hxxps://comfybox[.]floofey[.]dog/resources/brainrain-darkside-digital-insanity-sony-multi-keygen-v1-7[.]108/history

Resubmissions

08/08/2024, 23:09

240808-2492jssbkp 7

08/08/2024, 23:06

240808-23pdfswble 3

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://comfybox.floofey.dog/resources/brainrain-darkside-digital-insanity-sony-multi-keygen-v1-7.108/history

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
904	msedge.exe
904	msedge.exe
4528	identity_helper.exe
4528	identity_helper.exe
1864	msedge.exe
1864	msedge.exe
1552	msedge.exe
1552	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: 33	208	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	208	AUDIODG.EXE
Token: SeRestorePrivilege	4992	7zG.exe
Token: 35	4992	7zG.exe
Token: SeSecurityPrivilege	4992	7zG.exe
Token: SeSecurityPrivilege	4992	7zG.exe
Token: SeRestorePrivilege	3520	7zG.exe
Token: 35	3520	7zG.exe
Token: SeSecurityPrivilege	3520	7zG.exe
Token: SeSecurityPrivilege	3520	7zG.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
4992	7zG.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
3520	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4736	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1168	904	msedge.exe	83
PID 904 wrote to memory of 1168	904	msedge.exe	83
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 3876	904	msedge.exe	84
PID 904 wrote to memory of 4648	904	msedge.exe	85
PID 904 wrote to memory of 4648	904	msedge.exe	85
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86
PID 904 wrote to memory of 992	904	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://comfybox.floofey.dog/resources/brainrain-darkside-digital-insanity-sony-multi-keygen-v1-7.108/history
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe746446f8,0x7ffe74644708,0x7ffe74644718
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1984 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17803143401535822445,3190000059370062776,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:208

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4240

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap30430:72:7zEvent960
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4992

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4736

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap25002:72:7zEvent27850
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
1a7ed9bb8d7fea3bc64f368785dcafe5

SHA1
f59e527e431524d34b544421f8313d9dc7c2c58c

SHA256
7da32e9ddcba28446758579b3ad24e49554af22e2aaaecbaeb90f7b7458087e2

SHA512
4cc0f5bb53aa79b7fd47c3a96005535efb2e565be4f11755511f9276bfa74dd3095c201e4382ba61044cb310772d8f8187f8226580ace33671509c1a1196174f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
73112fe8b2650a69f1f433d97d7b36d4

SHA1
6ffeb1da7cecd822488e16c4ef7d27d9aa0a5279

SHA256
87798f28b8048bffdc3e4514c881c6e44e24222a952bc60928a0223a8b829645

SHA512
75ec78e1c7b812df7348a6bc6a546f9323b1d87260e0dea7afb11cd45b739edd3059acbf9d1e24109daa7f97d0f43fc5a64b4d69f91b201fb4b29d5b4fd99bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
856B

MD5
5ddf566c5ed1a0bb8bdac4ccaac07afd

SHA1
6b819cea340c73b6f4f8b3bef43ef2b2e4158d77

SHA256
352a765cbaf49934668f326b730cb7fe8dd2598a5d2ee59b79b401de264d38be

SHA512
ad63572c55944465769435362205049cc3080a86a8e33756949b3c4b49fb185542c75d6d0c3e08bbb80cd5a6b62fd4db26a651f0f95edd2d27008775f7e5e763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
275B

MD5
47b6c15735dd02cc6f81628c84301106

SHA1
606df5fa048a4fe60d3d6389be71d23426a63685

SHA256
a970fb39596a233ee1513aebfa9fb9b09e7b88bc7300435c8f773d1bc44c0607

SHA512
dd8f3aa5d3f2e4189b119077de25cb00d21a1fbb079127716dadf874727e4f5756e7984e7448da5d0a2195aeaf237c7f8a17b614069fe59a3c2435d5fa85af65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f17383c31063114b715c485f3553a985

SHA1
adb3a8bbccd206839966113fb7f0c9c78756adf4

SHA256
ad6c1f1907a2ba0095c7a41e2c0f21bf594ff7e753a42f159fe6377db4b85ba7

SHA512
1ebc76dd0190e8476a986212317d2e1f7f6e672859c7881cd7b878cd24f6b5423293df545e67a33fb4e28cc6223289b65412cdc0d38807009cd388a34680359c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
30dea06c757ea56a1c147792be168943

SHA1
0dda859940a93022cc605c29d379c6b686f9c74e

SHA256
5dc235bb2f7a01d42dece0bcdd2c3cc207efede0cba8471d1386d4f464a83143

SHA512
a8d6e132cd6bb1b3d1b11ed939304eadaf7b6ab230156bde16a37ade6378c0fb4a16cf2ea4f913dfa6aa9c46736d6539f39bb52626b33e40eb952649cbafbaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8695a7b83b722fcdc34fa3db6aa3c5c7

SHA1
324906668584db619718e32b43b78d155c73975b

SHA256
5a3ad91e9ac47702667cfd4a7f349e5bd828888eed76b40b9638fa7adbddc31a

SHA512
b78b9bf73325efa9033cb4d0154e5ab6c49cd459d7fbb6b2d24b941a2feebef4bdd370e7c37c36cf86ba0725e3bab443481335307ce01447bb2b9ab4faccac2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8893345b369b4a402fe0bc8ba99761c3

SHA1
09435894da6908fb9808760cab02df142f008255

SHA256
6f46f93fb9941a56159c3a2d11a48530c15fe5523461dc856a6a52064f73f235

SHA512
af7794eb275409651633f7d39a207368140a7dcfd919b591c927f106e72a38d02675b3fcc6f5ecd41c944fade0a0932c276b64eeaba8cef5d62f31198ec6576f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a76ef3d8ab5a54d0719b4e40d3fba3115a0203c0\b0bccad0-ef45-4a7d-8b54-a20ccf694ece\index-dir\the-real-index

Filesize
72B

MD5
44e4c7a78b14347882f7bdfe5a8cfebe

SHA1
ed45bc566a19edd56a10102e4f4eeff2a8b2a3c5

SHA256
63cd03bf1a9dfa7c88feb66bc408c8e1e9444ee05632ab21877a08dc6f78b367

SHA512
0c85bc08e788c97b74dfd4da2d19f645f178e2901d236332acfcd9cc8a816b1fbd368178255e9d5146b66f25ef29e2c03b2b0429584c129b7834532658c23c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a76ef3d8ab5a54d0719b4e40d3fba3115a0203c0\b0bccad0-ef45-4a7d-8b54-a20ccf694ece\index-dir\the-real-index~RFe57e6e5.TMP

Filesize
48B

MD5
022a89aa5baea702fb032689b16ec8cf

SHA1
d3f32c31d1c061659204ff238db74f6092203d26

SHA256
0c2da715207153af6c96a35834b491195cb79a366605b8ce521e52735cd3da5f

SHA512
e4c6bf759433c32e4c1b7dfd0308ed6b4250dfd7000c43b9f2f8a9443cf0e6d6532d44ca038f8892d59aec159f4166f2677fb97eadede02d55ff3dbc30e9ac38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a76ef3d8ab5a54d0719b4e40d3fba3115a0203c0\index.txt

Filesize
96B

MD5
11c911bf473ff973596831b213c82506

SHA1
98d4f2d9684982a2811dfa202ea5e0e4f7815870

SHA256
c6d899a2d4394cb2d07dec862dfe86753fdfa74702fa9f99356a8facad108d42

SHA512
24063dc652a52660551e009d319265a9e6afaedbee14f58194b33800bdba7aa17fd1b2435d636d6e0e69a42d769bf8385b788425d765492024250988240cf31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a76ef3d8ab5a54d0719b4e40d3fba3115a0203c0\index.txt

Filesize
90B

MD5
7cb3f88d54088f21921e75d1f989b7fe

SHA1
199086d8cbd31439551f2edabb3b22c3b8069ec0

SHA256
956d40b4df57009a6ff290da7e6df3e418114d2ec3bde1923906270259f1d407

SHA512
70409c3fb83857c44e6715aec288818b8ca856d55f852a5fd4bbcf0d3b966a44cbcb3c4730c879e1aea620311b77250fc0a91d806ddf4fb7ed33539533866f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
9KB

MD5
37891e3f80c2ef952a883318b097967b

SHA1
97529a2a9ba58f972579173ea9b60c594b875292

SHA256
545cedbc1e00e35cc96685bb2c53dc19962e930cf2088cf09bdf524c5c765317

SHA512
a453e10dd5ffd3901d2505a7fa00256860136d2542107e1d53cffdc34385635b39b9b61b1d6b3db9b88b7214dc6631eb6b185c4794312e466ef0c87ead0de379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
8KB

MD5
4bfaccf711ec8582d301520f5eb811b9

SHA1
7ba2af1e31d146bdff4f496168705f75bf37eeaa

SHA256
257d885ec3187f78e16f154601e13484724ce125df6bca26255889a346ef05b7

SHA512
6f5fcbd119f1258e6007776084c61e704723a999be17b6da695762553475a8c9190fa9395badc4eb5b32b1a69390b3c0058bc247d1eb5f31b12d7fa8a1edbd46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
059f7039155002f43a8e360bc83339e1

SHA1
9c4bcf28605d80d0933f7334478d77aa3b105ef5

SHA256
3abf6b125c1c08296e096d7f072233583c877129f9e8c9c8d0cbdc6627d5c1e6

SHA512
7d3e6f8acbb1b30fdece090f8f270bc92a624e5e73e0adadf165045f6daba63ebb5f328c435e43d27908f2ebb8543df7e843937d35f0b678b981feabae2d278a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e530.TMP

Filesize
48B

MD5
ba052dabfeb4e5fd84eee59b3afa26d2

SHA1
63795fe06af5de5c34368aea11a16c9464448652

SHA256
215a5220788c653f00d21f16bf04f48482172abe956f7b5981eb0165d6e495f8

SHA512
fb014d116ba29a55386abaa404e85eecf641ec0d793928c83a9c56bcef6346f36c0a4533907738d6cd7ac3f62d76c9e3035e8484fbd2829b3b21e89010d97ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
95832608c95d6894a7297c2abe038335

SHA1
9b40d99c1a3cfda281886669a9b7569c1efe7739

SHA256
d62b8635f813c7ce7076eae12534a6b77c849ca1ac4719adb3475186bba65369

SHA512
438d6b4b1c49ca3dcfd7871f00af936045a60c36f74e4861a5b4dcbe5a7237226c5c7d8187aebc026b34fd399b1548462082c1dabf24b41fff21026b741eb494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
c0dfb4c457d91a4847f56bcd67680dcc

SHA1
50980fa98d7a7d764898fbbe933fc3311f286ab6

SHA256
a71a618923bdf4b974ac7e02b8bee928ee67ba10f77087fd63567f9e53d13897

SHA512
9040eb34b8ac0ab400e0b4a561a6a6f7d2cb2282a462880ece016594439bac9bed009f3ad0b76d70c0d234822705a9f2257398e6e0ca2be3f345ec30589e043e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
5383f69560dd3780f4235c7928aa2882

SHA1
14605e74b9317bafef72287937a77f11a1e1a48b

SHA256
6ea80f25e280fbd76955514a7992a879369fdfdc5bf37d63aa11015973945b10

SHA512
661c0f01e74f51ec283a13fa84f2980e06aa1b814863dda94b2499bcc2ff83ce5196e39832c4b2c61fda69bebd00e648a4b0b7e84e4baf926338c687b1d63fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d306b198c0f2e69ee77e8ee91781dbeb

SHA1
98b26d973137611e7a754bc28c401850d566c8be

SHA256
97ef6a342b2c95e541ed6495a748374cfc6b15b099e4db304c9535a52abc8310

SHA512
a75b1f886e52fae3af5bcad650436e7c0c26156fac525edb7eeaf9152ad1d26c6559c69491d24fd4f4fb0e1244a36432386729eeada66c76ce3268e79f2f1ea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
3f94ff751651a4eda4b94144caaba61c

SHA1
300733ba8abb9ff9de62497b8ec68c996a5d7244

SHA256
441bd9bb6602ce2871017c5c182d92d4cec0efeec627d5412b3592eeb9b524df

SHA512
01422b26eabefc8675bc79377ac31b5625a6e1f462ac95c6eae0a931162cc4ef7be1448188b868edd9e50bb8df3a3397a46697e32539e937080a51484e347d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
3b90d73515c052fbb62a3434d676bc19

SHA1
6d33abb472cabcf5a669e877a5650300a96e40a3

SHA256
e3ed0f03c2abcc727cd050adfd403a1f19c82c9db01e7d149602029d9d32fbf1

SHA512
974dd80598f9db90b0608341f91377418b13fc6c95b78aad4b2cf85f8cb0b7af901407a21ba8702241fa5070d0cb5b38fee35766242fee6f53f2083960f4a130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e6a7.TMP

Filesize
203B

MD5
7ee852089c28ec3a03fc7b89eaaf6672

SHA1
ad14ab5ec0cfcb7ef3687d2e29249893a603fe1f

SHA256
ea45fdcc5e03db5c50102ee6cc7b2a7301acec59dd6ec1554c512ce85c76425a

SHA512
4a7e21782b70ce4bfcf7bac81bf17bdfebb2080cba557b93ae3eacc2c745f95881facdcc34aec913b856912032afca15f23d1002a9f5a7564f94e941f1725c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
71812c76aab099ab3ab0c3552aeadac6

SHA1
91acdd7f8b279cd2429ef4d7a3ff3382d389d649

SHA256
eab3a2492d06e0d6baf3f7e4d56376ec40214b74e8a2bd7183ad5ebe38ea6b5a

SHA512
24561bff57e341b1b0f5c2ad70797c3416b5ff5642a11217eae7349429aba35d3833539a526e2ec16f66662aeba91751f6c01ef998188eff248a5d59953a804d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d07a21fe44ec4818d488909344d7f4a

SHA1
ff50a1e433a8c150efca98238b11d12c1da78d61

SHA256
85889de0bb092b56c3299955b53ae8e245c704777ecacba4486a83b7bdeb3a6f

SHA512
be45d42015d923281b27f99b92592fb2cc006ef16809e5a1ce996b8902ad335d78b0696c1edd847496ed7645376ac305ae5aeb2bb2490d9f5567ce61de21a179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f47633ecbab6c93819d9fdcac054f90

SHA1
b85d6bac45b0ba3880451474ac3d7d9e1a3e548a

SHA256
92259672c08319140db141004ed1400ce748af15496e786d8c25cc5faa69fc6a

SHA512
5395876170cfff3265bfc024ed99b33d3a486d8b5a31b5aa508022ff974e7f86e6bcc6bb4ebab6daa95e0bae5d74d1a602590a6c411a015254b1a9a65c8c8524

Download Submit
C:\Users\Admin\Downloads\Keygen.7z

Filesize
194KB

MD5
87c74d8b2bb383f8a889791576636405

SHA1
5e579a7e532db212cecf0ceb4554aa5ff1571e08

SHA256
a440dc7221aa021aae6949d5c639281f776b1d014e6f47c39ed7304ee6a532af

SHA512
7b17343fee6184d3a04da32ebf31f04d4ade30df27cd095ca103772e1d314f044f2522e947db9f514d78efc0ab8caabd9aef569ecf65cd3ba227bb73ab7f18e3

Download Submit