hxxp://microsoftsharepointintegration[.]na2[.]echosign[.]com/public/esign

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://microsoftsharepointintegration.na2.echosign.com/public/esign

Score

10^/10

adobe phishing

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{5A02059D-9234-4815-9040-AE9BE818403B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
4752	msedge.exe
4752	msedge.exe
2280	msedge.exe
2280	msedge.exe
2520	identity_helper.exe
2520	identity_helper.exe
4736	msedge.exe
1644	msedge.exe
1644	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2280 wrote to memory of 1552	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 1552	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2312	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 4752	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 4752	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 2152	2280	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://microsoftsharepointintegration.na2.echosign.com/public/esign
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dcab46f8,0x7ff9dcab4708,0x7ff9dcab4718
2⤵
PID:1552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
2⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
2⤵
PID:2832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
2⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
2⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
2⤵
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:2392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
2⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3008 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5872 /prefetch:8
2⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6052 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13660936261672903957,37983544741026874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1652

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
ed39791be3a15b98aafa753aa27e3fcd

SHA1
5d5c390d95cfd097f28bc30501087379798904ef

SHA256
c511bcd2150363fce6e210589c488ec327366cb79be1ea2b758101dbc438998c

SHA512
feb5a9317b00c3b0779bacf26af101c0eed57edab9e7e10ca907873a581b2db09a55e30aac66abe5689b4453adf42b29a5870459e84ce940b5fec0355f073a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
9d6b2b66c23f909cb1e36cff25cba36f

SHA1
f5e88626fb4a987f637dc7965b8ce19f7edd4ae1

SHA256
59347909b70d7c215ea490cd13d8751a8fb13098dd32f5ffa00e6010cd0bca65

SHA512
5671520adb623e0b9a1945b42083eb07bd6e6a6bfab92b2ba1c4eddb147908c6929709233ecc2bc597ccfbc0bb9fe6b1cd0aabdb55527dd24bea7a353d57d7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
863ab8513ca3ecd45531e73012859260

SHA1
b3346e8abd976b8d9a48b1e2961851a550e46a06

SHA256
7803304c3f7db9c904202ef177263fa4765339986884c57010d1597670a8597e

SHA512
f6c4e6fc80d0bb6283dfc95dfefc36a3334cd5f4493d66761024540eb0b9c8336a8066d5b6026479e3e7c9c0905524489aa7f89dcb1ba6ea952865e6f92f4701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
856186fb38eac1ba5e93ecec504f8bde

SHA1
39f2d9f82611c342b9c691fcc67da8e8e5b3bbc3

SHA256
8a3a70ecdc9edf498d2326257b0821ab557cf7b76a6e2350335d4fd9db6d651f

SHA512
886902f95b0a28e209a43d2e2a0b8ff1db0b0709e9d24d87a4743c45f4a7036866bc1780b997fb8dd3c8c371b406caebeea3928b1823906b5935fa9cd94ffba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d649f9966da078e550ae2e52e3b3cbbb

SHA1
b80f3dbe74e148eae12585b201e48cecbfdfa56f

SHA256
9a2a01c1d0ce87fcda7c32774193d1d9efacbab3b315ab33117d3d05a3d11493

SHA512
edd3ffcbc85f3e73b0910a392c06724acf1cf46aa5cc20ccd1e579dbdfa7bb1bfce318af968a2c7aa0a54c8c23f9558a32342ddb0589c09c0badda0a6406897e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cf1103c23f65776f0b499e5b9c51202b

SHA1
69e0da2119b17fc35ca033948d8fff55b19f4b79

SHA256
08fd4725d2128a8f354e59836d966cc7ac654d7ef3043795112ce8f2f0c7d568

SHA512
622178f9d3e798f01f4d28ea94215bf3c4ef1530d86742a8c196d068da3446c9081deacf6b09f18782d63442eb8d98a8d2ea1a886f74dcdaae3d3c8e54be0340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a8dd53c2a5868fe9e345e39b5accf0b8

SHA1
6a98da16f480ace586b0e1c36c23608c8fa1140a

SHA256
4654ac436b4f56b6231b68fc4005085812ec976f1f25bf4ef0d55e3213abd01b

SHA512
3c9a6a1be65e0e8d0cdbab2620cb299f73d955767988cedc7d5862a4d2029c97b0448974065ddbb7db9d9bc71e625994ce25cd0e0a085da36cdec2ef10a072bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c943d5ea7924654beb98ffad1ef285d5

SHA1
dcfd4f0dab77ef5af4c11ca3cf0c0aa2ce5716c2

SHA256
387b47f531d12523f929cf2634576e57998f2ea3eb7c2ec44167911376ac7c47

SHA512
b01db6d816838fb732135df1de2bcbaf3c9e4a5c8de1002177c59a6c25602288f873f5059e6372d1e069998e7c068f3d69f5fa79b9d849e7ef560853abd912b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
04614915f2d96a598461faa3fa32deb7

SHA1
a0bc4c3cf29336d47ba2ba5ef7b0de8e02972d6d

SHA256
54192dc9c1ad957d124af60bc38ce0d4a9fe794268904925fed47fc7bf7a5a90

SHA512
b23995864942ef1a2275dfe43685a442cce95b60b351ceed87cc0f9864072ffd66f4702e409712a10ce945962689b22786807a6dbf4749434fd2b1a3decfc767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
70a7cee900cf13ce6fff4c5901d4a8f9

SHA1
1855b41f2b89e7fd0da114153f5c97b04c351cea

SHA256
7852b79bd7f8ee4d4f3e48e0dfb3bb90ce37b77e7d7bf3a97795880c8d7c0eff

SHA512
a371e96fd16a86274d5451a95958ead14613528ca018f5a3644db522b7e65fa5048ccb05716dac707120aa69837358c7b216b1a6897c0d18f10aa1213dd9b7f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
531cd220c2480eecf5961e56f13ab6c7

SHA1
117ec11500b8b2ef45ac77177aae8fc35ccf9f64

SHA256
58ad133aec8113e3d0b164db401c5cdfccf493ad8fa58ce273c260971ca4380c

SHA512
ccf879f3e5f3808b47b47869a772f11f4e5ad2559109c8f341ab840e1169a1ec3993bd8bd6ac793872fbc8ea7436310c44f78218a405715d0d75b3ab3b0ccc26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
8e25b3c5d5d7c3f7f194ebb0e6e3e656

SHA1
ee165df9b1560973bec6e41cdc5232ab1182ba0b

SHA256
45807cf6894691ab617f42757a04e97ef1a1b034b12062c442a6812d2e775751

SHA512
afce8e4591b5a4f83ccc816a46d01cb35577cf4df950144acf8ef1a53cfac59dd4c5c0f052662bddc4b3103a0858648fb83f9d9b1d521a991d0ff4062ec7508c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
c93ec652a0a499a594575781da7c2328

SHA1
06f1f624c12c11d95a89bda799402da365973e94

SHA256
0dc682551272ef4d5183df226e41407c15436263b45f92fed21d6347e137ee0b

SHA512
9ae17e2793ca3112df63c0335d508516410867c514837805ae01b4c6903f7f937e0547764f6db633788421ad7a00e6a9f2eeff8a51b7cc57fb72593686452c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1e2cc322d68d9c1e40a0439cd4d15846

SHA1
11b168fde9b601c7d50859aa6092d1dbfaf19d31

SHA256
70381a238550f0b85493ec353d1746c4a740ce853d61c0746baaf181e2c18e4b

SHA512
964fe65adf7a779d92e02c45018a37658c10ab04f8042849698fc83458fb7dd52f4336222ad2b43d4cc9ffdfad50d003e5dc4081962bc8a677ca8514e356eba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
488cbe4d068e5703e6353b1d59f7fa85

SHA1
84f62b41f5588571bc5a8d65d3e2f701a84efc77

SHA256
a5114e3067081bd8568cc2d6a3c90156834889add27bf2923461046b3275bcd8

SHA512
d5865448cc7975392cab0ab3360e0a91be61736f71ed041655e8420424b0c2e79087a014d7c8f269dcad83601aaca3bc7fddd936d2a96d5d4d43da6735ba74c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b508.TMP
Filesize
1KB

MD5
150307579e05d6f188608ce4be3e95d5

SHA1
be0f434720663ac6df602adb762c037bebf4de14

SHA256
c5114148c710c2d8d9eb5454b3f8b67af0c1bb0b521502e5d2a54982f6537947

SHA512
f4040185f76cf4dcf1e143fc559bc5cca02a728e2de6ee0f7680af6c54b5e94f108a9d8d194da281132497ab8b93951a73d7812ac7a4b816f1e6f88e3373de43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
009805b15a65cc66b7359b3a1df76962

SHA1
ea7d65e2d61318b0400f67906e81547bf462a219

SHA256
cc4fe6898e4b85b1fc214a74fb6da094d3e4bd2c7710822bd914f7a060f0e8d8

SHA512
4868197ae204011a61033cfb64c15c0f7128fbbe20cffaf63809a12a65c3ec364f9b3f4fa41328472f4da7d46b211ec4d060e26c6a9e55281ce4408b509e571a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_2280_IMDAFIUHDYSRLWFX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit