91ecd3092e58361a48a096d844f1846f5e6ca76b5091e9499ed3b4c3fbe28a3d

Resubmissions

03/06/2023, 21:00

230603-ztkb2aae9t 8

03/06/2023, 20:57

230603-zrv1raaa87 8

Analysis

max time kernel
140s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2023, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TGX.exe
Size

686KB
MD5

44a4e3d019880eab7d1cc7fe50400227
SHA1

c0e60962bf5dcd8d47bfa6aec07917a13fed86bf
SHA256

91ecd3092e58361a48a096d844f1846f5e6ca76b5091e9499ed3b4c3fbe28a3d
SHA512

622a6ad80c6b357e46e3428311584584d3329d69f46b7c44c31c1083f3fbe9e859da5259784600d5260dfa3ea836fbb02c80c8070e13ba7936d1b273c2c17e38
SSDEEP

12288:21IytQVxkI3A9VWcTkRe4n5yxmrKLR/mYbkDo44NTPqyiRr1JY1ay7nmGQ6:EZqJyxmrKLVmYdqr1Swy7ni6

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
4324	TGX.exe
4324	TGX.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\2c4653f2-0923-47bf-91cb-bffe4d7aff99.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230603205826.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2172	msedge.exe
2172	msedge.exe
2032	identity_helper.exe
2032	identity_helper.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4324	TGX.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 2172	4324	TGX.exe	84
PID 4324 wrote to memory of 2172	4324	TGX.exe	84
PID 2172 wrote to memory of 1748	2172	msedge.exe	85
PID 2172 wrote to memory of 1748	2172	msedge.exe	85
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 3444	2172	msedge.exe	88
PID 2172 wrote to memory of 2776	2172	msedge.exe	89
PID 2172 wrote to memory of 2776	2172	msedge.exe	89
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90
PID 2172 wrote to memory of 2900	2172	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\TGX.exe
"C:\Users\Admin\AppData\Local\Temp\TGX.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tgxgang.xyz/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe12e546f8,0x7ffe12e54708,0x7ffe12e54718
    3⤵
    PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:3444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
    3⤵
    PID:2900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:2420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:4756
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    PID:1172
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff634135460,0x7ff634135470,0x7ff634135480
      4⤵
      PID:4932
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
    3⤵
    PID:804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
    3⤵
    PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
    3⤵
    PID:2956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
    3⤵
    PID:644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2165620122879215704,18339606486151524564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1880

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
6d4caa8f301d8b7771709aced2015c70

SHA1
64c80a9cde772412f511997a5e09dd5be62fe0ae

SHA256
d5d77e0ee0245ede77ad333f665e610ff5baa10cf333d5e3adfb8c60845dd9b6

SHA512
72e5b53d0615afab5a3843754716da00a31ae878072a54da17e7c70be6c6bf6c02345410849e1ff672fadba46433c423f05c2da8e167feaf5a73b86ba9739db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5717be.TMP

Filesize
48B

MD5
35bd9b5870cf420388cf498ee2e94551

SHA1
55c0c77791655828005991fd00775d576c665b9c

SHA256
8fcce5be2388484589b5519dce807fc2899fc2e566700f7e6ae59370d5287fff

SHA512
7527e614fb531980efc8d3c71932fc9a641a3761595f3d1f47c65996628ca13487b671167b948c79a81c096bfcb07b7de1dfcb71c973e61d72376ba31393c517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
8d0433ff2f59105441fecbf84f75955e

SHA1
60977f7f20230d82664f6ef1a70538a59e682cfc

SHA256
6bc6457f992848cffed8a19f66a97e1aeaef5d4fdc010b23b80e7ea180815711

SHA512
c6e17246c2def39d0b4fa1cf46669faa1cf93ded3be3df4cc87e2cb7e047aa85043be2be8f36d3dcbff6bd5d5781ebd6c6f145de0eb0532390a5a916d549b52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
574B

MD5
f63dde420f529fc27d96cf688945128f

SHA1
19eb68e7387b9a77ff3cd5d05a7ca1bcb8029f62

SHA256
a60acb639da8e5d0abf6960ca2452b4ce82ca4020375c860aab69a6ad174e9fe

SHA512
3fcfb16a025e19cf81ae2a974d164f5f4d8bbd9424c09819c7b8d664a0ff6536f10c0154b59d30f0d587f2a0baa647731fa2e58f532792f23ba1644e3ffbec4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
dffa56b174cbe5de0906846558cf3bb9

SHA1
c7763b0554c91061c53cea9743627b97fbe68f68

SHA256
afe486d6e4dcaebcdb4eb2008a73f369ce63fae20a3906092aa09193ea9e6239

SHA512
2787da53368560cbbd62637097202806d4792e86e0e4940bd7ba89895684a9100111c11e2aa1823eee70251f5c55514ebd7a1ce1fa4d49ca7eacb506b0da843a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
593b4ef8706ec47fc08f735936a157f1

SHA1
9d1480f96d715e832a62d5df63b1860a55b1fccd

SHA256
d8b8db6c99f06b0683f53026bc011587713857f3e521fa3331790c1949980ba5

SHA512
c0520634ffd08a1dae0b36806eea2c376269fa86f84f97998c92988659979ee7b2325e110069755a9ae598c9df55bf3e695ed64c34de5653d7ccfd4ab95c12fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa193a8a7133afae5d9682cafbc66660

SHA1
44d861b17f8b0aea1905496b05988ae3fe509455

SHA256
eba6c6b269cb3d8ad686024805d11c369b6e544afcfe40108b40e3565f6b5c58

SHA512
b1ba94052270732f74640fece35fd0e7421d70fffc972caddaf41a332ab60ae13290f0a4100d2030d3aa0f5b0588d2cda0e5da601ccf300f8184b640f01097b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e79203d0f70092bf25058099947d5c6

SHA1
20d5e2bd3a2ef807207bc3981bd5494c34839c0e

SHA256
decca6fa6de1f0dcc2b46a7c45e62d1754fda43b509d92393c628d56930851a6

SHA512
b06c5cb26083e2ef7a407be262f37d83d9fee4788e30a94ce258639f7c1fb2ccb4e37ca9b77e4fb30c0fa0a9e80f94a5b9719efd2499c87deafc87d260eb0568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
9c1f93f22eb956f6be8f2f32700a92ac

SHA1
66068df21f46b872088886798b28d39d0428f269

SHA256
91f0a12f00cc54dc2448c857de43a122397a6b45443f4e18d4ecec2a3f77a3ea

SHA512
9eff2ee1b1cd0606cd6470f50139d70b6379a7d6d2d64ecba00826ba6d4285077d87205a7d35ade6401d1941a4605352924ec62a975790d78041f1ba30fec6c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ac42b014264572b30c8afaca6715b657

SHA1
890dce220ff4afabccfdcb0a45c5d3d9bbdecfeb

SHA256
8c70fa24977694abc43bba7ee1afb580ae8d02f1e6df180604c3d91116661ebc

SHA512
4f380c7f916421e5e77404b84b8d7be20569c669225c21092640f7dc4a9eeaf87c243b314156f33bdf2106f19eafcf2892894813266241cd535227b1648236f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4e374cde134a827b2e1fe838986fbbd4

SHA1
0781cc6f2d81231f89be29b075b80409602e7de5

SHA256
5df6cf7b25b54bb1a92d3945da07256b1f9d3765ab9a95c867935d21d7172c2d

SHA512
e809e5eb5a9639661bee772b61330adf050700b26a1139ef5f0b7c50153bc3bc4b9f3f89f1c4708b6b9e9cc7143646c92195f269baa1c4ace49b73a5dca06a41

Download Submit
memory/4324-138-0x0000000008490000-0x0000000008616000-memory.dmp

Filesize
1.5MB

Download
memory/4324-133-0x0000000000460000-0x0000000000510000-memory.dmp

Filesize
704KB

Download
memory/4324-135-0x00000000050B0000-0x00000000050C0000-memory.dmp

Filesize
64KB

Download
memory/4324-137-0x0000000001040000-0x0000000001041000-memory.dmp

Filesize
4KB

Download
memory/4324-147-0x00000000050B0000-0x00000000050C0000-memory.dmp

Filesize
64KB

Download
memory/4324-146-0x0000000008F50000-0x0000000008F72000-memory.dmp

Filesize
136KB

Download
memory/4324-136-0x00000000052C0000-0x0000000005352000-memory.dmp

Filesize
584KB

Download
memory/4324-134-0x00000000057D0000-0x0000000005D74000-memory.dmp

Filesize
5.6MB

Download
memory/4324-143-0x0000000009000000-0x00000000090B0000-memory.dmp

Filesize
704KB

Download