bc7551e9106ce385869205a1fefec870354116eae3e795ee544c7c481f85a1fe

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2023 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TeaInjector.exe
Size

6.2MB
MD5

416cc52db42c77b0533d9cbe4762757f
SHA1

2a5e262da03733533af264201eee138334f56e93
SHA256

bc7551e9106ce385869205a1fefec870354116eae3e795ee544c7c481f85a1fe
SHA512

28a5b6410380c322fe6c467879535cf6ac0db26d337d7fa9a5c2558d36a28e2c4dd368ea1cf0a47426ccf0ce03a69020c0d12e18fc209806b4b9d2913772200b
SSDEEP

98304:VOjXE9C+YbsiOU/ILCFWujXE9C+YbsiOU/ILCFWB:UaZU/IOWuaZU/IOW

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f3babb0f-d547-485c-95a1-02d7ac8e6b8b.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230608124338.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{9D1DA05E-32F9-41D9-AAFD-C72DEC821283}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
4952	msedge.exe
4952	msedge.exe
4712	msedge.exe
4712	msedge.exe
2700	msedge.exe
2700	msedge.exe
1620	identity_helper.exe
1620	identity_helper.exe
4484	msedge.exe
4484	msedge.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
672	Process not Found
672	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1316	TeaInjector.exe
Token: 33	3892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3892	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
1316	TeaInjector.exe
2700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 4452	1316	TeaInjector.exe	84
PID 1316 wrote to memory of 4452	1316	TeaInjector.exe	84
PID 1316 wrote to memory of 2700	1316	TeaInjector.exe	85
PID 1316 wrote to memory of 2700	1316	TeaInjector.exe	85
PID 4452 wrote to memory of 3064	4452	msedge.exe	86
PID 4452 wrote to memory of 3064	4452	msedge.exe	86
PID 2700 wrote to memory of 4108	2700	msedge.exe	87
PID 2700 wrote to memory of 4108	2700	msedge.exe	87
PID 1316 wrote to memory of 4376	1316	TeaInjector.exe	88
PID 1316 wrote to memory of 4376	1316	TeaInjector.exe	88
PID 4376 wrote to memory of 264	4376	msedge.exe	89
PID 4376 wrote to memory of 264	4376	msedge.exe	89
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 4376 wrote to memory of 844	4376	msedge.exe	90
PID 2700 wrote to memory of 1168	2700	msedge.exe	91
PID 4376 wrote to memory of 844	4376	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\TeaInjector.exe
"C:\Users\Admin\AppData\Local\Temp\TeaInjector.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bymynix.de/discord/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb1de646f8,0x7ffb1de64708,0x7ffb1de64718
    3⤵
    PID:3064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,3202299754607912863,12147211484133794683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,3202299754607912863,12147211484133794683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bymynix.de/projects/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb1de646f8,0x7ffb1de64708,0x7ffb1de64718
    3⤵
    PID:4108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:1168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:3612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:3852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
    3⤵
    PID:2476
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
    3⤵
    PID:2544
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7ad615460,0x7ff7ad615470,0x7ff7ad615480
      4⤵
      PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
    3⤵
    PID:3832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
    3⤵
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
    3⤵
    PID:4052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4044 /prefetch:8
    3⤵
    PID:4792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4028 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
    3⤵
    PID:5180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:1
    3⤵
    PID:3488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
    3⤵
    PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18149287099772296092,15038553897349661699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
    3⤵
    PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/ByMynix/TeaInjector
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb1de646f8,0x7ffb1de64708,0x7ffb1de64718
    3⤵
    PID:264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3044437867509226685,17380443740517072071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3044437867509226685,17380443740517072071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x52c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
214KB

MD5
c4e5a6abd1209dbe78adeba5ecb9885c

SHA1
bee7f9eb5a4d790c50723eaf1ce643e2d5e11158

SHA256
d8f105deb10f69939c7d631bf8ac7f32fe212c9b25ed220057ba6d38a5dea42a

SHA512
7f9a19acbf2420dc320094967efabb3eeb2b7720005bbd610a6f6dfc43f71a1197557306045b0412997124dafde02f3637d21a65ca43e0bd6ccdc22707028b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
474KB

MD5
e16e13ed5d8ae8805dc9467b2f0afe81

SHA1
0b17c3cef5b8b5e79332bbb6188555c64ac06fc0

SHA256
23fe1175c5a62db17156b38e665cc45bf6391b96163b897eaf0f36ede8a6b36b

SHA512
56ed230e00cd2332625ca210182ab3f40e4bd1095f3a28990dd96711b5425b63d5d17e243d1d28919e8190c2c9d86dcb478008cb99671c2a4503eb9379d8d46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
31KB

MD5
c498780aeb9f7bec7fe3324d832b053b

SHA1
93a7aabb520e305fa18d6068d26b29f86ab2df81

SHA256
ee6361a3727e9c3b8a70fab7453df4feaa691a048492d2748e733522c31b9a2c

SHA512
f112e3ea6c1f00fa4cc93de1397e62c2411d753f264e7772046565467ce38b1971655c7bf28d692cf4fee5730a2fcb3bff203fedf2ad45c7bcd5d5fcb65ad9d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
44KB

MD5
211ce3ce8b4b67ef8cf316ab34945a49

SHA1
26aefa04275e8d0ef8e1e856b4ddc53e5afc18a0

SHA256
c166008a7aae9c0aa03dbd124ce640f7fefd234b95b9bd95d9fadd2af4ac841e

SHA512
b53270d69470c6c2430f465569a3543315175c2627d6cffb3db00af760eef682af755e1bfa4b1d5530b9eb493137895c3539ee120ad2e1a25be4ac20600f81f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
69KB

MD5
f3ff143dde04947e94ff947dfdf07bd4

SHA1
1efa0823524187ae2e87d5b7a6a7e4d16d1d7e47

SHA256
c87620780590cb9bfff138c0f0f97b0d6743917326bbe3a229a0630f5bcf78e9

SHA512
67a5ba313363442aa707e87e81a2570a00a06f233fe1aa8d01ed1a75afb45385748df7b754fafa59f6d475a2fa4db5ab6b25245ccaf7051201037a959e1e82e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
70KB

MD5
2d44c925f11a9006f7ea7d139dbae96a

SHA1
f7b0ec2456dde8c905d51629b519c0b455d6ab8e

SHA256
cbd812637583082856f7d449120fcfbc428df23ad3227a1f5f0a270ec8770208

SHA512
d088bb2f25896c8bd6fd8e8092e14f7bdbbb1e1dd6731640eccf50a58b466920c2386ec735abbf5db4a63be2db9132f54f9c5aa59908ece72f0837622b281b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
66KB

MD5
b3e92009a7ed85d2cc8fb8bf4631a360

SHA1
957d707a768333f5b2871f8a2ae1bd901f1bb00f

SHA256
fee76d844a5bc1c5ab16e8b8aa1a154dbf3f3a0dda3b57a1a18abf95c10c9116

SHA512
519939b82489f23382be0c5e2bd4102eaa24ccd5c2f87bb8f26dac7bf6c94a4a445e089faa7dd12ae0aeb333a03c188f390e094693b3956fe07b560505b54e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
19KB

MD5
6048ba58695b90791f4356d2b18018e3

SHA1
c4219dba234a098ced4fec94a5265c67c568f3de

SHA256
bc7ef6517ebd1f6643fdb0ea5f553f5f0836d6e4c1183c35c6d396eac5d2675b

SHA512
decaf878c204c1b434bc26ec4d0406eb6aa703ac354ecfd8689c88cce3db5d5023631cea94a5d13149e913dd29f288cd6b449b49f0e9eb7a29ceb0eca0a3f13b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
21KB

MD5
ff0325b3694877128bdb2aa3694b7de2

SHA1
19898d179f8d1a058a8b5cf7d0adb447aedc6c6d

SHA256
8c90092148b4ef036657adb4bd331969f033499871c2e3d5bfeabcb73a4ade2d

SHA512
90c2c6193b93f14c97c016c21e8e518704342af7aae6dc645eb213db79600f5ad63f353b28f7b2bbcce5c4c1b1ed0894fadfcc209263d2400a9aaa49f4574083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
42KB

MD5
685ee3dbd0a041e4544389505a2d02c6

SHA1
2c106c52bb0877431a64748ba92ba10825c54d14

SHA256
6cb16dd39f21b5d8ccec1308118464f5e2a56029544aa35383146a7c945cafab

SHA512
364cc2578cedbceff4b7cefbbf2ac2fadc2db5ed9125a3e49ea9f1fbfdae4ee7f5cc456022f3ba571740a21a341d848c2a87bda03dfbe7e88676c8d5075e6d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
53KB

MD5
47d325cacd6124ea268fb162323d8afa

SHA1
20bf9f5290b8fa05d45de3de1f82b612c4b7cfae

SHA256
b53fc7133be4eedf7af66b92297a8ef662e7074b0fa0725de9ab477b2184c1fd

SHA512
e85a2ffc87bfe9221ecb9984f5c183f88734d2b64bf807e972d1d028b96b3c29f79615b745821964c160aa21bc7fbbead5c39c94238b08668564e223d8a51fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
109KB

MD5
6e468bc51d6b716c95be8b2745708f70

SHA1
0c52ca917c6124612efe31a56b32f72a11a962a2

SHA256
150da7eb62f868304d7994592212492a49981c6fe6ba5c0126ce5b9197b91b3c

SHA512
421a27d79c1cc665843a320e1b168997307596361803e1e2869befea16e617505e1f8b34e506cdb7a49640820510cc0e0856f08c5a029973d619c14e2d42d2fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
279KB

MD5
89fc54be845910f3b2290f69c75eea9d

SHA1
b131b30899981df54f1ec0de6f115f6bad109126

SHA256
e3024bab5d95e111b15ae28670e0395a815db54f9a4d36246dde591dfad6dc8f

SHA512
567becf36e446bf6604db30216ee7c4bf6b98e8b5f3165c59b3018f1500c4c1ab7ea13ec162346a17240d9c01a9047263f9b3df7234f600631807408e716c5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
175KB

MD5
4c89ad37b532180637d72a67d104ee04

SHA1
e3ea2164d6e12f4b752f1bf3f8ea2284b61a87d1

SHA256
48d1ad7810152d7d80b18c00f28e4eb1b3a3bedd795a81859b9490d1407a4d3d

SHA512
3e96283fece99fdde651386a41a3340cfcb12b713af1d550de92e874dc5f2d7b73cfd0912904bb1f9858ed0e39f58e93d1243ab65568b976b991544fb24b9bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
317KB

MD5
df76a8d3dee173cc47029c99560890e2

SHA1
2ff997e2d1600335449d10e7d6ebe07b5635a1d2

SHA256
f9b7360e9076c425c9f495ebf3c2300d26322c53dd42db032162bc6cad9b28a8

SHA512
1c2ef4e72d7a8264e4124632a04ac3d348d8f0ee0c7620782be7bb13fee3f60a815bccfa96ecad4595775d207872917ba5f87afec81bb1afa674ee47413e6d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
379KB

MD5
dae71f636849f702b8307694d5157bb3

SHA1
33c4eeee332da45d8e350cf2f32f000165963b4e

SHA256
7d67ebaf507918edf249c79e02a21baa8cea690566b7f5198928b88b315678f3

SHA512
ac0e957d6643587343de7798e100f386eb31a599fb05d8e0ae4b3d948eb664bf7155c5cb019efca0ede993745d6e802a8709922f123777bbef4d35b7227b9c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
538KB

MD5
674b77eb17e31665e37e408de381c144

SHA1
50117b14651d16a420be55f62a7c1b9b127cf2a4

SHA256
7254d4b990e545b1eb222bd8c1c8cee82fc295fcd147e3c670d8a1a4bc4de734

SHA512
977d5f0b4277d4e3640277c2de8d88af5bd99cc4785293e69b84238c97f272ea679fb36aefcbc8e1f8a8373c81e2e4019bcd4dd1b94949f7673af412304416f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
c5c8e50aa7ea37b57696da1abc1b580d

SHA1
008f6eb3bbcbc3e122ab0de7f6d8f8afefbdd845

SHA256
35cec37b98ade8e3c58d523da165e3d8974f90f25d149b3098f42ea25bddadd7

SHA512
eb3c51056513825cdc1db32ac826ee7d5935a22ea028df53573f62225b57afe3c8fbf5f3fdbfaa878d127312a376c578dea1fe4a3b53dd49ab918b36dfb000d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6a7eb36e61cd77a097cf93233d07be3c

SHA1
37503dd211508b20fbe538fb032fcd7c3251e45f

SHA256
5822224b37ed98f56f60f1e40328e0083414c6dc82508ffe9eb01fb0283aeb87

SHA512
3d9ecfeb7676ab6e209c9afca02e584f3a07da1149959e9c02d792377139ebe0ee50cd3b18e2082b65c16cdf0de7495b3eff67623d154106a6afd5abb498bae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
6f7365416fd7d4ead508493be1306082

SHA1
b4ba4c2d9854f6c078a6b46693b1cf18944fe342

SHA256
ecb3629373544eb098504b3a88f823141109e9609857d3ee651d5f8b384e74e0

SHA512
57572e5a13e588670045a4f3116c31945e577ed7a651a3f9f05c5562aab126c36b71ec2c832231b047a81148bf301773dfc51d48a67aa85f419911435e817f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
b8eec4bf69ddb12db22aa334b150fbf5

SHA1
8e057e23b7771c600bdde01696559fbeaab1897c

SHA256
80fa08c47f6dc2da33501c3a332c8e701052a6f454b19210b87b3c669ba0614f

SHA512
2e67dfc7ce0b766f0debe7fbd6b806fc3351a5a30a40536e7b20991affc6e28f22dc7b57b10f97370fbb8d13c33729f9315cb0bcb9507e64d0dae71a9dbbc010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
069c68bade9a555e42eb3f4e8bc26061

SHA1
beae2a0b1b80daf1baec25c4f6f9e0f860a2b825

SHA256
a09b2632781b3d12a17eed7eecfced3671299dcc50ac7ffb63d15e96b17bd5d3

SHA512
ebeaf4ed0b74720c451a19fa2045594ae711cee4a1fe1170959b109cb118de7798f4581474ca45514c859aa8e5c185ac4edb162c6a145c9e054f5a385ac64f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ffe45a2203f7b6694256ff96564c02a8

SHA1
b3c371a9164ae15bba56520b7957562145127518

SHA256
b199d99a7b5c7e57e8106e0bbfd812372768ab8bace6835b96888c9884f2c286

SHA512
7abe94c46613fadcefc181bfc3f9aa128206ac211b3dddf654c60f6119d1b1d4b186b890971bf5702714099cd73d55362d8c3700aedaac5c3ab3824beb65b8f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d4b26fe4213939cec777631bb775bc31

SHA1
0a76f23c3e235f4505928506fbc006e345bc9d48

SHA256
abb0745b664fbf635e2279aa1630ba314c4fc28b87d0d75e20888a59c87e7bea

SHA512
e330b32345cf427204666f602df56f1c440e3906592c77c46be1b930d2b31a343ababd209237365db91ef4def8284679a2d726a8dd3d0580c8a3dae59ebc64ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
a3757dc98deaa1f92a756f0050b77236

SHA1
bfd3e094e471f219474b9c8da35ddbba7340c5f5

SHA256
932985339b4fb1470021f7773ea115a7d8163bda0e24800704e3fdb5596bf11f

SHA512
c7cb16424a4f366e9813f3922ea22f1fca9293a1c6c72430462bb0a7c0f712df1568534d7143ff0301741736a9ece09f35f00afce1617349ebd31ba9731a30ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3cbdc775a13791a137ed0190d2a5a462

SHA1
285c5f4b7d0adf156a003604945bbf76b3a0b901

SHA256
661845be92fcd4bb110b131232077bad1c78e3ea6e288b2828eaa74737c32648

SHA512
6ad81ca260f958dd3268bc6151bcc731b25719ea5cf494618e8cf00ae1de294d0c4919022e7f9550bcc3858968d84c65f5bb1903d3efadec4887edfde451cc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19e4414f2e6cf2921f51c2a0dac563a6

SHA1
a0d10a6e2c08f64c958d5cb422adefeec1aa264d

SHA256
b18316f144ef28872f4e5ce4932cec30e40bc94db46a7e16c6840de905df0ae5

SHA512
c2c79cdef3822419c430a054d87a4f42ee9dfdc27b3a3f8461646a8a05f95ecc706f672b47ec73b3be25d554e1fd76672720ed86bb2e40a7cf7f85d731730dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c9b7056faee475128162741ea6cb03b

SHA1
a3072f48ec4a728f7342f03baea3b87cb1001e71

SHA256
43b3da429293e8ebc2261a95ac6c34b19c1dd00d2a910fb4fbcd2267c1a5d709

SHA512
d6a1db346852e5bd7744f88ca80a61f6475891f8145c4db9e90eaa54b0e5d8d933c6af9361a2ece8c2c60b0bdf95c533c0c2eb94a368c87b81d6fef1657af697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0c48a379f7eccb3f5a7e9508ef9617a0

SHA1
293c2b2310ff739427b7d051a46ebc144bdea424

SHA256
c5a9f3ab65f79e2b640814e3efbf0b518aedf4a8365bc707d17bb450ad3e4bdc

SHA512
9238b4a6235d59de2830f7a7c58a97b4a410b3eb8780ed21ceb7227f05081b3cd8e0fe9bf067142327277202f073a120d009dc4b4d6779bd33ff8a5dc0fa14ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e79203d0f70092bf25058099947d5c6

SHA1
20d5e2bd3a2ef807207bc3981bd5494c34839c0e

SHA256
decca6fa6de1f0dcc2b46a7c45e62d1754fda43b509d92393c628d56930851a6

SHA512
b06c5cb26083e2ef7a407be262f37d83d9fee4788e30a94ce258639f7c1fb2ccb4e37ca9b77e4fb30c0fa0a9e80f94a5b9719efd2499c87deafc87d260eb0568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c1d3dc6779330e2d44f0b43ba7d115d

SHA1
f857333fdc591a49892f27d4818aa839b309666f

SHA256
e3e59f7deab28c6b5c232fecf07db30f28aa114302f22e394b545a7d1eedcc4c

SHA512
57c83963f3d94cf4a762d1500f5c86f4c66b8049e507866c5ca267d65f9145e8e8ba46b67bae44598039b7c6c08c85d70dc02fa8f520635f2efe5814bf6803ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c25dbfaf8d18939540e9bb545757708c

SHA1
79b1c1df3bd29281a6dc844876cef79d3be4d050

SHA256
ebf9dce6710045c857bedc9b534daa3676dac2c7f423186c35c338bed608f3c4

SHA512
a9916d23972be070b2e9c7c7216d1f955985bfcb0ad78cbcb9f7a4a443623cc9b79f3e5e1d8d2e9aae48d3bd346f4d85e2cc66a6487ca94402d36dbe920aae14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
949c064c961721bcbb6f6a135f3466f0

SHA1
586c0691013ec07e4af51218590511eed0893efd

SHA256
719fa6931c533f2f3f417c98458d2e07fc4b44a3d73c90bf2241e2bdbcae4eea

SHA512
d52346c66cecce08e0db51422ab13131b02dea13d997e81b2bfafd37f54fc36fa356170a3a48420b81f3b804a08634c5a3f6ca619437651e89f4d328ee0efdb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
72473ed452fecbb407179adca60716b1

SHA1
bb2cd7c98aaf732840ee0602eaf7cebcb4dd8d42

SHA256
b123728f9afaf493412c121dbe181ca0f8a9f81f44ae13b60ae7b9dee83269fc

SHA512
299b02f9364ef24ed1f495b48849b5f6a2dd19d67feecd59c6cdd36d961de0ed29a6983c9464efcf97b10888242193d05f4028699b82182368073a472693719b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b62c55bbb530926d147c80a04957d2b2

SHA1
8d2b47f054f4d6b371938509cc2be7284f7f08e6

SHA256
295c2c85e0b77760956a86f551ae7aa69df5ee2b3e914cfbfa1fcc3f136c1a55

SHA512
9a1e297f65008f8df5d85016ec9f0517895e8fd7a977bac712b07be675d886c661ac42e28c6423c167dbd133b2952ef6737eaecf11e5f4f5ca2b8d21e230f235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7e2ac53c132a982c4672e75aaae4883d

SHA1
e4ed98142f7b5c12fc7f65a31e258b92bce93417

SHA256
994aeed4e7a383a569fd08c21c73235498e4fa3c6bc63e5a3319ab82d2ae717b

SHA512
11a30ab4a61dbe4fc0f15ae5f7436ee507e3cbdacf0dfca684345deaab091ddb729b0a46d072435b4fdcf3bfe347aa9112f4fb8aa20c7eb5cf1322a1b6353bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe570f81.TMP

Filesize
1KB

MD5
c8c39f0c851d773a4dc16e36cd626d93

SHA1
bb5410eeb5da4dce7f16c439e10d7f64ce5ed229

SHA256
95d3b7587aec8de02c27fc07399da0fc0b060dd413d7cdcca3cd9811ff978c5d

SHA512
e618e5db8f6b90e2544e1a08d9bd464416112f1dcff8821f9912dbbff7c91bd2d56ed141767a688998ca374615582647532b9af66aef6de8ef026c67e56ec16c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
d89a9d448e624cc71ed2a2e6514eed56

SHA1
69fd4991352293b299b66097530f26ddedd0db20

SHA256
e462cf17252b531dd3ece984507d9177ccc5ec21314f018f2ff8d0b1ffab5a86

SHA512
bea92bacd616f8ee3e478a1d80828f923ae328e6c23a9ed2de464f75256dc1c31a8f5eb9e226e0a2f373707f4c5afcf3cdbcf7a463096d3a7dae9efcf04d3701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e13255cdab72eda2515684761810a706

SHA1
827e1e45bb8c783aa7dbe5db7568ec8215f795c2

SHA256
674cb8b4350b8495c5bce7546b059d569d75a697b338a46d6f61ff862e7dd31a

SHA512
16fb48202a7d88eb4d8e8b6e9661e951f944af3140aaa9290ad5e5f51c3f9bc50e4902f2083020b9165443477823efe64e5122ea8ff2712d1198c538bc855805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e13255cdab72eda2515684761810a706

SHA1
827e1e45bb8c783aa7dbe5db7568ec8215f795c2

SHA256
674cb8b4350b8495c5bce7546b059d569d75a697b338a46d6f61ff862e7dd31a

SHA512
16fb48202a7d88eb4d8e8b6e9661e951f944af3140aaa9290ad5e5f51c3f9bc50e4902f2083020b9165443477823efe64e5122ea8ff2712d1198c538bc855805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
46d1736e59b431085860a1a38e4a96eb

SHA1
9aff041f686566815a62b0dfa7b46f374130f5c3

SHA256
bb17e3e6af456e28f4d9757af204edceac0e038153406c0ce5c457f6cedaa995

SHA512
feed74a3373328e61af03ccc3b23227f6e459057e4bde528c6db8a8d7742b27f4c33c111e8eb11b3f2b7f4aff2131e8e0a46b4b9b0bf4322c4e94dd25c0f7662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
46d1736e59b431085860a1a38e4a96eb

SHA1
9aff041f686566815a62b0dfa7b46f374130f5c3

SHA256
bb17e3e6af456e28f4d9757af204edceac0e038153406c0ce5c457f6cedaa995

SHA512
feed74a3373328e61af03ccc3b23227f6e459057e4bde528c6db8a8d7742b27f4c33c111e8eb11b3f2b7f4aff2131e8e0a46b4b9b0bf4322c4e94dd25c0f7662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
46d1736e59b431085860a1a38e4a96eb

SHA1
9aff041f686566815a62b0dfa7b46f374130f5c3

SHA256
bb17e3e6af456e28f4d9757af204edceac0e038153406c0ce5c457f6cedaa995

SHA512
feed74a3373328e61af03ccc3b23227f6e459057e4bde528c6db8a8d7742b27f4c33c111e8eb11b3f2b7f4aff2131e8e0a46b4b9b0bf4322c4e94dd25c0f7662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e13255cdab72eda2515684761810a706

SHA1
827e1e45bb8c783aa7dbe5db7568ec8215f795c2

SHA256
674cb8b4350b8495c5bce7546b059d569d75a697b338a46d6f61ff862e7dd31a

SHA512
16fb48202a7d88eb4d8e8b6e9661e951f944af3140aaa9290ad5e5f51c3f9bc50e4902f2083020b9165443477823efe64e5122ea8ff2712d1198c538bc855805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
eda033a5940153f2adf8f8b6c1491567

SHA1
e87b927e3be92977c5f2435dfaafbc422170ecc1

SHA256
2ee1c5441a7e2b9980122c7470d56837d10218da9b2d66318a8c7be6f377a2bf

SHA512
db9217fa11c504b7184fffe72996859747675928b6e5750ad1ae8a9611fb1c60c0eb0a9827ad87aa192787177e17224bb211243e9155be823c3c469470790b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
61ea65c771c2982eb7a6ad6c21ed4715

SHA1
a6ba4c651771aa643cbfb76f5ff5990365e3df90

SHA256
eec59ca86c4532d77642350e4d25b31a414cca39f5378ec757b665d4aa05e093

SHA512
146880437bbf52b7e2784106cdb910f3e6f8aeaa97efd278f5003c063028b4c3cc58ec7e10f644e3d44ac32a90c6fd54400562fed51b5f0f360e7f4827f39f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
90a4fafb4b6c4b16c3003bf2e404fdbc

SHA1
5b738dfcacb9c5bbe4e3ed4f899e5007d9163716

SHA256
c20f0935dc3ffd4d57671eb2c078eefe2bc9c48cab72f1a8c09bc58f964398c7

SHA512
2a69f79c65106bc8a438c4fc0c5352642ddb083715a7da4737e8c325e5a31e3e7defb863a21d6ca66e922c7fc749cc0944ea77eb0a0feac074ab6a9a0413d9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
debf809ad3654914e7a3a13f40bb6557

SHA1
1a653c42ae3de8201303960c66e6315dfa623ab7

SHA256
6eb0402e59e70e4e958d699b2a72673f64883d0c3ac6081b3a2f85eafad7930c

SHA512
d2fb63f4a2f8ed1064e85e13226cbf78bbed078f301e9c0525fb7850a8dd85df334f9afbdb599e00253355d63d4245085dcf6403b86fd8d1d78f588fc6ce711a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
53b4f70a33b31dc510463175517d02d4

SHA1
e5b7431fb5cc6f1a9b0ba60e50e41fe276848739

SHA256
c73dd9686b37cb4c608aac79f13323e1eea8a0df5481c7c90df26cc79184dc8a

SHA512
08bc293e68655b137987255e56363cb8dd5cb287ca4b202d46ed7af5127fbc8570cede1c72b286f654d5764be251c3f3a5c197a6f02f937d0168cdfd400ce770

Download Submit
memory/1316-139-0x0000000005160000-0x0000000005170000-memory.dmp

Filesize
64KB

Download
memory/1316-138-0x0000000008EF0000-0x0000000008F12000-memory.dmp

Filesize
136KB

Download
memory/1316-133-0x00000000001E0000-0x000000000080E000-memory.dmp

Filesize
6.2MB

Download
memory/1316-287-0x0000000005160000-0x0000000005170000-memory.dmp

Filesize
64KB

Download
memory/1316-137-0x0000000007C90000-0x0000000007C9A000-memory.dmp

Filesize
40KB

Download
memory/1316-356-0x0000000005160000-0x0000000005170000-memory.dmp

Filesize
64KB

Download
memory/1316-136-0x0000000005440000-0x00000000054D2000-memory.dmp

Filesize
584KB

Download
memory/1316-135-0x0000000005160000-0x0000000005170000-memory.dmp

Filesize
64KB

Download
memory/1316-134-0x00000000057C0000-0x0000000005D64000-memory.dmp

Filesize
5.6MB

Download