hxxps://s3[.]ap-south-1[.]amazonaws[.]com/jlkkjkldkgdfgffdfd/gjjhgdffggdffdg[.]html#/18/623453-1367

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://s3.ap-south-1.amazonaws.com/jlkkjkldkgdfgffdfd/gjjhgdffggdffdg.html#/18/623453-1367

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{CC5D82A2-E961-4807-B7C7-026B5BE84367}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2728	msedge.exe
2728	msedge.exe
3508	msedge.exe
3508	msedge.exe
3036	identity_helper.exe
3036	identity_helper.exe
2596	msedge.exe
2596	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exe

pid	process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3508 wrote to memory of 3668	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 3668	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4716	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2728	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2728	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 1384	3508	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://s3.ap-south-1.amazonaws.com/jlkkjkldkgdfgffdfd/gjjhgdffggdffdg.html#/18/623453-1367
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff8f40f46f8,0x7ff8f40f4708,0x7ff8f40f4718
2⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
2⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
2⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
2⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
2⤵
PID:1092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
2⤵
PID:1736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
2⤵
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
2⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
2⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
2⤵
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6124 /prefetch:8
2⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5480 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
2⤵
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
2⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
2⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
2⤵
PID:5172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
2⤵
PID:5200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18283296376350239211,471823935695388428,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
Filesize
16KB

MD5
5df721180e5e8c3dccb653da368de87b

SHA1
772925c995e2056226dacf357f1ef7eae0c6f8d5

SHA256
6c815ef68bba569cbcf103579573f7593abb8b22c514eded0d7c4797362cd1ca

SHA512
423d8984ada6a843faccb895762de2fd5fe594ad60104a2ca0eaf9b79c86ec87a2c1757b40fcfb1d482d32135f4e98e387afc0a5699dca4528b812d7f642c2e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
17KB

MD5
5fc9e9c717d652c0a2d32c69b1a9e966

SHA1
506c8e927b2c643b273500c3810c23f8503e0a80

SHA256
87d718a282da60f8ef79c2c85e2999bd0fe7a6ef3fc77ccb3ad8a5ff8474b1ef

SHA512
1430968334371059c65ef8b9bfc463418a7a8ebd27c8c5a9467dc7ac71e08820340a236475246f5bceb3ebd7c9f2ac8d08c7cfaaeb9a97872bd884542e095982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
936B

MD5
30daf495ef2df62d02cc9a83bdf0eca4

SHA1
ad9153192530231c6e64b37b11ecd4a3e89cf8e8

SHA256
1989c31e0b36a075c2b511ed1b6d753db0f1d96e5a37cc8cb5af85e6ff386944

SHA512
f1c3270b1dc38f21e5af8325063c99239eaf73fe3a5d02aba5c1d9a5c315b62d74391fc6211f16b5d12024f6bd2f780dc868896f52cf859245b6dcd43b422455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
07797a1b2bf665681b4d53a56fb42983

SHA1
3df4fcf2894290060fa7da4c83b1a7d36cacb848

SHA256
b81caaae7e72bfe41fa6df29cf40d39b56cdd53a87d205e69452795507ec7583

SHA512
42595847cb4b9f03c3318bb8b84c2cf7d7f728028437fc0bda15f060e2590d0bcb0dad8680b09bf67e8bb70c40fb0ba7c4ab603cbccab47867931e80aa4ee2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
2440d8c651ac37acc61d7796b8c5214b

SHA1
6dc2fc8ff45acccef41555c5c05a7c16b4da5f77

SHA256
484c7cec32d33be7f62512e9a937002c683f7a75439ed4682c06c94caf33e1da

SHA512
bcb11a6203b9118859bba365615e863548f1b65e6d08efa90e0805f2b26a25349b9fff93a708967cd7ba6d9c158ac7bb063f6748eabe2492c2d83103c22dd417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
2ac011ca550242a3121ce11f5057bea0

SHA1
cdad1ff96f294f8f07040181a3a9a2520a65b1d2

SHA256
28bfad51a4a7f9e7ad1ce256b3e8fa0c843b24935b55e22658d07503de966fb2

SHA512
2147ff18f2cfc44f5d7b552fc0ad79790bd0933ed39e10bc62bd19062e873f8da8695c4e85f88341c7207ed3aeacd5dcca07bf1bbfc1cbdd4cdcd4376780be64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3424ea8d4a9625d91b4c1afce077bdc9

SHA1
ed2e1e61e03a60f5e2c5e09240179c9534e2b1d6

SHA256
ba180a9e849c32682251e0aabcee55fd7ec192d9bdc850d672f3cfbf3fcd7815

SHA512
ebbc9f06926c199d5a390bb6b110320eb1c9e98147880d101d2c9b805a4f8e97fc84685cfed9e0c5541decf36ce9011e0d3649745b05d992a2684cf918ed747f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
d443cc6e534e7e36db54f82945bcb7b4

SHA1
3d99ac27c1388111e4995f79a82dc276cb310186

SHA256
68bad91e66585df421628b9c0832c46a9d4645e296140113842c7b24ce7e799b

SHA512
453df41faa66893aa4d29bfe0e9526a9bc7a73be48f86f42c97113d90c7532303847e4abba0b088b30cfe1bab644817f329598e28c5bf9de21db17acd906f8e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
dfe0e8d17e7b04315e740a1d625b6f3d

SHA1
d1cb5911cfd43e5d455d028c7a2826c401601e6e

SHA256
fbd70a44e0c0904c627ba7f7b1dab093fc94f9a2b1c012a2fb53594d0d7a172b

SHA512
0f6e9386857e0eafce53f9602b0e10b556366ab8b013b1dc64a8ec7d0d9d59a9dddfb37d1ec8ef90aeab1b6fcaafbfbf36076d66fa030b8062e92edbf629f61a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
96349bcb5c0b7be66559ac1ce62c7c79

SHA1
cc3a9972b62366d89157ff632918821055366a81

SHA256
d9d2b047be17ccf7ff13e5b7ca5c6f4703268bb1e351ba857d43dea2af8ff05a

SHA512
54e490d97e9fc573cced18ff85baac2475c0a54e1a94dbcf83a636789fa2cbd7d17d0e529e60a323aaa31e4c42a0906fca39976857c27c609891a1a67236183f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a74c.TMP
Filesize
48B

MD5
357ea9a62ea7bf358c2ad88b696d502f

SHA1
9336b4c136d4a7a448f6c885d0a47bba88b586fe

SHA256
7715e0df18f7d8c5d61a3054657a9ca56094eac7590abbc33ee5e36499f36abf

SHA512
2d3949b31a93eff283b02a12f1386ae6213a187f23bff3919ba6a5c5b40cb9d03103e336eb817b4e8bd8f7e7e2d623cc1ac2d98de50e4cb63f2e69e95f6db1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
3130eeab11bd4a7afa5652002f88ed71

SHA1
5c6090ace84c584f635fb43aed442ebe92ae6a24

SHA256
032ae1628812d3a9d786a44c352ae8f6fa141764db35f16c520d43038bc89046

SHA512
0a2b9e98b16a421a2818ea9abe516a7d937182294783951a35b0fcf24f44de686f122bb0b8c637f982ba5c3ffe72cde4e50965f718e3be20bb709bdb914d467f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
80cdeadf88a6f0e824262aec4a7a3bbb

SHA1
23b89436106f76046eed58e7883c7aa31d91d5ad

SHA256
d650ea964e5bd6105fa236b9fb93cbaf4b51b171a7a0688a76fd7674bf7b14b8

SHA512
d5e3cee88075a029c6f96e003889dab39d5388219a55587d0d9ed87cb15641e91ffb3ccb84b3cfe86104f798dfeca4b2becb8dfb54dcfb4ceccd97b2b6414fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
25c646e70303ee861c91c65aa388bb04

SHA1
0cea2b9b35ad074b3d677a4700710ccb1609f50c

SHA256
e355dd5750b7644b507b35faec0a19749b346c90db89db3a790b95fa75ebcd2a

SHA512
ae3f6b00d62d3b980dfb44adc09df6a617152beec9419d855a2fb4d44b9d71a5fe4be8a1dc181ac01f0e9ff3aafb6d9e38bb7f1e93f43e9db04f48e851249ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
c7ccf6aaa54b309a6c40fb5c04bc9eda

SHA1
b64e30996072ed0faa52a4fc30e73c5b840032a3

SHA256
61cbc80d0fcb9afa91be8cb04e7d34187970b43aa987f569627f1d2f537cbed1

SHA512
bf5951270c8220bbdcce8d64b03e0a73fb61a6e2698a249c789fdef92e4e385d54c8214ca7ac95c85c8eb0277c4a55567c029f5848bfead681704880f7ad3ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e5e.TMP
Filesize
2KB

MD5
e3bf9b172c9313cfefb1ee96df3b6c00

SHA1
25c0b1824aa357684892aef81434389423635619

SHA256
348e51e6e9734194bcef68d9e326a6889022311b677e398235f460d9be431fe3

SHA512
ad3a09add8796ab0c505d6287270de0fd9569b171428106dfdd71af5e1271372b75088bf2999b5b1a073c3dda3fd1797f5c34913c6ddd9d57892a2358ae1ed24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b9612b34f17b47b3d417b8ddd2eba97a

SHA1
ead74748abb329910d0aa10a20400d810f410fca

SHA256
d8b25313e2e74e12cde7b6d263f9a1803df0ffd593d1f034e7708845b5add689

SHA512
55024864823bee4d9dc2ee79c40a0da54c86eb44137173818a3f24a57d6fd166438c1ab01c2a1668531c894db488b4f89b11619a1346ccc87eff6f4be8e2e1cf

Download Submit
\??\pipe\LOCAL\crashpad_3508_QKAKHWKXBTLZHSBX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit