hxxps://fatal-fire-studios[.]itch[.]io/fap-nights-at-frennis-night-club

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fatal-fire-studios.itch.io/fap-nights-at-frennis-night-club

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
4896	msedge.exe
4896	msedge.exe
2356	identity_helper.exe
2356	identity_helper.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 748	4896	msedge.exe	84
PID 4896 wrote to memory of 748	4896	msedge.exe	84
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5076	4896	msedge.exe	86
PID 4896 wrote to memory of 5084	4896	msedge.exe	87
PID 4896 wrote to memory of 5084	4896	msedge.exe	87
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88
PID 4896 wrote to memory of 2728	4896	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fatal-fire-studios.itch.io/fap-nights-at-frennis-night-club
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3efe46f8,0x7ffb3efe4708,0x7ffb3efe4718
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10680246748391977655,16763009178581322949,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2cbaeb40-8bac-4a86-be02-0497fa1dd65e.tmp

Filesize
11KB

MD5
bff72e88967c75f619b97dd386eb1d5b

SHA1
7b79a75f1d826c0a64f27a2a9027e1e902b89c58

SHA256
ef6569c280c75241d6bfc602d61a17b931bc8773670d559960682703cc99abcb

SHA512
fffced4fa47ab6cccbea675e39aea320588cba96bf1392f7bd64365a8479c82d8ed0937a6c54e0b134c6c702c4c3e4b6f77fbddbd19e407c59f38da3292cf4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea9ef805116c4ab90b5800c7cd94ab71

SHA1
eb9c7b8922c8ef79eef1009ab7f530bb57fbbbea

SHA256
bff3e3629de76b8b8dd001c3d8fb986e841c392dfe1982081751b92f5bd567b0

SHA512
8c907d2616ce16cfe08ddeb632f93402e765c5d9430a46e90ab5ea32d4df0a854c6007b19f9b0168254ab7aadf720fed8c68d1a055704db09c1b36c201a9b3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
347755403306a2694773b0c232d3ab2c

SHA1
94d908aa90533fcaef3f1eb5aa93fee183d5f6ac

SHA256
d43f2dd4ac5b6ba779100eb8b84bc92fc8700bedcd339a801c5260b1bb3ce3bf

SHA512
98f1fb18bc34dfc224132dfa2a2e6a131b280b25fcb516fac3bb66da2a47c7a7061124881de6fa5f65602663dc0ea71357b171a3346bb1514176943438322253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\205fc98e-b71f-40bb-bb50-af7e53bcf4ed.tmp

Filesize
2KB

MD5
3e5fd0b77e4b22e92267b68daa9ddb88

SHA1
f60d8067f9b9aeb75c3242c48bae2f04ed7fc41b

SHA256
a1ea038ded385ba3ce7968b6329e296ad3c42199432b9a87c2402d5b93419456

SHA512
beb5d23923ff9fd4092de484efee3bbb0e14d2d400cf311b1eb06d7774730e7980bfe5e0c43e07bb86cebcbda90cb3a62fd95fc9939a8bb42ff424b2368b2320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\09477ee6644d0e19_0

Filesize
145KB

MD5
e8e05164197c113b1c39f0a9991abcfb

SHA1
0207856e5f02ca4706248482eae55de9ff2a81ca

SHA256
c15d5c1eaae9bf87c19e3eda27aaa15e0a499360785c261735528810aa5012b8

SHA512
0bff615e037082b43001f5e64f8b689d4321f4363e00fbb4588dd0d0dd5633acf6ad643351edabe17ff52858f63971ce7ff50a001d4101fb2945cf37c216ecf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
fb99f0b6fb57f2bb4508a978b6610b59

SHA1
4dcbe3dc52236d8d78a0bf21a4333e5b6306ea26

SHA256
8ad66c665634224af5416c0fd326e499d2851af8e3d404ca2637d98d90ca6921

SHA512
ef805089c08629e1949d396f10d856c92f70c3d35c035106e824b1ce5077c65802f57ce103bcf0862d1b79aef645ec8b65d6fb2ce2400c3b12a2b1c09fa18ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c29175a87eb3338_0

Filesize
335KB

MD5
8c6adeffc96c3c2cbdb3db2dfdb8e301

SHA1
0d22c629502060e07cea2dbff8115f35c1396a1a

SHA256
a7db25323edf025e46ab2a5cea1cd262ffc4bb3781633504b0891bbb3ad46c80

SHA512
bc59b949b5098609301ec10a6b6258cca64ec1bbdc7142a0d813f13e8ba994a18950c638eac3bfc5500683b306f3ee7d98f1072f33f72634447cb2970a5ee7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
54KB

MD5
18bd5dd134e12444a654a6f5ac4e2f7f

SHA1
455364574b2c76cff9eebc29daa7ab2784f7efe1

SHA256
d2263e0eadf1fa5dfc4b4525534247df411bd3de313b6692466d03f63592d9f4

SHA512
4259c99e392d746775fba3fd87f14b5dabbe898fc9b3f94bd5ee2cccd969959a163b9497a6f49161f795aac980365ea005160ec4f8d55a73c03738ab0159de21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
21KB

MD5
44d51fb5e219b1110173228af68b6ac5

SHA1
255ae49b9b4f8d027e34f20a921fa18640ee9ed5

SHA256
a315d34aa3edacb082a7b9061d254c25b74c53e15347bf6925170679e47a19bc

SHA512
cfe757763c8aca7c034e2f08cd014bc64641e8daa91b33f7a06fe5158b918ae4aee10669af84446dcb2416001634d8066d1b38190e87ddd449e71421aa27b380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
8175333027d9417b147780007aebdf0d

SHA1
3c5756eed260a81be86a4bcef08190c66600d6b6

SHA256
93aba3a2ea36cb48d3c07db7e8cda979c015ec0b0aa30e0ce02a9dbce2b806b4

SHA512
89628043d198d560a43158935644111411b8945b0d417b7701d00f1084a75cdf3061e56ab46088601a8642888b2f04df57a39da73c881fb177d3d38eb5815c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
14KB

MD5
935b1e3e63b86b6489c42868942acfd4

SHA1
20ebc26e5d24a54de2852ef9ded396db5c717717

SHA256
ad959f372a422c3b2c7cc5fa7f08b587a6b0231663714f7b5d1d5a69f10a0e52

SHA512
63c2db945c7b761d1bce054b00258a70e92a9eebb18fb7b16b42c250b68dd3075813604f7aa56ee8d04d49a36b9bd73a95eb077aeb140654e4868a6d866a3ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
647fc9703ec20399d344306e0db55dee

SHA1
71ba390b61cf0895bf93ce2ce5c034e0b78e2549

SHA256
d2354f73432c9b4ad0bc00c6cb091b895a02d55e8de5292ca866e1c0b6c4dc62

SHA512
3ba607ab953f4dd1f8199ab40330937c2f4a1dc50b7e5bf85a50c3ec1a4bb915bfc6e2b579d501eed7aaf71e121d403395fab02d346bc21d21a56246092fe8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7831104118429809959d7f3492bb3c14

SHA1
83817b99cff495a9467251c10924c396a73f650b

SHA256
0389b8e40a5b4b526537a545668b7ea65328f93172f53feebad1dc4ac8eb4f17

SHA512
8b4449066c1148a036ed98f9e54168b2f6efee66d48437f8011836579e9c90d5ed78e6f12556d22a59581ea30178ca7d7df3117036bf32b035f19a393554fe40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a13457d4ba40bbe882e04bf46835ebc4

SHA1
89a58642398081870862f8296658d4503e00baea

SHA256
95ccf762028f08903d726b4850326496c61c21303e07ccedb794093f84c12807

SHA512
0bc893e05976e9e82ca777147c3cc8d1e3adc0e721f598c6e4d08c0f8e9ac869a1ad8064caf9067545667e73f52d56a1ece01103406f5be7577a02adf738048f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
078cca14b4169bbf997b4861803b1f16

SHA1
a221357ee8719c4fd7427e4fe7b6b1327fc268da

SHA256
11cabbd1bf7042ba97e2d7fe12d094705884a7b39f075e01801e814ecd68a639

SHA512
41f71a3da44c13106523b505604b4f902a0a5c37a75384b9d24f10986c0d2fd6110cc53931593ad187de2625bc4531fa8714ec5f012b4bebeda9fd3c9ad5ad53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
b9a1cd8329d38143aa1e8acfe9a19258

SHA1
6896aa2c4e884ebd0d4eb94d7997840cd053cdbd

SHA256
7efb13909e681209181de0393b37c6d27dfee2445aecc8a22e9d6a9cfe7b8b66

SHA512
3eb51f8b60b77fd5205f8e7dfd46019f57419337eda1ed632fcacc0deb3b2e5dcab10ad13d7716b6f91a6f095833e796c2b5e03328aeac001e37912d8a5e47d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
1565fc70f8a912dc065fea40c70ae95e

SHA1
61a2ea182ab709b7e60a35ec209ca4bb2df6328e

SHA256
33ad58073f5a4fa4bfbe1fc20b68f286d0248ae2912e5275d48712442b69832a

SHA512
1a6b2dda5397ac8634adbdd35d287e42fe0a811964565f992c47bff7ba2ff8ea85e94bb1e37c9e6e3ea09de6027c7210f691ebe2fa0c7539f27ce50dbcc89dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb1e41405116fd622a9942cf906bfd45

SHA1
39c019122a8d3275cac379b0613bf04c1f0c4ca9

SHA256
9a6f8873a68e05b6f6d8e0c3afc6687507601e3847f97c0cfaf4e7d97cd9d1eb

SHA512
d408f17a1937f060f59082b73e8fb2c110649c559901016008635202446060b64071d58450a9ec468abcbebe330cd33dce4d15b3e02abcb55a084cc390aea05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
9a8bde021419531699c5ec01b61113a9

SHA1
3fc8e7f9b019a7562b64e7223014192155d19367

SHA256
692aefeca8f95d46e83cd150f78d22e2120b8e583c5d0733ad11d0d821e548ca

SHA512
bb9cc1a7cc41be456fa98a065f6600f680d82d6607890305902843f4befee54660ed1b230d3db30ab6e14ba52724a95bc506dc005281c5313897d2286682bea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ca70d220ce336743e478a748a732538

SHA1
232be92b7c70701b7592e58e4e7a806bd5a22e06

SHA256
e1cbb04314f05bccf22d1f676477879406744a9935be6afa3ed4ac753b3563ce

SHA512
15f401b2141dbbc8f2f08135a02db5f74eab0668af6c5390e709fee40a0b9870722655bbbdf9923334589460140c29ebf3229836186d8df50b55d756842a8571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
23d382ba6cf6466422c1da4568103af4

SHA1
dd0a03d005a390143f654c3332ce341416e2584b

SHA256
66029702eece4f4a1027b2f22ae7b2b3d76309444015bb222fc4025b9d590baa

SHA512
1511ef75328c082c79810e6d079cc356c503dbd73e6ffc1ca3b6989a3b028810af04c9eeb8aefe0491337fe142011236aed994233bb11c5d1728a6722d2b8ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582824.TMP

Filesize
371B

MD5
92bff0e0f3a4c69b1266fb2cae063bec

SHA1
c1731e187e1cb2a8ac48b4217040600dba734fe8

SHA256
f8300fe37aa694fac9ef9c3c13df45bf0443883649a5addab0c80e7e0c3383ca

SHA512
d1ffbb42c14cf9b87504774a8ddd03d9b2ad6db45c74a4b05dc7e6aceb52b9e162728640167ae430345896702259937f8fc6c6b18e99c87436b56f997ffdf2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ecd215df962fc096fca558be4d92a2ac

SHA1
9efa478817b9114825d603e85fa6a548fd8eb153

SHA256
2dad128a1f6bfe8a1a1b998ba7d10d1aec013db7885bafa8519ee77facc3cef1

SHA512
20dbb605ea354489236bf8e68530c25d2d07c82945b878d3d66b952ec0d3a1a11ff653fab6e569b6de5dcbf6d091b33a9302d16a16c8b2e35a9703512913db5c

Download Submit