hxxps://www[.]mediafire[.]com/file/7u10t1dw926jjv7/LoL+Script[.]zip/file

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 16:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/7u10t1dw926jjv7/LoL+Script.zip/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1172	msedge.exe
1172	msedge.exe
6016	msedge.exe
6016	msedge.exe
5628	identity_helper.exe
5628	identity_helper.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 1400	1172	msedge.exe	86
PID 1172 wrote to memory of 1400	1172	msedge.exe	86
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 688	1172	msedge.exe	87
PID 1172 wrote to memory of 1916	1172	msedge.exe	88
PID 1172 wrote to memory of 1916	1172	msedge.exe	88
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89
PID 1172 wrote to memory of 2532	1172	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/7u10t1dw926jjv7/LoL+Script.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd0d146f8,0x7ffcd0d14708,0x7ffcd0d14718
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7464 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,12751354774218458563,18095529381350145555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\573023ac-5845-4d76-8a6c-ad116f1c3317.tmp

Filesize
10KB

MD5
1e4aa8c03988384851ed0ddc023223e2

SHA1
e961d6de72474d5210b542cabfc2adc469616b5c

SHA256
155d35f2fe9ef11b7771a21e4b277e754128a0a77dc05d00b5f18a6e092e2ae0

SHA512
664d90d31cb2a43a2d843ad0f8dd275abaa94dc7724894a644176fe5658e34b541cf890f41987c2bf7ce1c5ed906bcb1864e22c3c15075de5ae7bb24e819a30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
20KB

MD5
4a2961dddc7ca6732df1c0646aad5129

SHA1
ff0b7265d2bef3824709ee3000621aca2d2c8724

SHA256
58a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597

SHA512
82c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
62KB

MD5
f79882e12fe87d482fe216d30ef3c93a

SHA1
e3031f2d694529705d8634b397815cd907fec24d

SHA256
c95d79ddd197080d143fdbaf458ce6d653621088f2d16827b3037f4417a32f61

SHA512
075f20268aa1b46fd322da5220b1705e42076d6ee681417bc95d5e900c6ed9929eca102796757e5db387db56ed2e97937e074b5af75840e55b018623c0a845c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
20KB

MD5
138d739b71a8bb3d57c7e63dc5b14be8

SHA1
d99b088667be58ae3c49da6cb5cd2ef1dd85eca6

SHA256
40868120da668c8a478a172b7a719e1415d7d0b59e999ebd76b6b6338a709f9b

SHA512
d6dbf38584ff2ff89b5ef7512202337128b2e4f4c19d6b2bf47419e6cba66d13fd897dc1cfd5d22322bf7ca4433b833952def01dd3c8e8d8ad8125bbedca22c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\43e8c24269a5c82e_0

Filesize
54KB

MD5
3fb16a9287762ceea833e36e3ab57e44

SHA1
6cc643240eb060c8838cd9b79f5e449f1002fd56

SHA256
5aa3f2e3f570186a009ce7a5727b2497e28a9bbf212b68ad09c5d318437b2455

SHA512
cf818a49cd11f1b375e75e33da32d2ef55a4cde3221c10dae9a36a590f46c4ab3ffc8d8b3f1acf52210e2e1b30ff23781fb5d06e5ba7780c90e5108dcf345717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
ade5c38eba6fd50824749aa3b46504e2

SHA1
fffc9bc69c686ef00adb0547167f07171cc0db9c

SHA256
94e47be1d8615541ecfab12be01fe7cb9d48c445e982ac11b67b92c0c00c49de

SHA512
53711bfd38e7301f99b42141178ba4e86fea73f012bfe99d99a5a4e2ec35a7b6177ea5dc8ac6f85e5cf85bd41005b3f9009f2638b24d045f55aa6cf13449db7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a9b1305815b327ee60068a7ac482e5db

SHA1
05ad71ca4361dd6c27e9c2f485ef2a8d60f06f75

SHA256
3c5565df7224641f84d863d6ba01c5a3141fb06bc6198b0b5e634bcaddf0a847

SHA512
dc9b7c0138fa9683bc6618f1fb7e674bad76154c068a5166c8c539ad59bdadd79e244e6d265987014dd6188969b481378c220b01044b969bd60f3c36a38e0fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b78fa23552f30f958a2a31003c92c361

SHA1
b9f6e368d9fa79fe5f896f7eaef7f27d85057d4d

SHA256
9839536e9f76233498929c2eb107abfeca0a392a03b5a1e6f83a85952eaaa6a4

SHA512
cf1c2b2f32055ff96d901cf53acfc27693ff0219cfcccfc477c8ca19f512ef577a8907ead4e8983a285143508aa8cc542099ea1edb894324b3694362fef56e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
f1cb49b1adcb7bfbd106a5f0d1d56b42

SHA1
a70f6049b62dcc716776f7e315b7bd3f6b49a9c3

SHA256
1dade341b4e5fb3fa7cdd41b77837c8862094a5a2d2df670bcfea80bfa85a4af

SHA512
3e775d314684600219d4e3d7a9d1376d230c2e0f05f92af08831cb4b8f38d22c494b23ea03117a82d3da1f00fcf71de5db6589351aa9bb3d1a5dcf8ed3dcd34a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
982aa5fffee5d23626d891fcf45a446a

SHA1
2e95ea35e7a6f491759ee53427facd173aeaa18e

SHA256
77cc087b4c938d6f42ce6cf32747995b32bfcd81bd2b7e30d0b73309272fa3ce

SHA512
c32072d743e3d470cee705c0e661a4fb704947a60a1b69671e7818b75ae41c9beaef45305e4892a27088524725602068735aad649a0ac2a5bd1b0a8233de0768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0063c6ed1f1965e658a635304392c3f6

SHA1
4cca8726d52ec6e2e1db850d05ecd7c52e7b30f2

SHA256
93a5d53be096aa9e8bb5a43948ae40946215df182c4914d3d8318b81c5c2228d

SHA512
b5f933e2a6db9624b2afc281a7813bd8c11b29934d288ef33ae323258041ab8f837c5b084ebb7df3d9afb76919321fb284dacd16f95cb82e094482e0393f1ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
877e437179ed9e80a7b81ab4a044bef4

SHA1
ed1c38a9572ec455099f6ec5e627d18710608dfa

SHA256
551ee1232c358fe261c150fa0f3f2d4239a2498979f2509413ef0b4dfa8c364f

SHA512
6d014731cff01bbb67c133cd1f717d591c05b47a9b1df394862e0f33cfcc3ede59d6ef6604eef56a8c9b62fada0fe50ab7f244d2499a938c1bddd8ed01d443a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5d6ce883e5849f63d43226d0f1519809

SHA1
b8fb1ae0ab3ef8cdcc9d26f5daeb242552fadb55

SHA256
12afc2a7c1bbd52721e918cbd14b847c40622bfdd081b8e4d1fad3da06df1c79

SHA512
ca7937fdee9f6f49c4abe7d33a2ed53ef8e7a7eaf2fce09cc14e87f96f1bfae679c8dd4ba4ee970bfb0b7cf8b5ad3eafd6373b0210edb7dcffc824d62e76f575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ca4a746d0e34fb6e53a0f70a2c3c4262

SHA1
82b428da298340f9c1ea71ee75fd0ab12a013480

SHA256
c0fc7d8d6ebaa16c64cd408a2bdcf9ea6d7a9b3e8a7e27c4d7e66104957dda1e

SHA512
1ee0f1298549cb5e2639fd9208bd1172d5a3fe5c88173dea93fee6e9f4deae799adaf3ce2d30bc2acb47848a251f600530feeb5fe53d9af2d495735d3d1a459c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d66a.TMP

Filesize
2KB

MD5
4d9c785f6d489c38598bd3a66ddbaf19

SHA1
d5d99a045d20de033a1a29e540c5909b6589ebc2

SHA256
6cecf438f81538199deffd03920eb0cff58db8af460bad29d1554f801e4b5162

SHA512
46ba569d2d8eabc096939d1963a8717fccb83666c8c9ec8e850bb90a0b82eaf32bb034dfb8b519a69c8afc6efdd645d993736cb946b223a2c175902c98f7b80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f85bddb7a2c3e0df3915d813f5de8d2

SHA1
a8067692452530d1ff4a79d8c13a83352a401dcd

SHA256
e80fd357339735a91477705abd384182752a09c1d748bbd4a7c36bb4eb73fdc8

SHA512
b9493369ea63f49e32819bcdcb36a05c21557a498e23ab0199b88950a09a77701587b3b8cca7e5c3a01fc67a7b5da2f0a8eb5648cb38629bf9134a9d2c9d8271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cbb4c1eeb676b0091e9b32a0a7187db5

SHA1
983da038e82f7d72a339a314eb69e11061b215e6

SHA256
2025c08d2cce855a3b092d022cdaceea6b28965987d4eff47eb05a0f2077935d

SHA512
cc5046ec3ff4d4ec89d97fc59074afa70db2fc82fb29fcb3a1b9e409b00afbcab2ae4ecad9f87f4ecf84405145ac5b93f27743a2587b81eb01428852df9bf7ec

Download Submit
C:\Users\Admin\Downloads\LoL Script.zip

Filesize
3.0MB

MD5
6b248333e58a43baa6123029ed332bf8

SHA1
cf569e75caf129d3ee47aff113cae2c3a7fca024

SHA256
1827eec2d8af33c0bc4c7a42d108e21f21897c8687db4b25d39227ce7c5313c5

SHA512
83a6d969c5e786260a951c90f4b16b137c0d61b8e0805799290f74a90a2ab4b6970833cbfd52a2beec2795991698da373b9b82539b24c1423d4958df4cd0637a

Download Submit