3b1f9ee1e664702e254e6d05e00e489676ab196a56ff3a6904926e7b9dddd0c3

Resubmissions

12/09/2024, 17:31

240912-v3wn7swajq 3

12/09/2024, 17:29

12/09/2024, 17:28

12/09/2024, 17:11

12/09/2024, 17:09

12/09/2024, 17:08

Analysis

max time kernel
62s
max time network
72s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12/09/2024, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

obraz_2024-09-12_190801491.png
Size

626KB
MD5

d395a4791b4ef58425cf268f12c6a53e
SHA1

6e56ad53f72a10fea5ec528d18c485e9571e1798
SHA256

3b1f9ee1e664702e254e6d05e00e489676ab196a56ff3a6904926e7b9dddd0c3
SHA512

5c8bc703790cf75d3c37539c6f2df7b95ef4fdfe717218d663f51f5a919a68c31ab25f09a43f230ab23559b7ca711b065727a89e8092748f2d26f9970236aed4
SSDEEP

12288:ytJJ2MRpKe1n5DEJVC5qiX8lypQ0hFCnjg7hX/mim/w:ydn5wzCgiXo4pMP4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
680	vlc.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
904	msedge.exe
904	msedge.exe
4548	msedge.exe
4548	msedge.exe
2296	identity_helper.exe
2296	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
680	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe
680	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
680	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 772	904	msedge.exe	82
PID 904 wrote to memory of 772	904	msedge.exe	82
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 4156	904	msedge.exe	83
PID 904 wrote to memory of 2072	904	msedge.exe	84
PID 904 wrote to memory of 2072	904	msedge.exe	84
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85
PID 904 wrote to memory of 3356	904	msedge.exe	85

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\obraz_2024-09-12_190801491.png
1⤵
PID:2896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4d0e3cb8,0x7ffb4d0e3cc8,0x7ffb4d0e3cd8
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15194607004358938556,15951217322457521738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3852

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2932

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\RestoreGroup.m3u"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:680

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\RestoreGroup.m3u"
1⤵
PID:3848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2512ef3aae97d050d0430493760bfee7

SHA1
93b028b61b9573910605afc96d548dad5a1cb2aa

SHA256
1c020beebb5664a9ced9bc07c009cc0c1e135345653e83faeaff8e58399f1bac

SHA512
2899240c2da469c1e7e639695bddb1dabe5321acc68f99bf302789cdc505f1ffce529897512e53268445d134c7a7b5979fc5ca8012514cfe613dad3b9ec46980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7707de5d47ee7fa412ff9cba63752438

SHA1
42fd46d1a37df622a6e3040f9c9f57bbcea595ee

SHA256
5da7c13a0423dc42b7a4418f27764f382f95da55842464bc423c5a24837caca2

SHA512
61a455c34e181a16f9c56191cd9242cb8f9393c855b7581d829748df3893d85652f603b8c5ff8227719afe1287c4a961992b48f18c70fe74e72d94d1d8264cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9295e9aefde06bb8f74d4025ce204f3a

SHA1
ae18ba23c25ce3b176b5749d112818e4fb9f2185

SHA256
45b88984597633b05250b7af67c55b3024f418413e8acbefcdc23c550b74f18d

SHA512
db89838f53ff4fcd7d03ddeb2c70b966927ced5db0b8e4db5ba87a10b9fe919bd35dbb3832d69e47917089f391d893862828165f251be88b5901a42c9e63ad9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6a310db44d4a8ac36a8172ae3cd32986

SHA1
e3e6adeb1a74239fbcc57ffe34e7d453ec8b79b8

SHA256
9d81ce299f4e31b239fbd57ff5d87ec3b026c58ec1bb67f8e4c134a608f103f6

SHA512
e1754201e06dcc45bb08a9c5a183653c68ab316011b43668bd27409c2604ef1e908982f2ba36ed1f12442875241fff285231d1bed1b019078f33574c448768e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6c0134266056cd33e19a08ae7148ef5a

SHA1
9f8cb74835f3845c1116f9c300f6c2b65d0a3f61

SHA256
b32da878f7999f1c7927031bdebdfaf59b41dba00587e91942a5eb58f2f76911

SHA512
4e7121b9f46bd6581acdfe87b904cf0650c76f932656f103d218aa30b3da12939b94e1d13393d2d379e41978ec7c99e0c9b0bc39744394a9149db969af326d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4dba5ef0dc5a46af790ebd8e4d094506

SHA1
45151c3e7d21c813ab6d38a7f179c7ca854e80b9

SHA256
28bc15cad7e89b939df96713068919db87a0b7fadf1468fc99ed4bf27de0f98d

SHA512
ead8ba0ec4b3ff81164618d7e92546bac06a6f897890f2464a558d7976b73be71f3f6ea10d97cbf76054310f78615125deaf728bac28378bac20f1f77502bbbc

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
17B

MD5
a32ccede076d4dc0e3ea842499a67b46

SHA1
0b83abbf074f5086099c10f2174c6877b02c1949

SHA256
fee0ed933f68c296d406ed8b77cdf52c34a3e11665c929a6c185afeda999f1a2

SHA512
d55a6088899563c7106f96e95a5bfd955e4571b33d6bc493cca8bd8104e6466f71b9b504a77d72a2ca04b74d41aafc4b77a46fdbe1187db4f37b79bbb9f7981e

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
7b37c4f352a44c8246bf685258f75045

SHA1
817dacb245334f10de0297e69c98b4c9470f083e

SHA256
ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

SHA512
1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

Download Submit
memory/680-191-0x00007FFB38170000-0x00007FFB38181000-memory.dmp

Filesize
68KB

Download
memory/680-197-0x00007FFB38050000-0x00007FFB380B7000-memory.dmp

Filesize
412KB

Download
memory/680-223-0x0000024628BE0000-0x0000024629C90000-memory.dmp

Filesize
16.7MB

Download
memory/680-213-0x00007FFB39D30000-0x00007FFB39FE6000-memory.dmp

Filesize
2.7MB

Download
memory/680-174-0x00007FF7220A0000-0x00007FF722198000-memory.dmp

Filesize
992KB

Download
memory/680-178-0x00007FFB4B2C0000-0x00007FFB4B2D7000-memory.dmp

Filesize
92KB

Download
memory/680-177-0x00007FFB4C310000-0x00007FFB4C328000-memory.dmp

Filesize
96KB

Download
memory/680-175-0x00007FFB4BED0000-0x00007FFB4BF04000-memory.dmp

Filesize
208KB

Download
memory/680-176-0x00007FFB39D30000-0x00007FFB39FE6000-memory.dmp

Filesize
2.7MB

Download
memory/680-183-0x00007FFB39510000-0x00007FFB39521000-memory.dmp

Filesize
68KB

Download
memory/680-182-0x00007FFB39530000-0x00007FFB3954D000-memory.dmp

Filesize
116KB

Download
memory/680-181-0x00007FFB39550000-0x00007FFB39561000-memory.dmp

Filesize
68KB

Download
memory/680-180-0x00007FFB3BDB0000-0x00007FFB3BDC7000-memory.dmp

Filesize
92KB

Download
memory/680-185-0x00007FFB392B0000-0x00007FFB392F1000-memory.dmp

Filesize
260KB

Download
memory/680-184-0x00007FFB39300000-0x00007FFB3950B000-memory.dmp

Filesize
2.0MB

Download
memory/680-179-0x00007FFB3BDD0000-0x00007FFB3BDE1000-memory.dmp

Filesize
68KB

Download
memory/680-193-0x00007FFB38130000-0x00007FFB3814B000-memory.dmp

Filesize
108KB

Download
memory/680-186-0x0000024628BE0000-0x0000024629C90000-memory.dmp

Filesize
16.7MB

Download
memory/680-196-0x00007FFB380C0000-0x00007FFB380F0000-memory.dmp

Filesize
192KB

Download
memory/680-195-0x00007FFB380F0000-0x00007FFB38108000-memory.dmp

Filesize
96KB

Download
memory/680-194-0x00007FFB38110000-0x00007FFB38121000-memory.dmp

Filesize
68KB

Download
memory/680-192-0x00007FFB38150000-0x00007FFB38161000-memory.dmp

Filesize
68KB

Download
memory/680-198-0x00007FFB37FD0000-0x00007FFB3804C000-memory.dmp

Filesize
496KB

Download
memory/680-190-0x00007FFB38190000-0x00007FFB381A1000-memory.dmp

Filesize
68KB

Download
memory/680-189-0x00007FFB381B0000-0x00007FFB381C8000-memory.dmp

Filesize
96KB

Download
memory/680-188-0x00007FFB381D0000-0x00007FFB381F1000-memory.dmp

Filesize
132KB

Download
memory/680-200-0x00007FFB37F50000-0x00007FFB37FA7000-memory.dmp

Filesize
348KB

Download
memory/680-199-0x00007FFB37FB0000-0x00007FFB37FC1000-memory.dmp

Filesize
68KB

Download
memory/3848-160-0x00007FFB4C310000-0x00007FFB4C328000-memory.dmp

Filesize
96KB

Download
memory/3848-158-0x00007FFB4BED0000-0x00007FFB4BF04000-memory.dmp

Filesize
208KB

Download
memory/3848-159-0x00007FFB39D30000-0x00007FFB39FE6000-memory.dmp

Filesize
2.7MB

Download
memory/3848-157-0x00007FF7220A0000-0x00007FF722198000-memory.dmp

Filesize
992KB

Download
memory/3848-161-0x00007FFB4B2C0000-0x00007FFB4B2D7000-memory.dmp

Filesize
92KB

Download
memory/3848-162-0x00007FFB3BDD0000-0x00007FFB3BDE1000-memory.dmp

Filesize
68KB

Download