hxxp://e | Triage

Analysis

max time kernel
1030s
max time network
1041s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2488	msedge.exe
2488	msedge.exe
1424	msedge.exe
1424	msedge.exe
1200	identity_helper.exe
1200	identity_helper.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	5320	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5320	AUDIODG.EXE
Token: SeManageVolumePrivilege	3936	svchost.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 1180	1424	msedge.exe	86
PID 1424 wrote to memory of 1180	1424	msedge.exe	86
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 4824	1424	msedge.exe	87
PID 1424 wrote to memory of 2488	1424	msedge.exe	88
PID 1424 wrote to memory of 2488	1424	msedge.exe	88
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89
PID 1424 wrote to memory of 2992	1424	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://e
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4f9d46f8,0x7fff4f9d4708,0x7fff4f9d4718
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3116 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13045064284264959459,370247611302459144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5320

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2016

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
89KB

MD5
6b1647f87ad693d177429042a2b53381

SHA1
778dd9f5ee99236e23f224c1ea5ae31477cda774

SHA256
0e367dd125300d8405ea99966ba138b2c6e5b98f0c4b0e842c6c3e1a9d42b847

SHA512
ae2fef8be658be4e06f60ab9dd86c57abda7c0ffde5b45490699c618a3ebe3fcd08a6ce01f933cbb04e0ca122085e9b0f5e3cb13be5704c1c4314d3302c3732d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
199219ab8451269959d417e362c0c8be

SHA1
849a33bdb500eebe77f827bae88328cc847d2d3e

SHA256
59ac768c4cc9dbe64bc6e13f953d89f4652acf1d7bd509eb9e2e853215b9b0cc

SHA512
577e12783195fbf5db3a477efadd69e1844cd5a4869f80764d8ffda62b57aee1230bede46cfbe378a832983e5bf20c3bf0857deeeeaae1b97b6d0f2b2f7172a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
848dbf63b8a3728b56ab3ed7552c26c3

SHA1
0586d9bda8ce5ac1e8f30a50d5673b1281acbddf

SHA256
d2533a2abe7a0d780b7f9eca922404cdacf340dbc8f7120d5b5d8070fd04e1c9

SHA512
86fc7328251e0343e81be78b9e75a2db141b81269c4f4a8f2d27430e2261e51de961bfdf4488ed3a6857f360af5bfbebe6970adfba4fd97baa21054dd83d11b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2b89dae7481303cb080ae2162dcfda0e

SHA1
53df0a0700857ca71a3f789a934116be4efe1970

SHA256
12421b09b9a3d0f304cda997082cd1c2e4f562010afd62ea1975dd4f8eee28ee

SHA512
5f6d9f95f23ed122f37808ec7b493ff3f4cbb84c71c845c906168894e335fd5272b4543a535718c1bc85b25510a29a071b03c3c2ffd88754e3f23fd827d88969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fe3e3fb28cc0f43fbc56cc5e453a7e11

SHA1
66e0780f60eff9eefd87b77b9bc8608fce30bc9d

SHA256
5c70f0f908c1f977f9575719fe6ebcc1a1f0e1d75429420fc6fe46e16ac88efa

SHA512
ee0dadd2af224dc908dca35c1ffab29f543f8b95bcfd8bba2b09f8d65b738571d13cab6849ba1e0cbf1b3079717aefd13fd42d147dc1f3f2c41facac4f4f9c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
607f6c93a12c2825834635df1faf24bd

SHA1
2d77d067ad14342bd3413527f17de53df2ca1906

SHA256
dffc694b49aead8b43226815e9d921d3d407b7d72b4f28c34767a50d23751613

SHA512
dacaf20bc023384bf293af6e128d1366868b9be39fa890189b1ab53272e73bcf1c701e9b079bd0863b11ef0e8c42db83a3e71159a5e5cef7184be9a353890b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5241d8a207ef1ee738dd983ac08fd442

SHA1
ec55efe502881fbc5d2a9423ad325d861e14b9a2

SHA256
3d8c00322d06fdb276730e7446e9251b2e335827008db10ef7387aaab871d62c

SHA512
09301dfc7716b6b3a31e032611f02599270dd7432bfff88baa86c576c3f2a40c970031fea4be8298e1a6e787fd4e29a89fd9215a0449166b68d8883cf12a50f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
066690e3e665c712fe76a2e9c2f6385e

SHA1
1aa7d5c67fec61067a4a82916659d226b6c7cbaa

SHA256
381e09559c8a39184500b3dccad29cf4d114a48cf4e4dd940ce5ed9f7f226772

SHA512
6f151010bc4d88e734abdf5c9cfbaa62b93ba29cb7d6dc0a69b28796f87276ffc39fc4becaa9259f61e2e3688ed0620567f2953faf46c83c7a9e4d06f5e5ebbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d98236294ee9726697049338fd890678

SHA1
dafcb3878f00b3ad0f4a04d555665a6e9096a89a

SHA256
bca14186531c59ed667e4dcd1e2312cb0b430d9edaf29d0ebf29f716395177a1

SHA512
5949208bf7561b518003e22dbbc43f3fc2471b7030568a3ccc860f49c13502fc91143fa2ec44eae1b347dd73ffb865986b64aac9b593322f5100d873101c0ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1888906da1b18199de30b6e28870a87

SHA1
6aaf10819d874b5ceac64d922dfc731ef00c367a

SHA256
08d8aaf4f85f25dfb934691fed4ce3ccbaa42c85af63a74e28c2f35e50afd7ed

SHA512
d6ebd92f4ae7b39e1fdc74b4e6d9d963e378fdc38e0c1ace5d3a774591309d02c81e8616b23ae0ade4b0daf76d28bcf58af9332d4b3342b07d59326e756e82e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2f9a6af5dfd1d12d31bda04614a42a5f

SHA1
707d91d44d46c097ba538a31d95e06632805171b

SHA256
e573ce150ed2c0526f7d73bc7b63f0826122ce19515528927c71f34df9d27875

SHA512
0e42898f9f4f41012890d64da54d5834b57ba13b19fb6ed818fa951df3cd65754dc0d3e7069c3f46f853ee80b3158b0a9df9980a743eb0abc0995ece71382243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f32257cbf791a391c3f54c43b960a6dc

SHA1
b76f39999512536f887a14f41535b1beeeb44f19

SHA256
8f5bfaef334ec22b6c160f167f633721d69133071d852faf270c38a664078d75

SHA512
34169b6934b4bf8374c7f44ab0533d617463281ed8323b153a786406692225d672e57c24926c5a4138fa317f521bddfd3928dd7536f7c87ac93230f94ea032b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
f18351379bf03be2cfadd4f30f0b105c

SHA1
202cd2c50fac3f8442a41a27a0e3c2f931ade275

SHA256
c8ea39443817ecabd3ff85d08b7b875592adb6e48614c0f4f4c52501a3c1558a

SHA512
a73d3b4022ad60a8e61478854c33ccdb169a4a4f4b08e8ec848cef3ebe1dfd3ea1190b7a6add93c222b57baf944709f45b6c330bdc1f3d2af474aea69382464a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
8d70ee90a52e327ab5855d062279b5a2

SHA1
7f3ab84157798c3dbc5adde4a398e14803f6eaee

SHA256
259fa09123893fb1ed01069745be0095d130f28c082e5b7c46ebb91109751444

SHA512
bed8b15a380a2080366ee200057daefcda09d840a96e35affbde52d59981f09596cc6ca190f4e3bf4c1c007ec3f8c70deabf7845870ab693304eb74b913ee91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
c04d96997af669d115fdf4ef4e955606

SHA1
94af29528e0920c579a4d7e1a6b71a4968477e3e

SHA256
491a7c662d0af6708a63e78bbbc2703ede694e9d46ab60c88226313804588694

SHA512
0f2946f091396d924f8c5ea6e31e88ea3f931861b6e3d0c9faf2277e9702c860e8ced0933d192d7adc4070929179c894b17acdf3ee06d55ff92466e297bb8ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
673a6e86cde8c8211471844ad0fbd799

SHA1
6ba1d534f0fe71366d3007dbcb768e2f35047fff

SHA256
d2bfee1fe0a8c631956302f4085c55cc2f57da9dfbd2e0be4d5b4f265024fe2f

SHA512
04c603d7803dd7ad6b1fa33ca70bef16f101a468e59fece78aaac7941030d7cb992fe4163746e6c5ff54ad320112dba67ab7d56eab627b46f611f95408d4f213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b798.TMP

Filesize
48B

MD5
b3483c83c1a344b91032b8810f6ca382

SHA1
86e7b8be489542f7edc2082ca229c9d8da50a3d1

SHA256
d2782591476fc52293e0816959531eb1ade2b62b8937727a6d414630a509464a

SHA512
72d8d5cf644e06d5bbae5291a4df4f70eb0880074e01dbf1633f7b3e89c5b8d3e8cabb6841872340ee9f1bf69af29a983987c48f56ff1420838fa02d729ea014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f7a0a31d5cc55f9359ba9fbf18edee1

SHA1
12ae2d7ee6bcf15a73bfb63591aad32be5807c4d

SHA256
78e6905983c1745f1c3a07f122593205f6042f2d8be3c9e11a2465422e667147

SHA512
2fbb3c35eeec2bdd0641a3ae893a0ce15ed05b765670ed6dea307fae9ef8fd23c9643d396e913c64aef96ee8b1009c54f8f3e2bc0da58a3fceef1707580c63c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
94fe511e769927b420e80fbdb1676e43

SHA1
44bcc92fc257ffb8bba1939985d87fcdf3ebb002

SHA256
ab19fffed90397614e7bab9c552f5549de63a85de663ae0d30f34a9e8f136456

SHA512
80301aeb5a1b1459c1aa017d3f6b3c9002d6c18ae748872ec3326b3cec34d07aab5b7e1081d8064cc57d7da81ba0369d2e74ab33ce56098576af96d232edac2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e2b355a74ea49733571861526313f268

SHA1
867da7efe6aae1169f2e03bd70378fc0b700a2d8

SHA256
194217c315427b7447105da89a2a0ac287e82487b1c504f848ec9b53ad2261d0

SHA512
9f75dcf40c7281706d817f631f939ff48eab294f1de5b25d74cff7ebd95623bf615d32e4aeddcec72e4a1873091add5809d92917656e3737c0cba2d29508b106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3e2278089f641b205e25e8e555dde05

SHA1
1f2b8645856212d6c7ab5452694ff36c9ea5ae48

SHA256
f16514d11f17996e8ae2953b3151b82a5f6f2501e773a9194977b47c5f39b76a

SHA512
1ff5de77444c1d1b2e7e4c52776ba212b93b2278b30e24ffb5ce65bf321833e39360ca5b8ea3ef3bd478cb4b102fbf6fed8167083ac79fa91eeeae755b1e56e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
828ef9b9086fa72f0993e0ff5752ea52

SHA1
9bd89f7c8246e1170321c0d0b7269c416861bca6

SHA256
ddfd9c519f9a4e017a2318ee89936371b5a63d2ec1c2c7d8207b18ee1809b645

SHA512
310da1adf7e6b5c6df8e2faf2b4a288d09ff05687bb5ce9ee0bb1e9ce61649ea072643c2acde58e44289a47f895cfc162bb8d50bfb236d6a2e3966256b01c350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
98b5e4e48c598bd14ce147019ef59086

SHA1
966d7ee4e04d66c92d38d45b05b00cd7f127180f

SHA256
3a0989555a356a499684001dfb5f079ce649ca7101f0f084fe7ab52d171265dd

SHA512
2f93b608c95a066ad9b62b0fc8b9cebaf3c6c46051b617a334f039bf821628c6b91fa72b60cd8d3e7614a6099d9309413ecf963c33a6b240b015241d132416ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b252fd92e2b922a6b4a41c54070fbb0

SHA1
408ca6c4d98dd38ddea661ed39b70de4ba73d640

SHA256
689b20277e59c093b51cb8cd6c68cd8bc2d500bacee4492249bc6891ec17da81

SHA512
be0e91c53c36fdf9616c7d1c51dbf78f92da3b5e2903e8c64663a7b1a2a573410b892cd14ad56cb11b7912a63966fb33bb24622ba4933a90309c7954baa879e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13a72efc12874ab98e0442c2abf135b9

SHA1
a3a693672ec6f752b370e20a51ee065e72504230

SHA256
b69ffeaf0a7698e57ba7c63fa408591f5cbe5b93c37785e76c04ec0102b9dac3

SHA512
8dd019534106141cf00c511c199e879cd18d132a967cfd7ce3d12baab8ad140895a6e9d0cbda794daf86de0e64fdaca8fdf615c02cb7b0dc85595d9034d07155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b2305.TMP

Filesize
863B

MD5
ed8305ec4c092fa92155b828bc9a979b

SHA1
9957923570190425307264a6b075c637a9ced5bd

SHA256
227b81e3408f4c5682ff175e3c3b5cb3223749df7340997407d571c56e5e609e

SHA512
a3c84f9af78835dab8d1a00328452c6b54c7528857f48299c186e7d3cd9f0386928e9800a01e9682a8fb9ea1681967742a9204c75bad493e12aebb897b5c1268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5abffbcd98915bb727b34aff73c0d1fe

SHA1
781b53395f3f985cbc7f5d94547bfeb9dfc96068

SHA256
ffd159dadc903bd5f9de67a1ca79a838fe118807bc59032b067d842e644aae6e

SHA512
4228669126d7df2c3841b71c292c4728975555b7ef07279e0ca0047c98fc83d88aa456a80ab75e4574ed3a7d344029cc641200bfc59531e0c135f249f76d6c07

Download Submit
memory/3936-833-0x000001F16B8A0000-0x000001F16B8B0000-memory.dmp

Filesize
64KB

Download
memory/3936-869-0x000001F173E50000-0x000001F173E51000-memory.dmp

Filesize
4KB

Download
memory/3936-868-0x000001F173D40000-0x000001F173D41000-memory.dmp

Filesize
4KB

Download
memory/3936-867-0x000001F173D40000-0x000001F173D41000-memory.dmp

Filesize
4KB

Download
memory/3936-865-0x000001F173D10000-0x000001F173D11000-memory.dmp

Filesize
4KB

Download
memory/3936-849-0x000001F16B9A0000-0x000001F16B9B0000-memory.dmp

Filesize
64KB

Download