hxxps://chromewebstore[.]google[.]com/detail/roblox-for-free/hchahigddjfnomcffodpdldcelbdokca

Resubmissions

05-09-2024 21:46

240905-1m1k4szfrr 7

05-09-2024 21:44

05-09-2024 21:25

05-09-2024 21:14

05-09-2024 21:12

Analysis

max time kernel
379s
max time network
382s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-09-2024 21:46

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://chromewebstore.google.com/detail/roblox-for-free/hchahigddjfnomcffodpdldcelbdokca

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4852	Free YouTube Downloader.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	FreeYoutubeDownloader.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
19	discord.com
54	discord.com
55	discord.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	FreeYoutubeDownloader.exe
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	FreeYoutubeDownloader.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreeYoutubeDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700464230294491"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{27DBA2D3-499F-4467-8DC4-5E38F35E5D51}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
796	chrome.exe
796	chrome.exe
1716	msedge.exe
1716	msedge.exe
952	msedge.exe
952	msedge.exe
3636	msedge.exe
3636	msedge.exe
3284	identity_helper.exe
3284	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
2496	msedge.exe
2496	msedge.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
796	chrome.exe
796	chrome.exe
796	chrome.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: 33	5076	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5076	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
4852	Free YouTube Downloader.exe

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
1788	MEMZ.exe
4832	FreeYoutubeDownloader.exe
2544	MEMZ.exe
3096	MEMZ.exe
4588	MEMZ.exe
4492	MEMZ.exe
1012	MEMZ.exe
4092	MEMZ.exe
2544	MEMZ.exe
4588	MEMZ.exe
3096	MEMZ.exe
4492	MEMZ.exe
1012	MEMZ.exe
1012	MEMZ.exe
3096	MEMZ.exe
4492	MEMZ.exe
2544	MEMZ.exe
4588	MEMZ.exe
2544	MEMZ.exe
4588	MEMZ.exe
3096	MEMZ.exe
1012	MEMZ.exe
4492	MEMZ.exe
1012	MEMZ.exe
4492	MEMZ.exe
3096	MEMZ.exe
4588	MEMZ.exe
2544	MEMZ.exe
2544	MEMZ.exe
4588	MEMZ.exe
3096	MEMZ.exe
4492	MEMZ.exe
1012	MEMZ.exe
1012	MEMZ.exe
4492	MEMZ.exe
3096	MEMZ.exe
4588	MEMZ.exe
2544	MEMZ.exe
4492	MEMZ.exe
2544	MEMZ.exe
4588	MEMZ.exe
3096	MEMZ.exe
1012	MEMZ.exe
4492	MEMZ.exe
4588	MEMZ.exe
3096	MEMZ.exe
1012	MEMZ.exe
2544	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 796 wrote to memory of 1468	796	chrome.exe	80
PID 796 wrote to memory of 1468	796	chrome.exe	80
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4236	796	chrome.exe	82
PID 796 wrote to memory of 4652	796	chrome.exe	83
PID 796 wrote to memory of 4652	796	chrome.exe	83
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84
PID 796 wrote to memory of 4704	796	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://chromewebstore.google.com/detail/roblox-for-free/hchahigddjfnomcffodpdldcelbdokca
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3e6bcc40,0x7fff3e6bcc4c,0x7fff3e6bcc58
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,16096858627891857648,2045827910473197082,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1380,i,16096858627891857648,2045827910473197082,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1992,i,16096858627891857648,2045827910473197082,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,16096858627891857648,2045827910473197082,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,16096858627891857648,2045827910473197082,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4512,i,16096858627891857648,2045827910473197082,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3944,i,16096858627891857648,2045827910473197082,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4708,i,16096858627891857648,2045827910473197082,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4324,i,16096858627891857648,2045827910473197082,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:4364

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3548

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff3ea03cb8,0x7fff3ea03cc8,0x7fff3ea03cd8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3344 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,5205329909530590634,10854277872558226088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1236 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004C4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5076

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1788
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2544
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3096
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4588
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4492
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1012
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4092
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2192

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\FreeYoutubeDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\FreeYoutubeDownloader.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4832
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SendNotifyMessage
  PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
db6154aa2dada57dec84b92b66dbdde3

SHA1
81d95ad5b7a015bd321b7da4a026224f5beefaf0

SHA256
2abd86767515d0dfabce9c9c798fa7e42c06469e537c0158a65e5b2b2f56c679

SHA512
f0a64811fff4545cd8ee71318243e83138bff753f77172a4159f3f0f813c90aa26589ee5465e47d6af1060e95ce6340756682a4e38a250d44915be454e8fd9a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
137ba9d74e0b65df62805855357e5bdb

SHA1
f014bb0f5481e784f71a96f425e32012cc786eff

SHA256
84ae3eb37c962d00d90d8d90849362f8afb34724e51180395eb8b9d9688c0c8f

SHA512
717bab7acb05a8721f514f91b3c9b1c9aaf2d6b13e94dddb9070ad68f8b9b4cf7318b9610a5ef0bee47b85f5ad525afd3e6ef1ff79f4266a5c8a511690086cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
33837506dadd3aa59c7265ef15a4d22f

SHA1
0f003e7c82015c3d39e587f2d558a572a9f08b11

SHA256
ecc9ff0f065efae5b2d3c84802dedd11609f19d5cc17c3667feea42bc283729c

SHA512
920015f36211481487fc0d63b0318858066aa58f85c064f4ad544df65ad19a905cc2847378eeff7fa2734d771355578e5a9d0289184c88000308351dbb0f9f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
0e91da037cd80de2b0a4b19af92072b9

SHA1
9a3c6c9217558dfa7d671b7a503f1afe05f01a3d

SHA256
a3f1e2b783a618e67dd56c1386e6446301a97725fde0e9f2921c5c93250ed23b

SHA512
2b6f9e7f110de153efd1f55da2f35088f6c5b1629caa70c792a0f3236074918beb694d889801b6dce7dd1bc577659d38f741b211daa518596394e1c69f4b8db6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d49faf74784d126367e5f6be45791d32

SHA1
d18f4d3cde09e6d182fed7118daa4face28645f9

SHA256
b4af3b2d46602802b0a7b2a8665b0ee5a33bc680ef0493d64fbf9a13df55e913

SHA512
7c129a1819ac1d1c1b2a7f67ec4267d154e412919330695b9563194401450a10250e7737bf2b7760b7a40eccb30467ec4def8fdd229e6566b663647148fc7b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
b51663747dc01be4d8695a4384ac2ee3

SHA1
9391a3260e77c8d8f807402f4d384a1fa478c625

SHA256
caad1ec5e36155ddd5089c8dce38a5d1af85b3cd802a0439e9bd706dcf14eefb

SHA512
164a3cdd0001ddef2734656c6931fcf4e0ace91647b0b2bf1e57411aede3eb3c0454eb20af94263f95876a84ba45c6598d26e032ebe8934cc35ab4f056aa3838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
36eb72e40e56066b50404d9c33ab1d3f

SHA1
df9eb748502c03188940254f3cc626276d45e13c

SHA256
8ffefbf199b24168441ff64d9ca6d905420e66c9b71b34431c941071f9d2f911

SHA512
e7e8def61c67517efd882ba9fff7c916254febb9d66d21a1ee8fa946ad323c1827d716d38735e035dffa7c89234d6ef5319c219192414ea04e525fbd45256611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
38KB

MD5
bff21faca239119a0a3b3cf74ea079c6

SHA1
60a40c7e60425efe81e08f44731e42b4914e8ddf

SHA256
8ea48b2ac756062818bd4ee2d289b88d0d62dc42a36cb6eee5bdd2ff347816c7

SHA512
f9e5baefacae0cdb7b9c93afc43ad6ec3902b28c0cdf569e1a7013f4e5c8dfb7b389b5e2bc724b4ddfe554437320f4f2cc648642944c6f48ad2a78815acd9658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.2MB

MD5
d717dc20ddf09d562cc7d4bddc69ea5e

SHA1
3c0a07ff93171250557ff41c1621eebd8f121577

SHA256
5b92638f93b754c48a8050863fe38abcb2ac7397979bf3b9dbfa2ffecce2383c

SHA512
07b48be4727a55e34ff097e8974ba14251436417edd64b3876b09cdfc31220551ab12f6f080af697e23b6cd9afda50ddbbbd00df53fbd538893b62fa43173e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
99KB

MD5
b0a0f2fdc96be95e1659feac76394d22

SHA1
66547a83dc9d7ecec27228eafae67ce06880f83f

SHA256
011880dac8726aefc5b184952bbc6abedfa752007896deb6a70f1c0e2123e815

SHA512
5cd7efcefe64d5a6d8e1d83754b031533764a11cee0ab8eeec3c5bf9c4cd9242e35feab93976ef4e6cc89904c49c4ae9631c030436c00f298077c0a925e54213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
437KB

MD5
fba95c1a33215448b69467a2de2b5ebf

SHA1
8ff29aa2a38b4502ff371c580f53a847b6acbb34

SHA256
0404d54c57d620ab10edb7de8b4ff5d52b58e368cb67ec2fe863fc929d58c91f

SHA512
8176cbc1c81f56c041a28790b6914788745d1e92f0bb87835919069c65bc1b0c9f2fa4754781ad5cdb16b198ecdc4de91fd26c28ced1b71de67dd830747b1d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
27KB

MD5
ec5a3020e4a67d39f1d2b90afdea9467

SHA1
68bd7315f1b091708a255f19d7de7240aa7498d8

SHA256
2ad2346d3fdcf8a6720da216a3c068b2f5275cfff6bd5295d0ea8b0519d4ed54

SHA512
7df46e79b1f26783c523c7ed29482239c70e2e5f2e653d8cf05e19ea2e918cefc21f075e642f7557f66daeafeb26c7afbe500bc8338fd1896a3a6516b08844b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ad9a6b5ff96857659ef3f52f999cb7b1

SHA1
3de0f1c3f85628e476a3495990e4e29d6cbe9b4d

SHA256
5bdcb1019ae42700d89f9e357188d86b99e21e1e86887903b012cf79c4f68190

SHA512
3a0bf9951795e6c6e471cd346bf9482a924f0285ff48d56d7b6b5954d39a6913b2eac58e59f380e43e9bacbbc338f58b3ce9a90c74fa6cee6c6f2bcab8f93f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
51cb91acf4d6843c63459395afa35695

SHA1
9a9119cfa182b11e3b5be6fc631ed9e0984056f1

SHA256
1b3f816e32adfc4f256a4faaa4bc2de88942e41561dcdf2fd0ab07de80eaff13

SHA512
e97601109ef3b22672e254abbafb16ab29c7ec524822aa9e40857c0fb8e2273f436b9e3c62c88c297b60b9b6362c85daab75aaa5be9defee97be19da422b9d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a4d9938030d22262105c49affb58c16d

SHA1
23278e7ac16f4066a0b0aa84568a00a9eab35556

SHA256
a99b1fcfcaa26583b60066ded76d9cb3a9d74e25f3d430191d39bd14a754c34c

SHA512
69bdfbc0700ad2609d56b52bc376a043f4effa91dd5983226496adc0d20a85d5b57418fea4463c51f559e50b32e72cbd0e5054ff55ccddfa6e1d4c4e0aa45f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d6200ba39b6ce6a1f1e8f78eba8e73f9

SHA1
657659ba9e7cce4b8a5d99b9c3008ff703d2a7d1

SHA256
94e237cef9cf41c6f5ad0c2f300dbe64537916129ccd115e763d4176848b91c3

SHA512
15bf21e2e45a946743bd7cc53a00c648fc53abd29a2c5289730a1161977cae1db8db5b1075337960bca5c2b2cc2550cb2297c4d9feb32ce28c77f2ba172fedd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0e7aa86687558082e22dd6b0e95d267f

SHA1
0190e05635ef97d478adff21598faa92b83bea1c

SHA256
26b2cc76c64baf784febce9d681e7111e4035f60f06d70ddab732799167305d7

SHA512
e786ab9cf9c8a6a96b0c792b1f5be5d2becedc05aaaa277f9f1dddff3cd801b40f75ae0a11112796f03e4d5244c29e60b504edfdaade0fd5fdf0516577aa1794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2043a07cb95965d25782d635d21adcbb

SHA1
9ecb3dbe6bfdb0afdf8fbf5b37a83ef352a54070

SHA256
da1f4c02e006bd5247151776bd384b81633d35708fd6c1eb3e9c88ad10941b8b

SHA512
9887a3802cc0c0d3108f25b6f41d5cfb55ae677458e14fc655fb14ef84b389543ed3ee9cdcf91edbde868122407f5729b092ae98b183d52a9046692809b50ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d05d7c1575d3f89dc0311c61a2f9a453

SHA1
485685b7def4edfab2d1cfd83432b20c6c1d6f7a

SHA256
306b3061d77f46c61d4c141e50d7ddc2a3791a761c36f8370a88a7be78f33f97

SHA512
a1df19258335ce800b5cb48e0033b532a57716e6c31f30b119776365f67b97149be61238bc46fd36ba03408a67831726a2c5e2558ec5e2d8a47e4ffa531796f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c6ed6355410ef1fca90546d9a7f775cf

SHA1
767d1da593ae19b619b9fa04f39997e91521ed66

SHA256
8860eff08698e6b3bf76dcc65e005891e73d786246aa1216d334e0fed0630b70

SHA512
4910ecded8175c86630e10a4d2a0d103e49a1d52ca30e32e9a131bf5457c86ab98e8f97c2bd918ffe93cb516ad4157903e0fedc3ed9e91ea730489baca865b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dfec5871a8a7e29771348328e0258178

SHA1
38e8d42bcf9084db2d4ebcb9024d59e81f3eaae2

SHA256
12732247d2620a58291b269e56681ac441891e0ff37a853bfdfe13c503c7d093

SHA512
4b2767bef82a95aedb6e5fe76ebde3f18da28c17748d3076408c974fe3aca6531cd7ac60424f61f7b0b3fb7015a74e754ecc4fff2974ad43f4c81d3d8e2b0c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1bccc798bd47f9dcc66ffa95f6cad705

SHA1
676c22412e72665aa8756cc1535b486279afb62c

SHA256
d29a7a5a78f39ed1506c062b2555d06e5b93cb5dd2158b3b63cf0e940d6f1fd1

SHA512
cd4ede0352fef2f19120857e6085cf30ea35c9e222fae40e2610a4e6d2ea966c0bd32c72d249f643a7270f2dd55c710ffdd2dbbf9bf6a2b6948f913000f31f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95e2f641fc199fd1ba64cd4614aee2dc

SHA1
6f2e085e90e263af87bfbff3d6a006ee7772e98d

SHA256
990afd428fc451244d26a5446ab01aead74a6c3f35d44be1f4db15b0c20ebf3b

SHA512
c02c1c62c16fb7b71f0ce8eaab955f98733073cc1109c6baf33a91f6e8a4beabc556936836f56257a0b181a5e660b6c790233542e3d461d01a1dd2ae2d07b402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e91c78f999b6d2098cd7367b6f49798d

SHA1
8b5f6512d05cb9a7da06de317b7e4630ec3bbb9a

SHA256
25a08c044db536b7686e8bc1c8a869dc98caae1c20bc99c4a2f066b6f12614d6

SHA512
52b36ba670ffa8133e5fed8810bc8dd41ac9a5149ca011788bc9e72e8450bb93d75e07667c2210d6cba2551a91d47a848d5210a12aa6d371cf825fa7575862bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33a709ca52416d698a6193caab19dedc

SHA1
51ccdde3e472a318e0c9367a68c3a9229127e23f

SHA256
6fdd2a0f438e09962533d503393a7ef246842a0fd06c8c897720c85252178d4c

SHA512
e7a401766f9037c55223a46fbac0e2ee31d84a5632ea5df4234090441e4c92bb89a1a77cdfb1e6f17878bd7bd37bd65ef569b592bfa58bb1615697362cefa06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b9a0c36dd1ce1f92f25b736cf6f3c62

SHA1
092cd9ec497a60db88eab80e7abb55a2ab2898de

SHA256
86bcb1b5cf2f13e93c6329f69824bb4db110c62f73e8a7a4b8cbf1aec4b3fd5a

SHA512
08185ae82d91e98a8ce2402fd9eff7b9ff1a39df22b14db2651ffd2a4246bb26a7115a865746aebd2c40ced8d434cb9eaeec524416a48078bcc30426a51cb11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b01fa922df45c978e18ab5732d3bc98d

SHA1
0b220fcf383690773bfffac67332dfaf3d474be8

SHA256
d10156b384c58845a7b449635c9ec47eb13d6bc65f5282cd333ebebad9ef4e82

SHA512
62bc4bf582e908e2758b1b28e6a0140e0c95724f1e5d204e1dcb3260cef3089ab806b62d09c7ec4a51253440ec9a8a276551e6cba0dbeb92b81b9e5fc94a4faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7fc94b16c542d1a74e8166d1c82b4899

SHA1
f95f4f8c694cd2f671a12e2b37d56b7100cba7dc

SHA256
b3e92c0b6e0cbfef08638878c8717e831a5ee3921323f410105059638cd4b434

SHA512
4ed86845efc0addf43ff33c2fcc5c3441d4c6b4034a8e791520e0c688851adc0801da22b8a37f4ac3a161fb4b79884ac6e76d3b159bd744e0704678b952f3191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5117d90c6b4260a3683462d76e74fa48

SHA1
0bef6132cd82945371ff2392a9cdc8f6354777f9

SHA256
4de4e6c789b24b4954dc38a1c386c1aed68b282ae27c1d1267a886a960e34fa5

SHA512
ea4073cb7ac12f96b8a620e7d64170447240052e45e495ebb37dfc64438c4265ab7065bd10e74b354c1ca0b71a7e6f2e2642b50cde0d258aed6be52f6f6dc4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3a2eb355ef3066b2ebcc041ef212f214

SHA1
e026c76b6674234a49b1eede80f2d69a67deb3ff

SHA256
15d505648002ef78ef656acc7c3907db73259d05ef7e3fe5e58c0240b8af698c

SHA512
0dbaeeacba0114ffa93bf72cab2ef1f7a15ba7403303e21de2a628153f58d6ff9ac9e4d493d8117c76284d7bfdf09d34a19746042d568416048112a9d6d6ac42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6cba7dee9bf752288445839934680863

SHA1
35a3276cf802cdacb2326fa0af6fc30bf883fefe

SHA256
ccd54d1d3f8d6c3ffd65bb8d5f3b21f85d5b7f945a5e355c5eabab5aa67a941b

SHA512
95d16666fe118f9a64eafe5c3a73eb5281bb3fdc4e7b40d38d93da4ef9be4af345cc762b9c714ec238bf2a52aaefad700089cf1a9b6b817d3c758f6c105249de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0496c18d999e3564e9803adaa3cd5362

SHA1
5a99c3963c36d56da90865c7a9b79a584acecfd8

SHA256
e1b5169b5c41d0c77df7243bcf2f9511b4397250f74d8df66bf460b621d01ef2

SHA512
a7adfc278fe28e837db9702da41d0fe836eb7ce15360ce81964158d0cd7acce9e57710d7fe1c5d6d41bde5a2dd0d2ff070c5121740a113ed4529a82c51ff52d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ecb55fadeff6a3a5bdd048fbb02526ea

SHA1
2d3babd0d194561a1be7965f05159945974b8352

SHA256
2a40b24409d8de7a5c75bbbcbdf4c52cec88cf1d08f02c8e8d6b819b0c33f8ea

SHA512
dbcd8b37f6c312af38f03409f8212496cf4a08a58fd11ade33263bfb8a02967a4816adb2b235eb257d86955c37ff22699d2ec8c5cd669744e3b055d02665f50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5fe85af2566842314844928c07e88d19

SHA1
8a76d3da40dc812c38eaf06fe8a0bedc07a2b4f0

SHA256
c43e5f8050282c4f789e39ad5168e0e0ef698459217f7d9a67b6bc0b55fc7306

SHA512
500bac2a0d11db21df73b4e2d9109f1038a34bcfe26448d2301cd99e889f37047460d5d573b19d99a543831e1e8b0cbbea581fc0c20b75852ad61a118c44ad7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5b031bd9cd5033bd7e53a0f00dac7af7

SHA1
ac38411fc1441c0e515e3dbcb9927e0ccab093c5

SHA256
d1af1efd1cbab26fab12a6b89f423e9d8f9976f58cf29fd90a586da2823f1eef

SHA512
b5a0274fc21fd2921a67112b329c3c1e2246493e8f948a2752975cb7cc3632c9fb84bb2a6699baab735a28960ec50a26042bcc39aa89ab1ec151ac6293dddb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2cb8c779a501b40f2aaf821cb1f9208f

SHA1
e8810b04ad126b524b71c5f9970e08a32e3ba199

SHA256
7dc51acab0eea079d763aceb94c1771fb926b3b4ae7e3a43f88fd118fcd08c99

SHA512
9033020d361d0923a98f3afaeb6296b21f6b5e69e9d61a64cdd9bcd4d5b4910f15e475276adf4540db8751f4b8cbe71d0ba66bc6d741b82d5c9c90874cb930ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7e3006b03167daeffbff437503a203e5

SHA1
2b0f5349f9afe7cda5d6ed84437e442cc23fca2a

SHA256
7701dc429f32821f0986db5d33ba4a17dd6410085ec223d21e45d4d564a2848c

SHA512
34a797c5a029d250649d4b783da944052907e295d0b7b036b8aef114721fbb0ac8f1583b2509e6b7fbbc10333d6f4379c07fd566a3b4890930329bf54bd8c966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
258ee3143723ae99e4e7659bb5bc8bc8

SHA1
22019d9954723a3e7bc4181759a8ab8e79848ee7

SHA256
1c804ea97bd5b6272873f6f6e4dcddfc0a364ec14d55030f5dd80e67e6ff0ebe

SHA512
20feab005187c6568842772bc743f24b5203db87228f5728ea763dd817e47d25ad354a9427a50e09c3fb69d4b5aae20a9a3bef893879ae368e0bbecf63900b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
43d1466ff9974ac9e6716cd5bac51ce4

SHA1
78d63d006514ae368d73053ec053c6af3c65c877

SHA256
476ab371edfa409dae70d516f7952b7d84dc76a936eb3acf1c86b5a342c1fc5d

SHA512
16049dfb55f563ae709c77b2312ed80b8d9ab80436cd7b0f567056d619d2ac4d9e318d80ea59c315a2b565c6477d3586ee4d0d89d86e020b0525ad89a756a010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583256.TMP

Filesize
1KB

MD5
fa95b47c24bd26ceda83635fef330c82

SHA1
5dacf9d66000ffd3b13a02c156b9317fee0d8539

SHA256
2726118250871b1ec4b46bff7e8ff031f4222acd43441bccd86aa2fe756f740a

SHA512
54ab248cd622c65304e079c6b98708d4671c5e804bea1b70c61354dd5fb76563d1291f5641eb3069f032d5ad2b7cf525e62b63e254ade7a8d2972e17db9dfc79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
32031970e83d3e741638d3ac8d7d15e1

SHA1
37e9a2660d1617c6fae80a1b67953ce43217225c

SHA256
f250bb60a5a2e944b5a7c183f3a3349134de795692555fa3da8eef2e0ad354f9

SHA512
2dc4fbecc6e0e8f177d5783249a770ca5ac97954577655ef012f9a539a31186a58b464c279fe48e9f4bee6bdcee04fed4fd6141539a22538d504c7c442195ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d3f9386c8ea6049b85d2281cd91f1b3a

SHA1
257c496936a3010b3c005c0968900116793fce60

SHA256
cb96fd85b0d277b0d42e6b8822962d804bea714f2d5d4d4a038fa8d2b36cd2b5

SHA512
5c338cd2e41bd03915a7af2a6e0d8807ce314f56ddfe5060a75030e9fa9e5ad737188987d861e4fcb7e307f18ad9bcb036d599f2552d244d2f60a6e7e9a8bcd5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/4832-1657-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4852-1658-0x00000239AE340000-0x00000239AE36E000-memory.dmp

Filesize
184KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads