hxxps://www[.]mediafire[.]com/file/jp39je7o7rbt9yy/Extreme_Injector[.]rar/file

Resubmissions

07-01-2025 17:05

250107-vl5wjsznhy 10

07-01-2025 16:47

250107-vaq81szka1 3

07-01-2025 16:17

250107-trvgbszphp 10

07-01-2025 16:15

250107-tp7zmszpdq 3

Analysis

max time kernel
145s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2025 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/jp39je7o7rbt9yy/Extreme_Injector.rar/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Extreme Injector.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
432	msedge.exe
432	msedge.exe
4856	msedge.exe
4856	msedge.exe
4568	identity_helper.exe
4568	identity_helper.exe
4832	msedge.exe
4832	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2012	7zG.exe
Token: 35	2012	7zG.exe
Token: SeSecurityPrivilege	2012	7zG.exe
Token: SeSecurityPrivilege	2012	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 3112	432	msedge.exe	77
PID 432 wrote to memory of 3112	432	msedge.exe	77
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 4524	432	msedge.exe	78
PID 432 wrote to memory of 2136	432	msedge.exe	79
PID 432 wrote to memory of 2136	432	msedge.exe	79
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80
PID 432 wrote to memory of 4580	432	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/jp39je7o7rbt9yy/Extreme_Injector.rar/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb74c23cb8,0x7ffb74c23cc8,0x7ffb74c23cd8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,16393032180089980315,2442182975250569821,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3912

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Extreme Injector\" -ad -an -ai#7zMap29697:94:7zEvent11494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\134f436c-eddd-41d7-b799-60d4a1410570.tmp

Filesize
7KB

MD5
f7f9407277160aa6431492e5c7d56807

SHA1
2002030d5eb502292041a5970861eebe65fb2654

SHA256
eb19d20cb6cc14d2f33821f121a0226ddb361d6004cc17450b089d19b907d5e8

SHA512
17a6b6a685c262a0636678d21276a8380d6a1a5a9ce8b620e054f583177565e335d5c739521a02ed11b5beea442fa337358af1063af9d2c4530b47c751ca66be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fd0835464ccb924c1e56eec5344b87e4

SHA1
76be8ce180a086786196690202b43a87c47af2ce

SHA256
82c3a1590f26fcb9ac7076d8b41d928d107dede4fb9c03d00886877b3a987a5e

SHA512
05074a2524e898287f1b3e216eee67077b9311f653d4378bc147e5d318d3f5c0c97e849979e91dacd4119199a3d4478e3aad0a1b30f7656fc5a8ea028f5b4277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c52f437396f51fce1fc7ee6a7bf968de

SHA1
c97578c475f813a6f9dba5cab881f83b7bdb8776

SHA256
8d6b0b254f09bb4fece142d4737e2268942769709e58c11dfc7a9536d0cf6363

SHA512
b99e7a10e78ae5ac1e038e47fdc68a905af17f98a9868ae51f94bb68851ec4dc3af0acf0b58616fd00c20b5ee72c5496ab90f8648b01a83fd5236d6728c89236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ee6d214e921c7816fbf667655287615f

SHA1
1577cb577172d98dcee56afc4753f53b292ccf85

SHA256
5bf27b51b2ace667e4fe5b6802d9c6d10a2ad3ca92a35a70752dcf28205ea387

SHA512
abb96fc4b355888b527782fc97bd494550539bc78c5603d033a1ab316f8a3b08036cc1091e8ee164d78d346965604e0a4e07318dd602d9440dda1efc708f9c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a3e72eeeb3f969d369607fc70aaea422

SHA1
afe086bcce777f73850e44ec0ca748a12f56b4a7

SHA256
3ceff0c80bc21e50f16f60440abb7addc56b3272a25db463f8fc2ee8f6986f64

SHA512
5bfdc879370147f2b24c1a7da9a0566d62ed9cc031f65e95a30a10ee427ac1a09e3a899d1c3733fea8bf9687dc302aab0a3f88aa4bea6f018a00237c348a3050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f130c1772dafeec5ea1666ebeb01f2cc

SHA1
7c5bdb67be70266ff4216cba944e6dec873de9d3

SHA256
a82043b2a78cacc1f836c06bf627901276a795e385e41a8e80c93df36021b780

SHA512
8fea5c55b8198ff48fdf32c46b0fb91eac0d4192a046a839e7fbe85632b85480d97c1e5b3c3b6a0b86afe93cd57bc85fe5cbc3fe6949b1d6c6d0bedae2bd1c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7bd2d750a9e7a5a7c126b086eaf4151

SHA1
64c0ed61bda46906a7d0c23d6ccdf58e84f8c14c

SHA256
0462a8b31780485a0f022ed79d2d25a543fd5e46cf24a1a4c260fe5a7f6a5bdf

SHA512
0d4731fbcca21e3f3fb022e93aa7002715df77553ae188b67d1127cbf9b1e0b93983597149da997d0daa7eae186bc037c041056eb783e1e8e15b05c761ebe283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c6b44282b46df131b0f2d8b5f9955106

SHA1
4af992b7a36e856d7bdaeccde74d0d101549f6c0

SHA256
da38c883651e6abf719e9904c51b516bf4751eae7789150d2fddd27225662afc

SHA512
f18d7752f2ec54590c3fa72dbe737b12c7f49c71c6969b40bdde39f97095a21e86aac22245879ef65053d280770116d20c8f00440db0ee3aa274aa8837fc3642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
8f7dae9098df030b975208cceaa5fb2a

SHA1
dfe0b10ea4e0e42203c5158ac226a1843b68e058

SHA256
8ec98bb682ccf4d65c659048e8388d9c64e3be300519b67c224407f76e15e348

SHA512
ec3e57d574c32710c4cb6bebad58518a1fb369173addb72deefcb33c7ab48dcfe3393d15c0cb63ebaf920026d277d6da6dd5780c4eb5a1d128fa0b8369475cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e4b3.TMP

Filesize
706B

MD5
a5a1972ce6471bdc27564000244b4c52

SHA1
c306d75fc10d7a84780662bfe43f59cf27ab9a7e

SHA256
5a5b26ccb28d501dd630354f93bcc5e2bfd97a8ef04ee8267e2e1493071e6700

SHA512
c74b44bc337bf1544b719ca50cc7b7fd1c87f745253d91cb0de0ef800ad9fdcaefca723873027a776c97c4cd742e28698fc13783ac3cd3ae1d4d448aef7f2eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bdf81c609a0316069ac1a12810562e20

SHA1
dff5f3597b7cea186053226ebfcd36b639bfbcfd

SHA256
8f11837659be505bcbb0c411cebf8c24c528ba341aa5f935c7759a3f54b41524

SHA512
53500d871a7ca219608791173ab22524762c3d98f3c7eb13938a66630fd44f7dfbdb9d5aaea8af1c3f488a39591de86b8a4f7156d576d9d675d4749abdf5d97b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a8cd4c736a8f384a734c9a1db9438bf0

SHA1
a769a071f1da712145ff3b132fbd0780a064f18f

SHA256
b681a1e1d60924b4b0e3988e09955150a826d5cd7adaeee90f11fe2adaa00828

SHA512
6b127fab61799c8889d49e346166671337683844d03e4804a5dbdee76543ab2b7eb29172bd012f5d9a68ff33d65b3fa69009071651c7723c511a84e86bac550f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dff9b41fad7a85f755a167df6ee5c6e1

SHA1
d1ea9c2a4611f69127b47d0a704a1a24bf0ffacd

SHA256
3269867eea389ce5dff842e01f3bc85a3b69233d07e862615d3e744a7b61dce8

SHA512
63b30d0d8d35a481f93b41963de902fe963488af2d65c871c624a79994cb5377ac96d9f3b2765c1c542e6bd0b7ad3d4121d4d3850dc4c412a47765cc120dfae1

Download Submit
C:\Users\Admin\Downloads\Extreme Injector.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 309353.crdownload

Filesize
176KB

MD5
c69134627ae8ab9be13682facedd96a3

SHA1
48c999f8ba77f1f947d29dcc9975bb0c98f8c471

SHA256
38930995e73adb485a443d7ea99f04938fb2f0ee3183811031292e35e7aaedd5

SHA512
46ffa3e5d79543af896051fa447817365ffb4a8817215c531620ff16fdebea8ad6a3b173fb8e4acf63a49db71193dfb0af423e223a2c40f017997709be82fd53

Download Submit