hxxps://www[.]youtube[.]com/watch?v=FLFuuxhx3RQ

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=FLFuuxhx3RQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{F4BC52DC-4429-489F-A67D-E8A4AF2EE7C7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
3480	msedge.exe
3480	msedge.exe
3212	identity_helper.exe
3212	identity_helper.exe
2236	msedge.exe
2236	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5052	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5052	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 4044	3480	msedge.exe	51
PID 3480 wrote to memory of 4044	3480	msedge.exe	51
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4756	3480	msedge.exe	86
PID 3480 wrote to memory of 4316	3480	msedge.exe	87
PID 3480 wrote to memory of 4316	3480	msedge.exe	87
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88
PID 3480 wrote to memory of 3256	3480	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=FLFuuxhx3RQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed12e46f8,0x7ffed12e4708,0x7ffed12e4718
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3900717442244542445,3733572643168168748,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x454
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2fe7a2c558e6479510ecfbd842c39c81

SHA1
d5bb63c49f65031d6731e17da62af031fc1c714f

SHA256
6486c8ea468e501d582e82ffa23ce3aabd5ce763bfb10e8efbec009f2ff002a9

SHA512
1913f45f466f531a606be56e0a4fbb8f23911705e1092cc21f73bd4fc651da41a8229cbd715fea3c46bc987077e14e1bd9895495736b8eee3472afaf02491405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
667f452f95d14993aeae538a1d5089b6

SHA1
37d8b699d34af56f9c89e9f169ecb34a9909ec77

SHA256
386231ed80579a3b41232aec84a685c49cd6c1ab904c29540de5b937a2f977c0

SHA512
93cf5c3fbcb22a4725e7c57542ada43175b81cde95d0ec46566c4d8bc8331be08183b0b4c94d97de91aca14d33104a8b26f130909ba31976c9724d8cb6d0c3d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ed4c131da8e90ab4cf94a6d73301c5d7

SHA1
e6b4e5ac72d8b6f3484e7a518c87a203b41a7611

SHA256
0fc826a00f51e39b78e063d7e4c1107e19268b2ba871dbbb2aa4c17ea5e1694e

SHA512
5696ecd619729d778f9166076347d2b3ac0c33df9073200072c4a964acb6286163a0dc4dd660641ab504687a0d3e7f1ff88c2713fe62977cf5556c26f53fe06d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7121cba1549b939deabe60995f26b0e7

SHA1
ba0058d544f4124f6dc933388a35e8c279a6ab64

SHA256
21c2c5beed20891f2af45ca74f578cdc297f9c358ba2bd3a1c9b8e36d6f48d75

SHA512
38236d26c59c05d615fc9c8fb0094ff89f21ac7186f8af8d449a6a624806bfb47319b158e5a25a8d5966cbea38669e7483748679f9013e1b0983825ef9d4fcd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce5557b770f03dbbae9cee1054b64ad6

SHA1
bc704074a682e24acbb228bf2fb01a8269e92f76

SHA256
ced53ccd6ef8c68ffa665c670fb0c044fc4c7199b645a07b7542fca4829d61d1

SHA512
f383c4cc23f4c53c457196652558c9ed32e649a732147dd2f5f76f8ecf7668720db71ac1889bcfff336461c01a0c3bb0bcc05ab93df1f9ecff83cc4c9bd3ccec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c74d4862a4f2eeab6c5c01bcee022e04

SHA1
7d1be2647050e8b9055241fea2381e3ff574ae60

SHA256
de734dce63915778114b4b9885a10277ff92e0bef9a4816be8d946762e8b0f5b

SHA512
d16b6e1373ab8b68ae29b6cd680bb5752b59f73da446f594b1fb8022e63821abb2dcc28cf1172b753cfa2ea8bc1c5e3a61cc8237250478e1e0d1fbe7ad4a0c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
34cbaa4b27d1b9601dbfb9aebf15c754

SHA1
b6f96bbe33da5364c5a8dcfdaf574d281f87e6c7

SHA256
dc45be68c0f91a05b62f6fb5d1760313a1fd11c39923359b123055e33eb09ca9

SHA512
6eb295cadc7e2aaaf88ab630dd7d21cd368c482dd44c057001daff9a456a8473a0af9b289777ec88365acd09adb2b4b9f1ee7b7a9b300b69eaeb4c1072c39e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\011d56d5-91c0-4214-a868-97485b60bdc1\index-dir\the-real-index

Filesize
2KB

MD5
2917963392ebfc766c1717f99d52e44e

SHA1
71c0216ec5c219271309e3aa68318099ee242eda

SHA256
488b01ebe50b1c17309abf227fea3ac7a33d8df35787b703ff76283786b357e7

SHA512
51ca6ffbbb5614d9f7d71a824bd86fa93330bf7687049ede5d893ab0c303e490505772e8b942090dbcfd852491a9237ff9c0c303dd10731ada021eef7bfcf5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\011d56d5-91c0-4214-a868-97485b60bdc1\index-dir\the-real-index~RFe57ac3e.TMP

Filesize
48B

MD5
9427e962a57fa51183054ee2bbf35d67

SHA1
617af976252b692442c8ba225c4992ccc8de3e48

SHA256
26710a4ebe002c5e92a25b54878a6f287205ef75ffa75088f8228a571b8d2067

SHA512
ab98b0403e7d1e6850063359cda1f2d5437b0c6d63057863cb6c6aea0575a4939ec26c8a24089b76544b2e42631ba3e784b19aadbc1b4817c35253190cf69cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
70363dc09fe7ff5137c05533930d7055

SHA1
a7c76268ebbb359bf606292a6d41126c811d43a3

SHA256
29e01f0c8bca85e4e7f033f5a3856a2abcf919d71932f46b5b7722236cf3c110

SHA512
5ec45b5308313150de683cb42ab0f64c457cd43cf2beb42523c1bceb7238e217177a94b32b0fbc0111c79d5a539e4e6232eb8aa969df760b8327ddcac7cde435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
71569f30cd9ecdea218e0ecf3561e0e5

SHA1
86f9f00ab5514f3b1b15b01af20fdec5789639b7

SHA256
27358ba0a74d2709456183e7ed289ae1987c9c1db06a7e4d887888aa845326c8

SHA512
b6c9bed0e52b16b51e953961b7216c6ac9e984cffa8a537b2ca1b09865d59c502fa47d5cc137fed8ac817b5886dc1a57abc70b7f51450f09c9a41ab388f6d8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
32817e3bfe5dfacab9a474af58174d6a

SHA1
bd67aed64f220aa5e7f283f54e128f203426de03

SHA256
f282937715a07f75fce0bca66740b65cf8c1f2bff5076978beb2939c673c5d2c

SHA512
ab595a9841366748128640c37bda438a22b58f179a64629e8f7e5f96daa91bfd6814d4150674425a496ea463d738d74ef6c21f562e1d428c24e5c18cf060199c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
6e446d95ba36108130050cf03af11058

SHA1
8a88fe9b0b2f2b6e3a73bc1949fdfb3a1430ea32

SHA256
e42eb2d957f2926ab94beffbd3dc9de19c040ba7926c1569be31ce65e45084fc

SHA512
8c8522ffe01f399c55428887addd005a6a9d08ba62ddfdafc7eb38f4478224a52aec6f8653e135feb608de39695cbea8c1dd1bbf7d0b73ac40ed38b3d5095b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6edef56d55df72f32243d7bce609ca42

SHA1
1a4a931bf0739d151eb7837f3ee830dee8c25577

SHA256
671024e7c561155935789f64a3f9102036b4324b12a04fa7e47cf51cee95b6d3

SHA512
f48136b5300b7ec6bd1ff924d8dc4a6f701119f4d938e99ba4e53081fde69cb94feb22954fc3349961b25af4e6c780086c3b156c32d967ee4ed4eb517299f098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a180.TMP

Filesize
48B

MD5
101d382ba2bfad17541973640de467a4

SHA1
e69409b570abdc3efc4150753b93917036d8a4ca

SHA256
ff7250a69cd23c08235d4638571e2d2607ce8e6b30dd66b4fc06574f5573771f

SHA512
b5ce3de1171f4e2acfd35679aadea15d7c414872aa7ad8de7471a59ab065a69edb7c639634158bcddd3d257e3917e361aa14dd8d38256f344d09aca4bb4dc9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
97c693fe177e72886ca07c0bb11f563b

SHA1
fccd513beb0bf540b30a8c2280abe8ea87e6cb82

SHA256
3488803aacfb9db2fa036cda993ad06b795b675bae8d92b7192b2d0896314ca8

SHA512
eff11e4e23847b208f8e11d711cd7d07a69513b7e67b2fd615e3f6ad409217fe6a45a12d7704653ed1403eb3d00e563e0c9149856a57a778c752fdfab6ff7b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7ec6d6e22de7cf11139284e36c487ea0

SHA1
77b2e24e7f785a0a7ed1e10ac1bc793e481321cb

SHA256
23348d9bb4ce2c777ef8ee5b6ae7732a82cd2a549d706bc4d351df3408b6de6c

SHA512
a9e385d461757b10c885e70eb5aa57bf72ddfca556d833f994a40391b15291431aacee1162f09752e8edef615de91eb52a84f9c497240e875b659ebe529d1859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e368c5e668a17451823402915372fcac

SHA1
1b6ac7ccaccab26086f4560ec1ff4e69e13f11b5

SHA256
23f6746945546edd1eb0dc806b392b2175ec68f8673fd99630bff062b689db50

SHA512
92255b3ed3a26b996c839b5205da250fba6bcf50c7db88ca0396423aeea048b1f964ccb643c8fd2ec968315a35ba95fe91c86f29e16bbbcdbb604e102c3bb3b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
14ae0e6140eee5e80fb81e8d4c5331e9

SHA1
e452bee0333525d9b4a95b8df163f78b488cfc2f

SHA256
a9c73faa8803c9b9387a611bfbed86fe76f348c0f3d809300451afb6f417d4cb

SHA512
d2e476483d1f645929bd73977dd0388193d38e0b86cc108758ee06c8d737fbbcaef3505b21af82d0187a2c52dafc7e10eabdf3ae42fe12c4018e227268097ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c8ed.TMP

Filesize
706B

MD5
1ce3cc291c367ba798f913b354dd3de4

SHA1
a4f4722339f42e2b5cea0edf6ec91d9b3dd1d685

SHA256
41cc816933930f626fcb8aedad27650abd49fc359120cac4ab58c5967158ae79

SHA512
bdf430e1c6e3e0b86891441350a92d4abee5aa6fff04311ba5e63876c948fdea1ac666ca19a7fda2bf452ec39de9266afe44cb37d8a4457be8fa43896cfc5355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a4070c24eb9cc97425a743ce77f0e351

SHA1
9da13b42c8a24e10551399c784736fcabb16183e

SHA256
7b4649995d0ad324a5d58c21cc060d157075a934947c0543aec180622799aab2

SHA512
ddf7dc327a8c3c6c7ff2358b4b00bc80cc49a58e0d5b1d6738842819b6fdeb0a1c3a32dc418b8ba0d85275196ef1f4657b8caae5e1dea935088b77b7b60085fa

Download Submit