hxxp://vyohacxzoue32vvk[.]onion[.]to

Resubmissions

02/05/2024, 17:01

240502-vj2q4sda5z 8

02/05/2024, 16:53

240502-vecw7afa48 1

Analysis

max time kernel
450s
max time network
450s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vyohacxzoue32vvk.onion.to

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
5060	msedge.exe
5060	msedge.exe
1620	identity_helper.exe
1620	identity_helper.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 532	5060	msedge.exe	84
PID 5060 wrote to memory of 532	5060	msedge.exe	84
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 4324	5060	msedge.exe	85
PID 5060 wrote to memory of 2908	5060	msedge.exe	86
PID 5060 wrote to memory of 2908	5060	msedge.exe	86
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87
PID 5060 wrote to memory of 4456	5060	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vyohacxzoue32vvk.onion.to
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc6a346f8,0x7ffdc6a34708,0x7ffdc6a34718
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2164 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7156 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,16107590724602542891,8739910010565257930,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
bfe3a7f2fbead3f7cc8f96b74eb98cf0

SHA1
d2cd8a786e080067564076eb3b9d97bb9d4b80ca

SHA256
f2a1788dc82e411421c5202fd0e8e271ea8bb5e7d2fa85cbf72e7e5e3855fbbc

SHA512
cc5bb3a27d3546066faa3406b9fbd7415a771dafcce3cdc6fae18a20546a33be628433779da521b35cbdab7801694062ba65f7aabc7467ec557184505a940dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c45fdedefe12d8670f8193b965a00fb4

SHA1
83d1e643387bf6e86b5b20fe6de810311dce5fe1

SHA256
6d3dc9dbaf7676272ce3cbaacb625a8d16aad2a04b10ba8955d48fae298d51aa

SHA512
2b5ce1ce1b8c408196687f8fbbedc93e0d3169b1f68e158a9e73d98040d4fd47ed987da57d35999524781cf141476cf9fc44adcff92ddd6ccb5967b9f0caf4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
78ef85bc0686dc4ee6313bd7b43e9c11

SHA1
0986f6b281a43d715a08c757b46333f0119f98ec

SHA256
5930ae6358d4329029ecf1c01ac4152c83289cc410a324c5967d8793bcbd8b2c

SHA512
dd103e629aaa3e1a7a38e2661161ef80006a3b80f040b0e27bf0cbb173c6c01e3fd042d6d37c0621038ebff4144939a9a86de2593eca6adf16a638f3ca2f8fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
699B

MD5
900d105c4fe041978b4005d09286f108

SHA1
945abc985c63ff4ac124cec4154886892b5fdca2

SHA256
37e587ee78786dcb4ca0adf7e72514430287e5ea4803191baee309a832bc3f38

SHA512
5bb820b1c250a733785e9f5b9d26055b1c76d828cb3cabeaece2dea5a4fcb05822944fd34bfa0a58e4dc99a3c9d1f42407e0fc2ed5942e7d6822a05cc2bd496c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf1cff968dccd2e027fc981e38ef6ff5

SHA1
4a3ee8474de1759dbfa4027363391a739ea8ed92

SHA256
a1b78e907ff8c71c7bfc58da121816ee0e77dd0842fc288c9d42660a125006eb

SHA512
10a0c2ecfd9c27c5f6209edf43ee543ed0bbdc4c0b7ed6a257670e56a39fdcf49570b5a05d0cf675d2912b3d74a79218325c36e147bfd6c350db6c4e476fc7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3640febcae79d464fd32d42d20599d51

SHA1
763b28a3dc0edc3287ac3b5ffbd4250787cd2448

SHA256
5789fc1f8fe9efc34bb6bcb5cf5fbfff6ccf25c890061b557fc32317303bb5c3

SHA512
2950b9011ed6438c3aa2866d050042e2d66d4fe3d476e64fcf42de29b669fc4e3dd44b8ccccf66da1bfb49725611b1315fe8316eb37692b0b4e594cea7e9ca49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ebe7472ea954645a02b3bdc9cc753c4

SHA1
e50cef1400d975238475383315bd0fac833ae76e

SHA256
9a976cbe09bdcb5d96fe3b7ae9d6e95387fa3ce2e8a2e7225fdb4d0fd254400b

SHA512
c76b039c507a255604a264510a8440162c42902ab6528d172f7a2bba14f8022892b045e1a90eca8affd159756fbda7bfc8340ec566e029c0f9682226cd4188b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f705ca7960b05da6c8b3aa954f6b9e90

SHA1
ece4680248e5becf59386cdf8df0f966ad00e3bb

SHA256
f4457eaab29607befd7fd55988f01a92af0fdd2906979e1feccb85669fb1b158

SHA512
6de195319f21df5222b6374d511597b283d12b600ee4db4755a573b15e4222d57fae8f8edc765cb90cb1ab722ffad70a8d7c06b4edf83165dc514a8871aca4f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5ad8720ec250ddfffb6713d35b074559

SHA1
a86f1c4cdce9e9bf8c057e5e19f704be317fe0a9

SHA256
7d9ec83a29d9aeaaa0335f624d2bdf13b80ae2c2efc4f34e451cf45d51e9128f

SHA512
010c5b82eda9448330ee74123bf96bf7bc34c00c30755c6a92cb9fbe89b58c5311407d7f6945d04459a3b23983061c2ab352d743a543581efc8cf06ee7c5bfd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
ebe1cee62808569b4ee424566875d7a1

SHA1
6daff713b2689f10a37b1819582237b482328bc8

SHA256
54c2e4653546169a274de23d4b86ad3fb9e00657964a9628879d30c44e82dc67

SHA512
4c00287170527c5738d9ada5c6192e717a234009d7fe76026f615bfe9373341af95472ceaacbe8677681c9aaa143ce9bff880becc18b5bb63e24a90bad65b060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
ca699412e66966cf48438cac240ed694

SHA1
f36feb9c17170cb91dfeded5cdde891b80dcf472

SHA256
0a6420835b4bc76fcb5d0287e6614c7202fcee1b7206b985ee76a3159ff2b6bc

SHA512
cd4483b39432f0411ef0f409d421a95a89d0314e2323e2b3e4ba055b107f989b99b07a38d5c8da11e612408bb38de8e8d9f2e7a4fed4a4cffea78cb231d9c187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
414f21829cf8f86e891df9dbe95fe8a8

SHA1
fa11c03d60229a436679fae52335b586567c5b9c

SHA256
971a3db3f2702c3d94f1ce1edc6821e53ce6f94b1be4b3d32969bac4da24589c

SHA512
910f7ba3cb654ee999842d9fbdf5e59ec6a847f04c53f800d83565b9e1c468699176dfa4edcc5e83cc348ca10a41bd7f2e2d8d2eccfdc948665b8be73dd344f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
691fc242c47ab49784db2c55b405bffb

SHA1
c83b97f22c2bc2f2d2be28cfcd3546d61d512553

SHA256
445162df22f19d94d3f11b79a0982c1f9e04c582c27479f223d1cd98ee70c0ee

SHA512
67db05e894c281d4a1c9a8574bfa9a7719a76b59bdbdfa89bd7b9cf92b87cbde294120922afa42b9444ac2445cff92fbd9c067d64edd02f5842151a31bd10fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
bd09ac406f68ea13d7d5e7cb123a02e4

SHA1
0202eab5c9f1f5590a946eeefde47fca35fd5050

SHA256
4265c0555729fef78999cb4883fe705a113fbdb5a94872d86dea802fab1ea07e

SHA512
05ef0eb7936c256172178b83ad290e72eb2bf6f31c2d3d264322021c7416e7ece0d84e33f0f0b913d39f50440b7828053a008b3cf4c4704cca2d169d4b8a952c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585b79.TMP

Filesize
203B

MD5
26bde3b24b241ef522a7174045cad04c

SHA1
b30f31a19915ef1d956b614ea4e0f87727209e86

SHA256
f5dd9ec4205011ae5fa8b34af17882a67860c600f2363e62bbb12fdc2f9a6e2c

SHA512
e68ff43ef3ec5eca5ca1e80906302d931f9484e84905a051389962be627518fe68c667a34c065ca19470442c67f8cbe613334d790fa21d6eed080ee38b9bee61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f2238a7d-b774-4dda-98d0-b1f57a41fb8d.tmp

Filesize
706B

MD5
57505d19428cce60010e25b6b3d82284

SHA1
e254dd13c1d9db238de09beffe81b8f5181938b0

SHA256
09ad5ce6ff2170630de459424e4cb1e6ddb32428c8d7d5c4be8388c6949aeb0b

SHA512
e5c62a0769610f226fd711fffc92ae72785e49cf8da5dbb155794fd5cfa71d43c64672577e1f558279b4206cc4b26d64a5563781cfaa9d1b4da3422f1fb11601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dcfac07f8190de57c2810974f33b8da1

SHA1
b667f92264b5c601022dbb4f1493f5cf629e12c9

SHA256
e28a166f16afeabd3fbd6cc9c427039211dcac0c8f8a38a320912348a3fcda3c

SHA512
595538413ce7b3a4db3118852431fd6daa2257562993956f951d1f651af912c196801eeaf9ed83d37d40280afcea0e6a23b77ba09372d114ce3faed6519f5dd2

Download Submit