hxxps://github[.]com/arctic000/Roblox-Cookie-Logger

Resubmissions

20-06-2024 19:38

240620-ycm6xsycmn 7

19-06-2024 21:07

240619-zygrps1gmd 7

19-06-2024 21:04

240619-zwjtaawcln 6

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/arctic000/Roblox-Cookie-Logger

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
58	camo.githubusercontent.com
59	camo.githubusercontent.com
60	camo.githubusercontent.com
61	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
3372	msedge.exe
3372	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
4828	chrome.exe
4828	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3372 wrote to memory of 3036	3372	msedge.exe	86
PID 3372 wrote to memory of 3036	3372	msedge.exe	86
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 1696	3372	msedge.exe	88
PID 3372 wrote to memory of 5056	3372	msedge.exe	89
PID 3372 wrote to memory of 5056	3372	msedge.exe	89
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90
PID 3372 wrote to memory of 4076	3372	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/arctic000/Roblox-Cookie-Logger
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9078a46f8,0x7ff9078a4708,0x7ff9078a4718
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12197173226530690456,7151178865433901316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12197173226530690456,7151178865433901316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12197173226530690456,7151178865433901316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12197173226530690456,7151178865433901316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12197173226530690456,7151178865433901316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12197173226530690456,7151178865433901316,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f97eab58,0x7ff8f97eab68,0x7ff8f97eab78
1⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:2
1⤵
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:8
1⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:8
1⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:1
1⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:1
1⤵
PID:640

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:1
1⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:8
1⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:8
1⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=4648 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:1
1⤵
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3188 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:8
1⤵
PID:5460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:8
1⤵
PID:5520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:8
1⤵
PID:5556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=3204 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:1
1⤵
PID:5852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=4068 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:1
1⤵
PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3208 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:8
1⤵
PID:5556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:8
1⤵
PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=1880 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:1
1⤵
PID:6040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=3160 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:1
1⤵
PID:5204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4772 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:1
1⤵
PID:5672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4088 --field-trial-handle=1912,i,5084664077835665925,4129862016283207987,131072 /prefetch:1
1⤵
PID:3164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
69KB

MD5
921df38cecd4019512bbc90523bd5df5

SHA1
5bf380ffb3a385b734b70486afcfc493462eceec

SHA256
83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f

SHA512
35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
326KB

MD5
40e01c775b4f150dec2ff43bdf0f1816

SHA1
29cc0f7eb904aced209cec12ebbf8e6ab192da53

SHA256
4d21e64e043f3f03c39754589e8131f993de6565a9da3bf86a21c205e37b3ca0

SHA512
c868ed04136d1c38c2d4f22f7c16337532fa1b62a3da413df9815ddeb2fbd5a5175d7987beb796193a4e812a679c117928c97a4e87042ce4383433ba479b923f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
133KB

MD5
c9c5c1f1ab9a50624a65b61336b2f8ef

SHA1
600ef0fa0cd426f7ec2426f4fb13779579642103

SHA256
b29b94cfa8c0984b3e4e9cacae2db48bcee27038f1748d4a1fd29d35cdcfc1b8

SHA512
bd914a5c76990a062eda5fa8c2bc584d2ae73c2cd1cabc449492fe9f088d3ec12951a75b1762bfa0396481709b185f13d9e04da3263fa3c3ee58d98663ee08ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
36KB

MD5
b23078951d91c38ad508e190a81517a4

SHA1
8dec45198f7dde8f6f30155817b7b03ef6eb570c

SHA256
8f951f1e047ce385bb4a999785def042031f72f3039ea096c677393bfa918749

SHA512
18da7c34c40298ebaefc6ced9b0b4769181addc85f192f258c70ac98b0275119a4e6f1aa938ed779fb73c9037036224a8b07dea403b9a5071996f2e3fa759e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
48KB

MD5
47b6e3b9a667b9dbc766575634849645

SHA1
54c7e7189111bf33c933817d0a97cefe61fe9a6d

SHA256
302ed4f6c8ac4312d71205603c4c28dd2976fafe4c05533c0a08ab3bdb531aa3

SHA512
a12b74ff45f6f9e6abf459863c299e1fafe61dcf2bea8a7331ed9547de14ed29e2deba69b104c6960db93b458f83ba6a4ba454c5514105e7ffb96da96e26e612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
20KB

MD5
357b4145c3264fe69f8c412e823adeed

SHA1
5fcaf1043bb72dbc719ce56a173b3da59db7ebc9

SHA256
4bf695f9d9be4d4e815594d2b7443042ec14e4dcbaa6d35031cc0420b8009410

SHA512
974c8b0220e6490324f5eda5590d4a895d7d67b87414ca1124dd01ac92e3bec033623bec67b4441fd6b69bb9034d4ee8210ee0f92fdf0a8efb6546e62ef8f7fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
23KB

MD5
082ea42c1aae3b695989f4b6f6eb0dc7

SHA1
1918fc9585b161ce79c29ff6d2fec39e526a3aa2

SHA256
d87bcc1cb0e666b8812da126e6e308529997c88176123920942b43efade7bc77

SHA512
e6c7b496139c95c43e9af3fbd3b6b4a90a206506a3f823c7003fc42585a404e0323ef85ed6233ac208c066ec528857a8609c36ec6c749cec0702149de2c6f69b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
59KB

MD5
4bc7fdb1eed64d29f27a427feea007b5

SHA1
62b5f0e1731484517796e3d512c5529d0af2666b

SHA256
05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6

SHA512
9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
56KB

MD5
1436d5babe5b5f7602c9e2397795c970

SHA1
66bb3b729d67bd62aa5d9e0a0d5437bf7300ae10

SHA256
54c411a804ddddbc6af10e96b145b788ef3da9d7ebb53ed758d0948e44d99ed6

SHA512
c17068afb00487eebd22939fef3691f19d3225c5be532d764c2a8a01c30a17c9288af7924cdd4ffc0d0bf35cdcf30656d5530f6eb2126b91d217ec89de16bdc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
130KB

MD5
b61b5eac4fb168036c99caf0190ec8d3

SHA1
8440a8168362eb742ea3f700bb2b79f7b0b17719

SHA256
3c495df6db16ed46f0f8a9aff100fa9b26e1434016c41b319f0c1009b7ab2e1f

SHA512
cbccd3aa5a1bdfddba5cc38956b5523a422a1151cdd0680336ab94f07aabecd1695062a0953c32c8209949ea6a4859c625c6deffe5108e8d5e48290017e51874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e605ede061886d6c67fcda2f647f901d

SHA1
9ff8a4dc597d721d058e65defec8e977db4175ab

SHA256
36c6ecefd3bb24dd19ccc0ec951cf0c6a3338c3a90af8c92d4f1b83399d1fa13

SHA512
91b78858ad6fdeb10b71311fc8c46d29421f45adcb7b856dfba1ad7d05b0b07eeeee10fcf245e2f879fa11ba19d7d916ad9d54416251949d47f3a652ee7ced65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f4ed323d8e4a4c8a42d12277deea98de

SHA1
036c39823b7f412010f69a1f2d4ab6180af97ba7

SHA256
cd6db4be5e42969eb03c75f5a02295e1bf7d9f6f1e3b0383db92fc42547d6b68

SHA512
730da255b4f14e2f26bac0c60f762366d4919b36183990f3687c0210188c0338301ecc6be59362e7b81054c2d0b334d3185590f8ba408cd584d52c38ea34b295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7c9a174f0ffbd27ecd4c3a51593c8ec8

SHA1
249609a08944f31c874becce927a31a8f1dc7dcb

SHA256
2f02605d7dbac6246200c90208d49a7b0f8e812439035a03e14832330de2d439

SHA512
ceedc934348f96a6fbb582223033846e829156eaef9b5524569d50da0ddcf53f14c89f30c85292d8eedc07104e3cd380b2462c333bcd9ebfb114730df44fbed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
49ab9a470615508fe19f55c060299b86

SHA1
8080e4cf97e0af016111ea26087ce23764bbcbaf

SHA256
d7996375b9de40e4538626d8990d61601b68089ef78c5674add2075e99078df3

SHA512
ec8df2bbeea3432f06b6b5230b9848268eab51d4ab3b44c7227efbfa5e287d89430912ef75a82f025dc114e054f2a989dd922674da2c52fa2c4b58c954fd8441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bae8907e77075ae1660d1539118876a2

SHA1
5896a19dbc7922f11d60077692e71199278bdffb

SHA256
22eacafe00dca31c898bb56216bd52e1b02e1a372073aace8830a3be02c8779a

SHA512
a22af3f72112afac19313972d6247c04c3cbabd4cd68f2cc1e0a57978b1e67925f6a5f7ac245f69896ed92705b5e66c665cdf767a3e456d86031e037017b4c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b8ef06eec340eee264268b0cca0a3d1a

SHA1
319e242a88ceee7a87cea760215b0151319e9421

SHA256
a79530e0d108e3582d380466498d88d877e4dbe1542d280d205d594ec01cc29d

SHA512
2f74f7c3971218dba729d0d7ec2db5b3de1b5b8042b4056ddafc5008f0c852baa978639502ca24fe2f31798a9b3bcf06e6de1fd87d9363919129b9aad5f2d0a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
be567106d3ed4c221f14e5fcad127a38

SHA1
92a7ed042c51e095f6cd371088cd0fdc55f17e76

SHA256
55ce28f6a4a6ba0d109b1e96936a72e7959a96e0e214c4890446478f4414eb6e

SHA512
e57257f5fed4db1988abee473da6eec2769d1cee7e33e08c5d052447967f20ba041665f677b5e4abe4655f82861fd2e4056d93eb1e414d8600cecfbdc283589a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\03315b53-04ba-44a7-a771-689c7e362ccc.tmp

Filesize
6KB

MD5
e2c1e348b7e79fc27d6947c88b469f1d

SHA1
390c1e6832f3dcb8227df6fb909ed5da108f30d5

SHA256
a70d8f531c98a47296fd05bda1b9ede5d719a1e19cedb74fadb289d3b3c79842

SHA512
92bf1ecf3f5ad8ac054bc1de633c29cf6f2b0cdd3c82a86af68186b922be13673a305ddf35730ef26f5d4fd9b181ca61ff1323282a511914d57d1a526f4d51b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
60a617309260b25b4d62e7658e862d50

SHA1
5169fb8b4d8c8e9823db080833a32345faac81a9

SHA256
b16bdac9d592a3f15522342510b1a11d13128b7a10f01419134a10746e2a0b12

SHA512
27ad4432bb5279773d4e80f024413b674f62f8d5212a8ea5c1c9970e8c9c4beb711fe2a369b26035781d22dd1f1d6ca1feb501b462db784e305d5a150d07d4aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
580B

MD5
55ca2347f56ee59b4af82dabbdc9756a

SHA1
886d09f12f7d0770ea6138c38a4011a3f0e688ab

SHA256
af5e8f602aff1451fb7af34fe41b41d24c38a11f0ec8b39b2cc37def30cf8f44

SHA512
c3f61f29ef48ae6ead1013c64e6d10f840face5229fa08e1df02450fbb436f652b7fc19dede34ff3f349ede87af3a2cc2b214e54c96f06f7f3ea4e87c231ee71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7e780d11db2915b851e716300b05f5e

SHA1
9ac0d3c6463a3651e808324c8f7f6ad40d1d32b4

SHA256
4a1c6f741a1bd36a30f51d334bd520ec086d400e3c5ed5c7a819af7c1d11f0b0

SHA512
13ba6c1be845cd987e2a4b9aee0561fb87bba300e07864d2d8f9196a530079143106bbcf49eb597ae645534b59b4b91148c135f19424abe3eae3106e7b056f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4761239021a9db3a0d5ef11ee723c11

SHA1
a2d1aa307a5482fb07f54819c166ba383208945c

SHA256
2d008c66cf17d8b5b1126629e58f0dca0f76f82841230cd83f6df21ebd74ee0c

SHA512
488e13494ddaeabe9445d9c8e35806b827ededfd2743fb233d85a5446155397119b147aad954b9ad5ca28bbd2cb3a048646eb29a68892fc0c65d589ebefc1f34

Download Submit