hxxps://media[.]licdn[.]com/dms/document/media/D4E1FAQHZ8XUJK8wVIw/feedshare-document-pdf-analyzed/0/1718205488022?e=1718841600&v=beta&t=tXisq_mGCdeXNR_F2QYnyJTp3EU2B7tu0sobk_bH8l4

Resubmissions

13/06/2024, 17:50

240613-we4kks1fkr 6

13/06/2024, 17:29

240613-v2jy1sxcqf 1

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://media.licdn.com/dms/document/media/D4E1FAQHZ8XUJK8wVIw/feedshare-document-pdf-analyzed/0/1718205488022?e=1718841600&v=beta&t=tXisq_mGCdeXNR_F2QYnyJTp3EU2B7tu0sobk_bH8l4

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
344	yandex.com
345	yandex.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
1216	msedge.exe
1216	msedge.exe
3620	identity_helper.exe
3620	identity_helper.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 1188	1216	msedge.exe	82
PID 1216 wrote to memory of 1188	1216	msedge.exe	82
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 3752	1216	msedge.exe	84
PID 1216 wrote to memory of 4756	1216	msedge.exe	85
PID 1216 wrote to memory of 4756	1216	msedge.exe	85
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86
PID 1216 wrote to memory of 956	1216	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://media.licdn.com/dms/document/media/D4E1FAQHZ8XUJK8wVIw/feedshare-document-pdf-analyzed/0/1718205488022?e=1718841600&v=beta&t=tXisq_mGCdeXNR_F2QYnyJTp3EU2B7tu0sobk_bH8l4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4792 /prefetch:6
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2416 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12241060614568940094,6446574389679245173,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\392f42f9-9d82-4b33-b9a5-fb21cf7a8d2a.tmp

Filesize
1KB

MD5
8f7d3627dee46efb3c94dd7ccf247f29

SHA1
83340dd9b596b67550e95c5348aca7e08c03d053

SHA256
43c7580ba4afdd6e4687c446125682f68fc4da0961144d3e8d8ec7defb7c6a17

SHA512
61d921803f588cde38b443a06193f6f8f2036206b65c65179eccbd3a34f20cbd49a6a49fbe8c5feb9f88d901989bca433fc338a0ebd8b6f585b62035fdcf4c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
75KB

MD5
c456292ed9ca472fab6844e7b32f1b9c

SHA1
83be6dc73cae7814a206ad60f82df127d45ce570

SHA256
e8033df26e47ab9825b6d1478654fb78f0780d65ba72321d9296246cf5fb2b59

SHA512
4a0391be5f330ff42cb876bd51234441f0ebffcccf05690c8868de62c0598cc727c3266b9cb2959af89f2b44b4559a17e1d223b9a08f587019262477260d776f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
85KB

MD5
008d0ae10f41631bb124d78799baf5bb

SHA1
cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b

SHA256
a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590

SHA512
e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a07c171bf44676a47c09160264962d60

SHA1
bf4d20a8a224aa1258e1c4601caf549c1f32f66e

SHA256
87438d99e4d744fab4159ef534b6888de5759b76dbf7405d829bdb6ad566efb6

SHA512
b365f2d3586c5a00831354323c664332f453520898eb1ecbef1a1461dd56401fa8f6ac89222c79cb4cc13497d18982c7707949d4300b1bd520860f91939521a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
000580d7d565c89c728ce7bff4357f0f

SHA1
e23f18b97c6a4af787e55a4337cf907af37c9508

SHA256
e97793dbf27cdf77d0b3131ec1b01515dece27e3fba52357b912555c5b70d130

SHA512
024e16ffac9c3a6994c9a3e1133dc6b5bfdacb81c8118724e30beafded19c8318336314c4f3d26235142056a228efd8d8d8cd0d2d04c2be776802f1c50e8c110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
d28990e012d248920ac7b16a7510a588

SHA1
d87ceafeb2398bb5c9248116759ec35414fbbd55

SHA256
121ef42dc508162826998d554fd1eaabfb9acde50c112857b4e7668413d09fe2

SHA512
6ffb5efff2e4785c5429f1a45adf62253b1958b11271d7f05d5b26eff5baeba3b2d11fb2e955f7ce85410c76872cb8cbdad031654aaddadb6308eaa2cc83023b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
22e455ecf07078d891bfbb0dca80fdfd

SHA1
ed6d3828083c6a29794bc4764df80eedc6e00e52

SHA256
25bf463205d72c2c5d76f38a86703158747ee41a0e9a88817e966528d08bbcac

SHA512
e6f72abfd26eb8819dee3ff02ad63e65d6640cee16c040e2355f525650a575fc383fc7b0b49a47e746c7c281b1abdb5cb33bb5af041f3ab74faf4c8c9dd56d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
180551d1a08140e2f145f224115e8b4d

SHA1
9f70c8c5cefa5dc9094f6f3e9c98e6fbe8731618

SHA256
28798bb5a15093982ed159d7a095801344ca35f6bd5f036a33c154b1275f48b6

SHA512
0897f550df45837c6d62f60a855f7be6f3c809a7f7b1e0f0dd3ce9db92212b45ed9fd34e7ca79d0768cd3d710a1a85e621e8ceaad322004c43ecb4b7d2d8906d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f87b2ca9118b18c78145d16f524df8b

SHA1
892eabd2aec95992c8c6bd1e5eaddd2f4796946c

SHA256
15c1abbc8170ac5a3a2b12514bfbc1ed9926c8d0c7ad31f9fcc6593ff75611e6

SHA512
1080d150ec12fecd8bc1332fffe8b0f2db2d0495870030739ed4e566f63a9943a1456d3372c77eb41c3580c7f2e1569a0630787d95fa49476e543d2b06f79fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
62831e89a4decaf9cd09c0992ffd56ce

SHA1
2ecfab2136dfe9da7ab89688ba7c10f708935cd4

SHA256
6d2db63bcc89d54fba43590d88035684e0b59f929609cb241fa61beeaaddadeb

SHA512
196ade2c1aa09d1276f2d37bd554dbe84eb82166a8e759e5c204cec9bc8cefcf73a48beecd3fe68d48150df9fab54877a82b40247dcb4512e16db2a31e2cb235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31903db943ae27e9cde4d29e08d3983a

SHA1
56fab1a51d8a9989638aa266fe9291a03d6bf5bb

SHA256
f50684c3a30fea08afb446153f09ff7816adc8251dac1faa66dbcb771e3a1344

SHA512
7dfbc19c0bfa1680c80fe395f1ee652b11d9a37e5960c6865b3ec28b312dc614388a4c49a5d28f9010eb23e244f4a1efcf3329de3441a232f6334792f2fdcd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
13033cab919abd1be24215463a33b0af

SHA1
a4a3052d325a1a1dd05ca373cae35ca4dcaa6c96

SHA256
337534ebcd267265fdb4604278c62cd009ebc337aea5bad5fbe42e36cfa77c63

SHA512
53f329828fb816e0621514038165912c6b2c4b1548b4ec3fb823dce0390555f01284217b585499ec2c642e4674e9ba1f9b71d4168712a3fcde58aa04e2f81805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e3ece7ac1d748bd8cf130a6dd1fa386ea15cfca\48077511-fa3f-482f-b643-45eefd31a077\index-dir\the-real-index

Filesize
888B

MD5
9e44335e81791843b7f868142b3a6fb7

SHA1
8e3b7a04adf3c81f656ddd2b232a0e753788e20b

SHA256
7c4245b048134d783453095d2f2aa9606faf7864bf6ab3fc70b2a66c4ce2b590

SHA512
c740c39cab99a42a46f84e0a99c0685a09983c875047efa219ab1999044816304559554bd015dc55c7de47c5c10cfac08509cea33a538240e9d0805e2337e81c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e3ece7ac1d748bd8cf130a6dd1fa386ea15cfca\48077511-fa3f-482f-b643-45eefd31a077\index-dir\the-real-index~RFe594e55.TMP

Filesize
48B

MD5
33f4a9b8d316c9f0b2a4995a91b52091

SHA1
17c776615fde2f84e34ec1e7d8663ea21a646e05

SHA256
caab1d0ba8d35cba739a82d52e38cac3e51e72e58e2f72d173551569241ea54f

SHA512
6ece05294d806959a410b22dfefb1389498603136bc02a959d82ebef00178aa56fc21e269caa35d181d5e289d71f5f759947b2011bda2d8a235a551aef68ad4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e3ece7ac1d748bd8cf130a6dd1fa386ea15cfca\index.txt

Filesize
99B

MD5
5fffaf0e29c5cfe5f10a0ff695998d77

SHA1
89061c0ec6cbff027d21ebd2a421445cdcbe55df

SHA256
7682812afb395b3d3a18b79a0b2fb885cc02c37b6375f397062bfaa9f5af83d4

SHA512
8d2503bf5323ed6fd4a21dc5b36c35b0271388f1f05cfa31badcf1c73f317dcdfb27b38e713c64283f98798eb2ad9cf5ca2fc5524fc11edb6aaa4afa65626b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e3ece7ac1d748bd8cf130a6dd1fa386ea15cfca\index.txt

Filesize
95B

MD5
b5079cf6118ad9ddd7da986d5168fdc9

SHA1
eadf980bdc8734aff7282a3d86e05b047f0d2a9b

SHA256
7bb14ff5d81b4715bbbf288aebbceecc789e397ee8d5ba3fca88eb4e11c40dd7

SHA512
8fb604292ac75b3af235b8bc31c18f40011da25f402cdb2a6c5c1f784feedf249473345278125cbd0535e236eca733f36251fd2045b2d8f4743fa5f6542ef81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\be35666cd73d55aaaf8ad83d8bbbe8d1cf6fb2c0\c1f23a7f-e6f3-4429-ae12-26474cf1758e\index-dir\the-real-index

Filesize
504B

MD5
c2f2ddece5b2be52df3b62dc4fd22a86

SHA1
ccf5040db41a206f4c525d9b994e7de348d10eab

SHA256
6402c300716e6e1c4aba2feffb0da69a9e6a271d6db4fb18c71bb0dca9cc613b

SHA512
7f59ef4d96a0a9ed587d728784f41847137ec33592ed370f2608a79124138601a16117284e32b56b205981eb7e559881191dea1b5ff8605b094695f1719f1188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\be35666cd73d55aaaf8ad83d8bbbe8d1cf6fb2c0\c1f23a7f-e6f3-4429-ae12-26474cf1758e\index-dir\the-real-index~RFe594ffb.TMP

Filesize
48B

MD5
dfd2ea0bcf02196e9f2bdeaab65a23cd

SHA1
4a206afd19d315d8c16f9fe65754854ddd7248d3

SHA256
413c5ee4a1597ae3e8fe5ee000d1bdb2ed90d14269ef726e780bed925fb564fb

SHA512
e0b3babe1a06570832003ce3a5f82fab8c7eeb1d067dd169d63b85fca7be4eda4224f88a2e42de908f7646a8fc4d9c5274df767da72647795180361003700bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\be35666cd73d55aaaf8ad83d8bbbe8d1cf6fb2c0\index.txt

Filesize
102B

MD5
6b75e15802d86364d28499baeb3cd576

SHA1
66bc3d242a3ec230cd52ec36c41a2a41908da9aa

SHA256
52ca3db920d277fb429971523281348c6e55ed53336fd561cb65e14beb4a85e5

SHA512
821b96aafffc9364816138f9317021d33060ce334b1d2b71b7bbed153daf129c4916146477ac89f2369e7ebde424313b000593b028685e4d15dea901a001781b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\be35666cd73d55aaaf8ad83d8bbbe8d1cf6fb2c0\index.txt

Filesize
98B

MD5
4e1c8d58624452d36096061a6605d4e1

SHA1
710fbf1b9eb8bdae51a6e06e47a8017e96efa041

SHA256
9f2cc4d03b98abe1178c40e9be089736a066bb9cdb19933dd33268f938b0fa21

SHA512
d97e911fe7a1763d8efd5d8b217a9af689c4abe060350ab63ccb9f6f6e4ec37a63e4d66d423db8445cfa206788f2c2da925adb5fbeed57f38aa806dc7edc722b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ef5940e397a514f930823d18699ae252

SHA1
b58373a1ca5f64494e67e9e962b39fc38ca56bc5

SHA256
4c72238d1a5a4f947089abaf8ef49064d6ca4b1ff5e2a030a4c2a13a5e83e55a

SHA512
7c8c49bc4a2f8a39e5bd4c0932b0b8f82c497dafde44f70f007d1fabd2416dd63b19840c5b43aa6c7ebdf53e8e119a722934a355901bcff3cdfb3194f2c53a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe594cfd.TMP

Filesize
48B

MD5
d43cf279231877d573794d1a48a15c94

SHA1
1ec66bdc7310b277c7405ad68ec10767b6eef1b5

SHA256
1c39b72c294d55c1f9b58ccb80088f238eb28cd4f77e3638398b8f3030d59361

SHA512
b130d0a6e1d623ab536755bdf31d3a82e049f8508ac6a7a9c57767b18d88e327a9e050776448b083c7f7cb0cd3e26a14c1fb293a9a3347a0ede96beec2e2012b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8719050143b03183e920c7e8ae66fea2

SHA1
9d68f00ce805b54006edb5c2475c9d1ca860c036

SHA256
1c1206da5c8b3d68f6c66fe83fce09978fbacf57368ca2674219d3c955bfc71c

SHA512
a7be9a9e6c72c5513429488477ff90bad8133b8ca8f6a83a0c048f0908984b6b1582d2005df9fd258caf4e4fe5d2ca3662d0e5617f33e3455981a0de24dcdc55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8750d0d9450c75c2e1f437b7c15e2de5

SHA1
d160e6375d89fc21832192c850ea98804e60867d

SHA256
33d2c635de750663ac4972d5199f8690631469e6173ac725e87cc36390925aa4

SHA512
4a6b26f4bf43fbb5007e24a0f31e5bff93ba042634f837f5f92c32b3fa8dfad49c2274e6369a6bad8f322c922e49af1a5ed75236867e9b5c4ab7eef6a0ce0d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bf73.TMP

Filesize
204B

MD5
29873076cad376999fcea507bf3e3f53

SHA1
bba3aeeafca49cd7074420ce47c7d1b30513a9b3

SHA256
188706e2a5f888d1729d800ede629b55a6a7e8040c8f3109ab9a25be4952ee6c

SHA512
d23adcb0458d4d49d97b2741db534bc2ead15a05b6c5a06681c0bf47a9af5540e6bfadb43cfb041d108ad2eaaecbaacc5a6510affb3e2348511aeed3af4f304a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d60c4b28c88529e431b71e586de9f18

SHA1
c115980f604d68590f6c2b054354ff27b2c9e09b

SHA256
4d53f29e41e024943809294fda0ccd6e8c856e441dc2770ec16eb21f8dde2c6a

SHA512
e3ec481834e214a5711f47457f98778f8872e2832ff27ef033d56eceabc6013c28fe5f14c1b2fe8dc29dfec62877c44aedffce15caab3c467bc4c67d406e1ea4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit