	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 1352	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 2636	3092	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://goo.su/drop-take
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe471746f8,0x7ffe47174708,0x7ffe47174718
2⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
2⤵
PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
2⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
2⤵
PID:2768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
2⤵
PID:4144

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
2⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
2⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
2⤵
PID:2732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1
2⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
2⤵
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
2⤵
PID:3864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5156 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1688 /prefetch:8
2⤵
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
2⤵
PID:2288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3612 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
2⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
2⤵
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:1580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 /prefetch:8
2⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16335705967353799538,174435696777601991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
2⤵
PID:2132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3788

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
Filesize
16KB

MD5
f846f101b779fb30ca7f15dc0e593677

SHA1
97b3f73fd203345ff7dacfa89e0406a52c15c768

SHA256
74fc3af3a845def4338e70573f0bd0dc55e08aca134fa9b49f274bd0725ac0b8

SHA512
4072e65fbb856c8905e8e6f12bc88571be013a07e6135211731d9d406472921f9f61959ceb86a1cdc5f325064b090405bee16014e72e7e5a97b4478e68c20e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
211KB

MD5
2b9776807df1c30ef66c45ef60237487

SHA1
17e925fab39688d0d907687da86f566e283ee63b

SHA256
58a7c2031d7dbf5bda9614b64123996aa3bfcb5a783f901145baf087066c04a8

SHA512
e67162fb491ca513627e9fcb69a5db19a15129856ea3d01c2f0b5add061811bc5a0d4b6d8e53e4d7fe155b3bdf4a786cff697df5165368616589b411f8fafcf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
Filesize
47KB

MD5
709f7544bd3e74c424113e6853948595

SHA1
a8c1d9e6c8493091727f0e303e45ab92b773343a

SHA256
0f2a35c8b824d54b483d0b2ea10964bb7af8eb6b1c86d40efbac4c55e1123a2f

SHA512
c2ed4cbb5e48d04eeb63c94d7d88acec5af101c2da003a34379023d8454d810ae357d0b4265da7027af38889fe307ca597f815111295ed62520f39aabeb2020a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
Filesize
775KB

MD5
7378f426d93d2f806b536db7d5d1ef37

SHA1
3b7a025816a583f4d77e2d446666cec3d280143e

SHA256
d40eeb6f1bcee392df7288d7ebb484b3e8fc769fa52d13a41804d59573799087

SHA512
44fbb6d3b806dc28ad340c33163649a12fbae9bd70823ad39da45a36e3325efaea3e4d060702d0aa08f417592b7a512b967610e361b08101e7f981bb9cedea5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
Filesize
30KB

MD5
86eac13ae042c5838d20274274d5d82d

SHA1
a1edc2336435162d57edd8e9a4a2b7ce2d693fdf

SHA256
2c700f68f9355697fcfb8a1be428158cc2937d2e0d01c0afbaed92cb2cb0c125

SHA512
313452f845e01faa3b45d9b37dd7db8bd1f2596684762d9affd50c1479c73592f06160f459c1fb11e4f7f38d185208b9c86c373f1abf34349daa3314382e337f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
Filesize
33KB

MD5
4c44a4c4705e1e7ff214516345726b38

SHA1
c50da19ec6fbd99ee4c4f305e9ece188e0d19233

SHA256
7202e097880e3d2f06bd216cc9277332b95ff8b7d3a676d3ce89b869eebed990

SHA512
58c1de9c2d940b1d6195d96320c3b15030439ab71b1bf6a0d9e67c88213a3d1d29602a3079fbe4ce9cde6e6879020c05c237e1a7517c942b6c26f9da681da979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
100646853bbfbd29d25c050593cfe2d1

SHA1
9301de7359b8b63b912a4b2c8b6f6ca426c16135

SHA256
2c21715b9201cdbb580f9fb0668532ba45153a6f4814934a429e6ab4fcdfd85c

SHA512
06b23211306d2186540b2d33ded7227190ba9dc97adbc62f04de643e986d27211088a57143c8629a6e5e9f98637a413c0acfcbeefed94a95430569ee9410dac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
968B

MD5
21277993341927c8e0002df40dc1dc78

SHA1
56c6137f819b4530cc4b2dc3b2c6ec5625ad987a

SHA256
2e0febc330fd4a6f6bf7c7c1b0c4aae2ff7cefbb4d085a89b137fddf7646954d

SHA512
9d804196d871e8911a82dd3f363ceaf0e9d98aa07404625a3afbbed1c2f7781536706aa6002318091b747cce4222b48d86e21855daf1b1286d029049a684677e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
2a3785ea642dbe88686d0c218d0e3531

SHA1
e386bb185c1f6f9258d4fdc7d615c58614e146c8

SHA256
8405bcf4893c279b1d89d31583ef43602f6d87f8d4bff677653fbefd969b0515

SHA512
e0dc3abb7fb823a8a5c9559a3f3600944012eb99b715743ab2ae54485c75071b9252aa6fc4801dcccbd362f449256680ce08b631d3bc06fdb44791cd245bfae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b70e529f8f1f3d53afcbd2e575d49266

SHA1
836f0b501b57226858abab4341ef46b48ec22a1a

SHA256
35a18d43208053079aec2a7f33627d3d19cb78aebb1552e0dc74e2cbe909b43a

SHA512
2557324a5c15af5042133d6adaad2d713040642f0f69795223b4158011a1875769d5a2712a83f8b12c3ef26382e8974ddfecfa4f41b231ad69151c384ce84e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c84211bfcf1ac38c9c4b3b1fd287c55f

SHA1
c94c53fe5219f704545cc48ba8c17db37ebd3317

SHA256
048a2e4dfecf2a0afabc6ec9e16408e9e5727dc6bc15f906c1335009ab81854c

SHA512
ac2bd7f1ec4579e5a1a47145e0ef0a51d4298244219afa2021e0a3e0fd6242bd089e7dda1d3f6ee470d1de9cd5d19c0f80a4da739a1512977b3c037684706f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d020db28e760e8d1bad868b605eb9e42

SHA1
eeca9eb38d530a67fe5e34cde212672daa22642e

SHA256
1adc728a6498279fe01a775cd8598da4ce2b462ec1554002e84a456d6f6c247b

SHA512
40a4e46f2e86f7ee8ba76be7540bf2301e819233ac60e3a20366a4d2ee14bfa2111c95be523020950322fae10043cef146ed1e15d327e490da9a9ce35f9073e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ea0fcc5d1208d2a4d5414c011949bbc5

SHA1
13e23dbfd38d53b67e64d2f78ae81a8bd86a5ee5

SHA256
613f5de5188f155ea2aa36066d2f4ef219cc2ecc9814859d7732c9a5493b5c95

SHA512
6405efd2d27ac905068602e2d51238e56291961373b8501e9b73d81f03b7762df168d3f6b483c5e2ba195167db2601326409f8291deb38fa3db475dc271ae41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
bfc6ec60ea0d0ffad72a3d1732e6450e

SHA1
a38778e0bb0c980b25fb57f359f4d7421e800a38

SHA256
92267b5c74c2b32ff0162a29a68236b78d2f88d691ef0544456846cbfe55e9e1

SHA512
da0677fd7d3cc35a0a8b44daa87137a5323132bb1b639f504b857d4622b136dfddd0f7b00a47c99e4095e4ad010c5e92f7750b547253ccf27f14bd07cd132250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b5438a3df85c917851bc4a80c8fc5048

SHA1
b7a8fabb354373e8af4710dcdddf6b68f26a0b74

SHA256
36143513846ab4f8f119f369cf346124160d86732118fdc9b910c6958076024a

SHA512
8b19fa983e095dcf2885234f2ec2da4940b5359088be8717d961bd40b5cf4bb036d21e46cc0eb14f9d45ba7f309c5902542dba929a060e890c032095d8e83c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
4bfbcf89a9964679fc218645e50829b9

SHA1
3af2146e018b0121a09a6a3baed62f8a8e443e67

SHA256
50552c90315570c38c7f6801365cba307b85499ce8311dc78a2b895f884b24e7

SHA512
33cd77e5d471ccc44deb97c4095aa2a7a3057e85bab6531fea05926047c0d7270b08fabf6307b2bba8f31c7d3532b11ff5a601d9bf52b49b9f4719e40097463e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
271e4c6d33a49a0a48174fb03cd8ce8a

SHA1
8da5ba92790eedcb31b54ee53baf2398ade56bb9

SHA256
7ea3b3af36fea7153c89e5f096c9787af041f8bd82616b64659ce44929cc44e0

SHA512
a2ef50dc3f59beb05dc9730a2e4f5841337f5860e2e738f485830e16d0ca30918ca1a1d896040503abaf2fc6b6185caf064b29f5bd90be79d3e469c30ae183d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
bda56d08bf7542998369a5ab23ca1a1e

SHA1
3be86d57232ebd4de25f01163accc985c4df6e34

SHA256
bc8b5af13a0037e80e10c41e8e6edd7db493d455d0604be9c580a1549933ab2b

SHA512
a3fc97c236e4bfa1be355b4f3216a4c7697859fb2a37bfd18143e1eed78b11b56b89d7b4a2ac780d4c9b5752f13f2740ad2d8419b5aa11ad68b4bfd200c9a694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\45a814db-30ed-4848-b04c-1c4577e66982\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fca808df-9738-4a86-9eb8-e75daabc3ce2\index-dir\the-real-index
Filesize
2KB

MD5
2bee3bdabc5a3d484746f268806d2173

SHA1
a9f4dfaac9c30edea4ee860ae39866e45216d146

SHA256
654c48a5892b14e0e527dfb11de43ffe7d01e0275f888c4536b8a6167809ee48

SHA512
8648768ec990aafa7ad6b2de1554f706f9e2f26992252656f31513ac5d49ba13df102d6c6412b555f575279671ab694350c0de46b8eb0223f002d21c46056070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fca808df-9738-4a86-9eb8-e75daabc3ce2\index-dir\the-real-index~RFe597fc5.TMP
Filesize
48B

MD5
db20d692d95f4114410860de0104cd77

SHA1
084df1a3b497aeefe6c6e03c303be9b2ce61cb11

SHA256
2f6b25ad7ca65804f60137a52d94ad7298dc4c70116e7927a5754db1410d7af0

SHA512
f3ebf60c6a3017bee3d2984b2782292a259e8004c583f1fef5012a030d191b8f1efd1f38f44cb53fd9d9728e5f904972cc03ee153210d7770e59200a52e5bb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
89B

MD5
6b72d49e96a2d78ee1944b0e1b0a9157

SHA1
667edb67c622cd9b325bac5c56daa3fbc7a9a1bb

SHA256
26ecbe3fdb6fe33f03a050fe32e7b4aed27793c8c19457793c28819ce0c1c0bd

SHA512
e1ac0fedece640df6d8f5203e2beebdf379b2823eaf3c7fc23a1672670d422c958e424abecde868d10e591c7088f341bd147926718ff6708216ee5de82a42e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
146B

MD5
2624c99dfa2519e28074549831b35f11

SHA1
b5046514b70e669e9ea76220c0d12efaab2ae919

SHA256
bae032fe78e01d4eadc1e89d19508c5872b8854974d4e33f7857119f2c92d588

SHA512
e5c6eeb560691420ffa5ba965dc3f164f81e2fbed9f5804539e5d844b8b948f3940bfcb4a25c5cf6ed1a139956eb5f1a809fa0445b949d6b76219884c4164770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
2f381f46c86e81a925b633e33afcd6f4

SHA1
2df5b40c1a6af975902e7a658893f1065b2e3d93

SHA256
1a17b254d8e94959e806d7deee26e4f91b933cbe2af817e6bafc7f6db55bf68f

SHA512
c260570df7bcd7caf221fc177962670b89168c95a9e849eba20f7e13654b5d7ac91594ffd94d64c9056d0b98e990ce772c395fa46c7de4d72e5c7fae55e4727a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
148B

MD5
53d94ba0c685bf64dd7c5c5e1fc5b158

SHA1
bdaa7ce01527e33125d7c24b589ddb9082ca1a2b

SHA256
481a61682cc39d2e169859ce524cb0a666a08c6f8be07ccf5f17e98e47804fd5

SHA512
7ca09b6970dd77e1c47216b4cefa0f1382d593627c6296665f6d3d4111096acd2d3c93e7221e07177de76a62f9ae87bf11f48c115d4a45242c25c30dad757b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
157B

MD5
581feaa931f8468e69b3baf73d8c5552

SHA1
507c237d569290a80cc69dc976e73fd4f3d2bf4d

SHA256
2acb1d478be8b8c2edae01ff0872a5154bbc5abf3a9e6ce31da8afd6ed77e619

SHA512
cf9999c0d95e6d06ca4ed18408347151fa4e2b7fcd9e0bbd6ab447107ca207c23ee8e66fb8d97a9eacb7c120a1a4fa3673913a2f27a93f4fb51c6aea45a96df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
84B

MD5
3dc862955dce22e8b2e445eaf26170ce

SHA1
b1dc57e398d7626791f3d5a7aa1acba3bfc41f9e

SHA256
ce23987bda4e1a5512f7fbaf8bf102983fb70633b024b94272ae7c990bfb9ba2

SHA512
4694bccd63aee726a2458762be145bcc1582fa5086cbe7d583f66a436e1d3bb7d69c1f2517e9a9d80df7962d4e7dc565274bd803c34e99df45168c025ada85ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
537B

MD5
1e46140365929e9eef59206618d2e04b

SHA1
dedac7881029f9356d71224000b1f5fae64725f7

SHA256
e3d236d9262a4c2064785c1925827c7c80c9d31c39e42eb417e3cf3108f1a4c1

SHA512
34bf2b2a264df4eb700626f34fc6c39c36e70c560aa9a580c93cd702e40f17438bcf5fe61094dc7e7b84d3dbd125747bd66eeb19be7e6a29ea10ec9375db46d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
537B

MD5
0a7b96fbd76d7c2d2ec490edbe306d49

SHA1
e4827f2731fa05d1bcb3d263d5ac954bd1986e5a

SHA256
8f1945b3fa2e4864941259765b720e7b038d5610b84c4e27e1ec6b38c4d23b95

SHA512
118be56ce2d5a0e9208e1f5010624bfe266e934af56b25558d07b4de89a9eb197bade18bdb30bfc2fe93f3d75d695f50d352b0f2d4ac228a8af7a83f778d2341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a9a4f2c556803d038e14248418443847

SHA1
254b90a9c314090c4ea8c906419526584849a074

SHA256
a684275c6f15f00928f40f5bf70691f7a2938ce658d7c2c880cf2e686a459a22

SHA512
642080639fc696cb767f64fc72bc60c4bdfda8ba17929d4ec8d04417a0de7d3023da89613b250f3a465802096b2279a822d77f3403960a4644721053579fc738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5a6c07e4d110da42d1fa42bad57e6c54

SHA1
79b26430cb30d5c2677ae4fff21efccdea71133d

SHA256
f57b2b22b876040d31bd4a8bc7040d095df8b11c513a19d0a95877e843450e9c

SHA512
32725f185ccfbc31b60bcd3e85e0a3ae00521ffd94e7b2f99d422b2dec1c19f02171bd2cf422578b55dd0e22c9f545e1c45ac6ba6572f85ba9449cea44fedfd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5cdf2b0e10106eaf75e18c2a843a0948

SHA1
19eec3c5f31bd90a193b65cf22a561d81d240b85

SHA256
6870db4d8540df56d8a8344458a7032b49ead49aa6ea2d3139f69871f95bca47

SHA512
33597e7ef84dd0cff48f2ee06878cb7691b96577c40d6fa05bc0bea27f41b98556415f0ca405d3aeedac6ca5704f59bf35b92a3a1ea8eb5c8fd9d56eed119e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ab2f.TMP
Filesize
370B

MD5
82534ee00fe5b90f5fdf155d201b4179

SHA1
7c6dd65cc84cd8d036d7017c49f17d5e9621c553

SHA256
5ddbe99dd4657d92df818d93144b3196906564a0349c6e0bcebac91e2d8179cf

SHA512
2058e6678bc1f8036c60a43129802d814fdc27a62bb7cef5dde9520acef72e90a419777c5f8be137ae107524d734a6a1362246859cc07198e0f8c44aca73eec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
edf747e52f6267e528a2bd70e3cb4c48

SHA1
cb359a186ac9a4ed69574dd73b98813c8b61860f

SHA256
0a620d72864122cc38377b91c8a8250d93ebb88fcd6f55f5c7e23b937f650f1f

SHA512
605c0595b79d035eb1f97b73a2fb0c88434e99c86133154ffda6386bb129e91da2381667c8207619f63768bca712182a7fcde015f0ee5fd60d17e5da8253018e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
587f952f3d86f225472d5cf8b7eddbe9

SHA1
e8a4a95cf9350cf4b0932e7c616b039a0f4151a1

SHA256
236ccbe8d7a27874cb92e7772e38fb923d97ee02b89922feef05b5559f94f765

SHA512
9cd0e0501edbac9ce13a0d506c8df66883457371e4b758fcfc53711a00fc9f88c2c8f35f601dd7a6f49f3afe07d4d7e010284ae991a1022808f83c8edf16c1b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
e39c4b40ec38d8d6c797c925b5ed2b60

SHA1
ed0cefdd670a6fe5dbac773c87be517014a49475

SHA256
4c3ff2a14371ff01aeaa94c6af485587e84f93eba334d66cf2bddbda09866f93

SHA512
c6ad9a43dc0cdc0ffc5f2897b53c182f4e1bc00696a098caf8c15d87c962c620a586278795cb93a68a87aac22942a9688561765cc2d508b8a539714267315afe

Download Submit
\??\pipe\LOCAL\crashpad_3092_WJABMIHTERLBWDVS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4644-196-0x0000024047D60000-0x0000024047D61000-memory.dmp

Filesize
4KB

Download
memory/4644-228-0x0000024047BE0000-0x0000024047BE1000-memory.dmp

Filesize
4KB

Download
memory/4644-227-0x0000024047AD0000-0x0000024047AD1000-memory.dmp

Filesize
4KB

Download
memory/4644-226-0x0000024047AD0000-0x0000024047AD1000-memory.dmp

Filesize
4KB

Download
memory/4644-224-0x0000024047AC0000-0x0000024047AC1000-memory.dmp

Filesize
4KB

Download
memory/4644-212-0x00000240478C0000-0x00000240478C1000-memory.dmp

Filesize
4KB

Download
memory/4644-209-0x0000024047980000-0x0000024047981000-memory.dmp

Filesize
4KB

Download
memory/4644-206-0x0000024047990000-0x0000024047991000-memory.dmp

Filesize
4KB

Download
memory/4644-204-0x0000024047980000-0x0000024047981000-memory.dmp

Filesize
4KB

Download
memory/4644-203-0x0000024047990000-0x0000024047991000-memory.dmp

Filesize
4KB

Download
memory/4644-202-0x0000024047D60000-0x0000024047D61000-memory.dmp

Filesize
4KB

Download
memory/4644-201-0x0000024047D60000-0x0000024047D61000-memory.dmp

Filesize
4KB

Download
memory/4644-200-0x0000024047D60000-0x0000024047D61000-memory.dmp

Filesize
4KB

Download
memory/4644-199-0x0000024047D60000-0x0000024047D61000-memory.dmp

Filesize
4KB

Download
memory/4644-198-0x0000024047D60000-0x0000024047D61000-memory.dmp

Filesize
4KB

Download
memory/4644-197-0x0000024047D60000-0x0000024047D61000-memory.dmp

Filesize
4KB

Download
memory/4644-195-0x0000024047D60000-0x0000024047D61000-memory.dmp

Filesize
4KB

Download
memory/4644-194-0x0000024047D60000-0x0000024047D61000-memory.dmp

Filesize
4KB

Download
memory/4644-193-0x0000024047D60000-0x0000024047D61000-memory.dmp

Filesize
4KB

Download
memory/4644-192-0x0000024047D40000-0x0000024047D41000-memory.dmp

Filesize
4KB

Download
memory/4644-176-0x000002403F750000-0x000002403F760000-memory.dmp

Filesize
64KB

Download
memory/4644-160-0x000002403F650000-0x000002403F660000-memory.dmp

Filesize
64KB

Download