hxxp://crawfordracist[.]com

Analysis

max time kernel
197s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 13:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://crawfordracist.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-768304381-2824894965-3840216961-1000\{A7B0A901-D926-492C-8228-E3B07D40B53C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
5300	msedge.exe
5300	msedge.exe
5480	identity_helper.exe
5480	identity_helper.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5300 wrote to memory of 5700	5300	msedge.exe	85
PID 5300 wrote to memory of 5700	5300	msedge.exe	85
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3684	5300	msedge.exe	88
PID 5300 wrote to memory of 3000	5300	msedge.exe	86
PID 5300 wrote to memory of 3000	5300	msedge.exe	86
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87
PID 5300 wrote to memory of 2956	5300	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://crawfordracist.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd11a346f8,0x7ffd11a34708,0x7ffd11a34718
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13264799220083602199,4748583209507665965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27bf86a7e0b8ccbe_0

Filesize
18KB

MD5
11815107b19bbeffddfc7b3a6f96493b

SHA1
37d4f1ab8d3eb238bcee265d9aae51a7c4f2d1d8

SHA256
6a9dd4d85148be1689d3a3faf3cf7b580e202d01f902b44da36823db3d0dc475

SHA512
2da49b0819b3ac76eddf142b17168bfdc74e7d9781f868b3cc227ed2e2a62df63135c2d3be063382b83c89da430bf682f4a2f0c61f3224a7dd8de91945d5c927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac5d9cc93bac2b3f_0

Filesize
289B

MD5
54d5cf8960e7ccf0d29fc3389ceb8068

SHA1
6451c8c6c7904fe34fe2b774b59a759993a9d46e

SHA256
f19ccff66f7be6f2d495d87243fe170f9468029d4b519ac545fb3ba2d2f75fb7

SHA512
7525404c5e9b0db2a9c6e2859ee6153896c24932224fdf028d30af44ca7e2c0bf0d04167137db627797786c3022f2f05fa3d4bd4d210e449a58e37f128f4a03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c31bb5a2101eb4c3_0

Filesize
320KB

MD5
be938269a07e361bf6e0c0aa5a2d12da

SHA1
4676e4f9ed825dfa0d4f9dfb631c6a923511ca3d

SHA256
582935befcc4c75dbd6dc973e1d77e7c50b4b51e819ea39c1d31303f18d792da

SHA512
03d24eb74b23fb8fc97bffd12762beead3f1ebdba97018db93c94eb81dda23513b4974791404e4116998b509f7a4ea4bbc98b7419aa77ff024386a144c14bb47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
76e3d8d5dc36b51f8f05eb62be353afd

SHA1
18316815425dadce983a53b2adebf2c8fa8e294b

SHA256
d75210de62eb618ce85773d52c8f9ecee2808aee2b97375d304271f1632d8053

SHA512
fe4516910c8607836855cafd2e936a5571ec2fc6776be6ecb77eaf8eaa9925b34fd8f816ffdcbcf3395fd9df3336f590f491483c5229390c70e710db673470bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
fd5c18a221d5cff4a7a5f9fb47f51e81

SHA1
ba3248603e0366beef4b3d260df23f10d13809e4

SHA256
18588fbd55fa94345f9902ac90be242ed1027ca283244f7716014018e8b7bd00

SHA512
35a7005f94ff35c4228b85d51e9cbf5c94bdb7a58c9fed40276dfdaa9433e5ab9861b10159c588399ba65d617bf99555b82a2915ca4c4852ce31ec0e0850601c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1003B

MD5
aa33ad5ba361a6dd9dbc1a2136c4cc54

SHA1
a2a0bb4ab036c65a1f7ec1168f1a5a48895a51f7

SHA256
3661374063171f7e6b2f676d9bc3a04f9bf3fe2617a72649a6d0fd62435bf5f5

SHA512
e7b4d57c1c5a9fa41ce56ba6ecb1cf66e4e6dab641daf82ec1e0354bd78bd679143645dc4cc4846356134414c810ab035e95cc5e2e9afcbb3759b18ca32f286e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
696ef1230835824ab1a64009a9244357

SHA1
c793c575960216d0d957d6ba5dc80a9dc6cde082

SHA256
5347103d3832f6e9e081dd95ec0619890394d3a03300f088d81732d88b66e6bf

SHA512
81c1c3e578242df32f4cfadfb86c6f0da2c8e5fc33bba3d0aab09bac45f1b8c92d61c7aace9307efcda8fb99ab44829a495f779089306a8b300fdd6288db2ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b4827171d749c3321f636823328f3e7

SHA1
e7dbac57daa8ab79359b2ec65164739705540a87

SHA256
5de3cf153001054f52bf40f74c172fa54150dc690d79d0caa040e71ae97e884b

SHA512
261845ba2d857d698715e3d66fd9948f84904de6acb4859009abf579ffb867b49818b78e3aa4a0a367acc3431da2232198a7bebc47d8ec070cb98426ab7baa39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5efe6feb84bf5d8872f5f105c4ffa1b4

SHA1
20449ac28b21ab84339afe77a3780822610c1679

SHA256
5252f532e4798c308588595e87bfc20dcabd50d5abd5eba233f6b962b5c8ecd7

SHA512
128fa9b1bfb224432657c421603c6bdb83408c242e1a14eada6c57176758750c608d3527ec79e7d50fd2c605ac0363c50788227f0f76fd12d8d683c811a00764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0055fe6b385574b3903d68964c0c9259

SHA1
a7380066354795a597b3bf9da14cf5070e219a4f

SHA256
8c525310eaf9c5dd417808452bf6be49712924598c03ac98eebdeba629c89b79

SHA512
c315f26443af163c67a2e149208622b37da2db46723560ef044dcb480e2e37d0b6db888d5e5a23af672eaac9436cbf733d7dc106fae6fcf079af0d259cf6042f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
349c57d1b0011fcf069860ad542705f1

SHA1
1849052f35508d581eab11015877365833bd55be

SHA256
8d16d645ae249f0e2d5d2375db07996ea0a4ac2d6126a65d6b8274dc9458dc94

SHA512
c4d9e3c31d57b9012d9470865c771c3eef64a06a2f589e50bac529d3f722cfced95c6db5036d940ffe7a2729961c602bf97f34f01189a5a6e2cd7927855e4e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c79a52e2a262dd05f1e8e3ece9c6335c

SHA1
93cd0019898d5624cb9382f805ff544c1205a154

SHA256
a928a0ac1e23f9c5129c7af74b60c3a367e1801ef2ba432d7f1df8ed17adb94a

SHA512
1c16c24dc1717bb216d61b9d28bf56844437fc935dbc36b8f208b3ed43334452846b42e570385e3f357b4d3b17c62e2aeade1d9437ab70af5baba721abd8820a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c79c45ef2ae2c2af37fa28b6a4059eb1

SHA1
3566da59794a984a18f5ca52eab5062a79049b5d

SHA256
6c91ffce27daafa0a08eceff9475dba335a40d366dd757a75eaaa47e588e0081

SHA512
a38ecb19c678e7b9ed0e5822e872a0bd4d6834f1bce10fb6150b90a46814551bfe8f6bc009387cd45dc578d0f0338c1c7af0b3ddce0f9c550e29fb57088c9f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dca712eb1c291d96734679dec76c3840

SHA1
81a9bc3f0e797ae94808d3efeb50520492e556a5

SHA256
2b72c02ae42557d16e7fb86b1ad20fab96a72f3486f90c3cbf016494a6fd74fe

SHA512
656c59ece361e1adf102a1533c52f57ace0af4d2b6a153d836ae3e4fc088b04c0937d9365cf6a2d13b8f788f4cd40e1bb8d2ff481f9aa16524fc1aef8de161af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a04f4f266b76ed07e348364d04b07b1

SHA1
0c1394935c866c0103a8b7ba16244f01d1b7294f

SHA256
5ea8d953860a3727a937a586814b0e0a361b12bf41484259af001f3c2e9fbd8e

SHA512
9f70c3efa9d29f64a228a81572eea6d58e8eb730cce652e28a822c0e7fb187c9bf911cd05e88dfbdd6664763c17b08179d3382da17a328fd4f86a6d6977b864b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cd12499764168512cf189b3c3c6f506

SHA1
cfa03fd841f2cf8ee7b3529ebdd1f387fc42ad15

SHA256
eae6c9e78052d078779789c00e63531a449096f841ec58bc06511ca6bf278747

SHA512
1f02e1794dc4dab916629295b607117a58e6c37334ea8923b08e0eaddb8787a52fbfbfcc4f9c3e5231651ccc1937ad7ebb285e962858bdc4b664e4946ae3688c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff781e9485d7585e3d3f832187a86551

SHA1
2764c250723838719685bc807beb6ded4c772e74

SHA256
0276c66c185926c7f08de935cb22d67b785260ec92abeeecb257f17dc94a3997

SHA512
718005e775e16417b39d628782ada98bd326a5b904d074c155ed5bb5108b7d9dde76f7fa4a2815f18cb4785ccc603eb3cb2e0df7fda32db9dd0036dadb7144f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6db2d2ceb22a030bd1caa72b32cfbf98

SHA1
fe50f35e60f88624a28b93b8a76be1377957618b

SHA256
7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4

SHA512
d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
11874eefda997decc4bfe962050ef9cc

SHA1
ef2f37f4c31fcb346e714eb790e96048cb34403a

SHA256
2a86b3f3615ddfb550abe0f058d8fa7973033a11fc5bdaef489b15c9b63883a2

SHA512
eb90136f63ba0ff6d6b00829835cdf40313ccbaea6261c3001ed46445c3d9c350b8073b068d28ef91dcd6de6d2a6b3290d9a81436a46bfd98065db659213edcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
aaaaafd06d6251c06ed2eb859fe9e559

SHA1
35381288c96c33c2837cb85a56dbea4e0031764b

SHA256
ee089d63d6cc90f7d4e73dc196a5d502a67c1312573654abc37d4b6db1ecc85e

SHA512
cdb0fbd70598cfbf6092ccc96f65d0b7862c584854192c812cff97e7cedb37e43645001c6791a3a1f0957ca7b35982eff572536431349846f4488a3b55ab8a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a1c63.TMP

Filesize
538B

MD5
0da83653cf30a35c34a4c61f686446c7

SHA1
ece8e4a5719094af983b7fab5da8bd3e45b4122f

SHA256
6400f56c7b0559742c30f3d2a8ca5274027c085d7af16089d4e329accab9ef38

SHA512
856b898119dbedec3a1b420774fe23492042816f049b262aab4dd2bd649040dea203624ba1794ffc2f495239510e7d121e8e63bb89eb34e6643a9a62ba681bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
07c79744615d52989e81ea6b40a2680d

SHA1
ae1c9c987376c01d4e9f937a4100d5dcc2da3ee0

SHA256
a52bd13f0e89facebf7c13490cf1233542f8d20c4153cfad8581b3187cd1400f

SHA512
b61641fda0dffa79f25a72b9e8d6b0b91cceaf543d57da2551dd18482f471ad7e969183752367842a1c07fd7b3012380777b19a793c9f9586327a45cf3e4bc8b

Download Submit