2361f90ff27aa1f3eda6031ab6aa2860bae6bceab468d6ff222d0f1e8bd6c5ab

General

Target

Full version 2.0.rar
Size

33.4MB
MD5

d27309da2d9955e35ed8857c4e1c3811
SHA1

c401881293f9f490a015a6abe5fa241f3b24bfd9
SHA256

2361f90ff27aa1f3eda6031ab6aa2860bae6bceab468d6ff222d0f1e8bd6c5ab
SHA512

d77871306ff7226234e9dc83156730705e8c0f733fe3262ca0b762b81af7981fea1639e893feb88ae407967d57c1b850951b11bc94f3aaa20bf7670d5a61c709
SSDEEP

786432:hVBJyDMIzgBxGFgVbn0cgzZ1qas1SH3mBL4cW9XP5voU6+h8C:h3JyAbBxsgFn0cgzZ1XHN9hDh8C

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

Processes:

mmc.exe

description	ioc	process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	mmc.exe

Drops file in Windows directory 58 IoCs

Processes:

mmc.exe

description	ioc	process
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

mmc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeOpenWith.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msedge.exe

pid process

952 msedge.exe
952 msedge.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

mmc.exe

pid process

708 mmc.exe
Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

mmc.exe

description pid process

Token: 33 708 mmc.exe
Token: SeIncBasePriorityPrivilege 708 mmc.exe
Token: 33 708 mmc.exe
Token: SeIncBasePriorityPrivilege 708 mmc.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

msedge.exe

pid process

4736 msedge.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

OpenWith.exemmc.exe

pid process

1228 OpenWith.exe
708 mmc.exe
708 mmc.exe

pid	process
952	msedge.exe
952	msedge.exe

pid	process
708	mmc.exe

description	pid	process
Token: 33	708	mmc.exe
Token: SeIncBasePriorityPrivilege	708	mmc.exe
Token: 33	708	mmc.exe
Token: SeIncBasePriorityPrivilege	708	mmc.exe

pid	process
4736	msedge.exe

pid	process
1228	OpenWith.exe
708	mmc.exe
708	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4736 wrote to memory of 1936	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 1936	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 3300	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 952	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 952	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4540	4736	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Full version 2.0.rar"
1⤵
- Modifies registry class
PID:2276

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1d21a508hc82fh4089habache33d154b025c
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9af8946f8,0x7ff9af894708,0x7ff9af894718
2⤵
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2161296131763939843,16106599361043892722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
2⤵
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2161296131763939843,16106599361043892722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2161296131763939843,16106599361043892722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
2⤵
PID:4540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" display.dll,ShowAdapterSettings 0
1⤵
PID:576

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2504

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5232

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
fea5d470d11a210e1fbb9a25aa38265e

SHA1
b96f8777b305d9ef56f08fa31e7451b852cbb579

SHA256
672f8fbed7e6547d4e9531904a4347b934eede50f3ef41705f45750164c7477c

SHA512
e0dcf7aefd74ebdad9a1de345f7c81fbc94398b8a95de60830cc13f9e3dc746af85af383deb2d75fb77dfdcc5cd926c374d42a2b1d2d383e730cc6427cd20f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
3KB

MD5
2f97ee3de9fd02642ce964911aff6b78

SHA1
2da24871223ae7ab9e03889a9790bf163c92eb5b

SHA256
dd5df9d845951e918e014e65bf509bf54bae625c1e9f4c932d832fed77d5d693

SHA512
606dd6fb364cad7fe101dd07dfd1c67a757a8d1b61d1e50c2840e1cf58a56f3ecf281adc0c33eec9fc0ea70daad02c9f740dcf4b4a27b77de25450e7d42e6e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
f7df0835c6b25cd8495b83d7a001db6e

SHA1
e1150468669eac29d1913df087f2ad3d1644dce6

SHA256
4da8184ee49cc2ea2bfdccd24d25535b7d219c834b5f93b3a80515aa681f5631

SHA512
69ee9d65e233a763473041bb782d14621e1850076d7f67154f2f5b5c3890ace5efe29ac0ea89dfa795adeeddf2b9cf00986c10a370fb1f47b98ba15d4a27a85b

Download Submit
\??\pipe\LOCAL\crashpad_4736_RYIPIKMOYUAIIJSM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads