d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76

Analysis

max time kernel
183s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76.exe
Size

152KB
MD5

803f56f372f7acb28fb603350ddb13d0
SHA1

94924bdfe9e5cbf88a128fa44089862d6329c370
SHA256

d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76
SHA512

7e3fce688c24b051d4bab6ed0b829e6bb3f742242262291e6a5d43158c0b7fc76a63815dc96f35e69c1a88b4ed153ef23d122167f5968b09d9a689091f35a552
SSDEEP

3072:Tfekl8jVlSxJFr5Fb5tp+A0wnymWn1WVLdr4rdCgfjsY:d+vSf575tp+A0wnymWn1Mdr45j

Score

6^/10

microsoft persistence phishing

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\058b0890-c7de-4f0e-9300-3bc2326c0712.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221020112103.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
312	msedge.exe
312	msedge.exe
1532	msedge.exe
1532	msedge.exe
4284	identity_helper.exe
4284	identity_helper.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 1532	1804	d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76.exe	79
PID 1804 wrote to memory of 1532	1804	d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76.exe	79
PID 1532 wrote to memory of 4184	1532	msedge.exe	80
PID 1532 wrote to memory of 4184	1532	msedge.exe	80
PID 1804 wrote to memory of 100	1804	d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76.exe	83
PID 1804 wrote to memory of 100	1804	d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76.exe	83
PID 100 wrote to memory of 224	100	msedge.exe	84
PID 100 wrote to memory of 224	100	msedge.exe	84
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 2288	1532	msedge.exe	85
PID 1532 wrote to memory of 4236	1532	msedge.exe	86
PID 1532 wrote to memory of 4236	1532	msedge.exe	86
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87
PID 100 wrote to memory of 3400	100	msedge.exe	87

C:\Users\Admin\AppData\Local\Temp\d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76.exe
"C:\Users\Admin\AppData\Local\Temp\d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8b54946f8,0x7ff8b5494708,0x7ff8b5494718
    3⤵
    PID:4184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
    3⤵
    PID:2288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
    3⤵
    PID:1604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:2512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
    3⤵
    PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5504 /prefetch:8
    3⤵
    PID:4168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
    3⤵
    PID:2060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
    3⤵
    PID:1076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
    3⤵
    PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
    3⤵
    PID:3928
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7068 /prefetch:8
    3⤵
    PID:432
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:2112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7d6d65460,0x7ff7d6d65470,0x7ff7d6d65480
      4⤵
      PID:2768
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7068 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
    3⤵
    PID:1780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,18433322194218137597,6660538987404952765,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4132 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=d3cce914d7d583e9cfb541eba4235296974387c6c29a33f021452d4037fd4c76.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8b54946f8,0x7ff8b5494708,0x7ff8b5494718
    3⤵
    PID:224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15304307879036985410,8631856701582801740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:3400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15304307879036985410,8631856701582801740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
77c7b7f7f6f47dc6e8427638a27c5b70

SHA1
437d7278444d904604d0a35e3a697f2d101da8fb

SHA256
3dffec50f26bcca278bd6ed6c2d196706a60fc34d46ec9b973ea073d8ab50202

SHA512
f09ff1130b38a6947ec1a8727b71c09ee7f5af2e92fc5891a85a8dce2c0530b9b35bad61c22351807dc040a45c3b1486adfbc976b5e8654e680606af452de9f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
442B

MD5
64429fe9cf49cb57351623b3a8aaea59

SHA1
2d0ac96be0190b962d1efb2840fc07eb23a2f778

SHA256
c1d2e795724d609cfdf9b91ac67a32c7adf5cf80e97f2693ae779db7f4741ea4

SHA512
abcc1cc53e2d1522b3b1067ca60c9be45b5cb615b568cfbc1a67edbc4feb9a88b30d16b6b8fd9be9fd9f0116e6c613964e94b1f5605d4602cbbf694ce122b605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2cbe794f8c03bff4bec0a1fda0be5810

SHA1
3ad113a1d9b84bfbbf43b9a86e4d645b70009229

SHA256
7967f195f6860715d3ab44658526f4576bf146d0cd272e75cc17ab67da0e29c8

SHA512
9ecaa054ccf33de14fad6342fde2b9729aedee229bb027dc23073cda926a61b3294b27dcdedc17f6813f35fcf6e76fdec5fb0ae74a317626d11d28e9b4c797d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
023df95424532c22c0496fe490d44f6c

SHA1
beb6e1f8a8c6f1e26b6ee2dc21961d75679dc690

SHA256
6bb77c37da0ee73b87cad307878ffa2a09e4bec54943298bc28b4efaca3d520f

SHA512
744a5cc03b1aafcbd54ab7581df2a754a336d4f357f0dc5e7794f428c645fe006e462f3d438caf5351d849b6568c8a8eaf8ef2daa5b094338ab3cc74f4959abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2cbe794f8c03bff4bec0a1fda0be5810

SHA1
3ad113a1d9b84bfbbf43b9a86e4d645b70009229

SHA256
7967f195f6860715d3ab44658526f4576bf146d0cd272e75cc17ab67da0e29c8

SHA512
9ecaa054ccf33de14fad6342fde2b9729aedee229bb027dc23073cda926a61b3294b27dcdedc17f6813f35fcf6e76fdec5fb0ae74a317626d11d28e9b4c797d6

Download Submit