56334550353b03c47980eabb2ba52487b2b542f747c6da5d75b2bf4087e19b3b

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2023, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TGX V5 - V1.0.0/TGX.exe
Size

1.3MB
MD5

678c8653640dd0f9d19e278674472d54
SHA1

4a331b40f175cb0d9fc460e7cf9fd5783048551d
SHA256

6fba7d910817ad1807a538e6a544c5fe2d16e39017ba40ad7c63beaa75f65cc0
SHA512

06c5ae89aa5e5538198625f1532b5359b9f2f15d970e3f73869bf770fd50fac862727c658f16ea10d1f6267e7ab9eb9c1a091ff942a385c31d071c24f473b347
SSDEEP

12288:zflguQwxRJ1cJ3DgRaSelVJDp2f7K33nQ3gwp/nhyE:zflgwRJ0iaSebJw63QR

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8d6722ae-9041-4221-ac0b-caef787654a6.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230609022918.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\discord-1109914172235460678	TGX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\discord-1109914172235460678\URL Protocol	TGX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\discord-1109914172235460678\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\TGX V5 - V1.0.0\\TGX.exe"	TGX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\discord-1109914172235460678\ = "URL:Run game 1109914172235460678 protocol"	TGX.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\discord-1109914172235460678\DefaultIcon	TGX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\discord-1109914172235460678\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\TGX V5 - V1.0.0\\TGX.exe"	TGX.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\discord-1109914172235460678\shell\open\command	TGX.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\discord-1109914172235460678\shell	TGX.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\discord-1109914172235460678\shell\open	TGX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{94A4BD39-991F-4250-896D-F23D9332C6C6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
1580	msedge.exe
1580	msedge.exe
2680	msedge.exe
2680	msedge.exe
348	msedge.exe
348	msedge.exe
5080	msedge.exe
5080	msedge.exe
5212	identity_helper.exe
5212	identity_helper.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3036	TGX.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
348	msedge.exe
348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2032	3036	TGX.exe	82
PID 3036 wrote to memory of 2032	3036	TGX.exe	82
PID 2032 wrote to memory of 4428	2032	msedge.exe	83
PID 2032 wrote to memory of 4428	2032	msedge.exe	83
PID 3036 wrote to memory of 1856	3036	TGX.exe	84
PID 3036 wrote to memory of 1856	3036	TGX.exe	84
PID 1856 wrote to memory of 1780	1856	msedge.exe	85
PID 1856 wrote to memory of 1780	1856	msedge.exe	85
PID 3036 wrote to memory of 348	3036	TGX.exe	86
PID 3036 wrote to memory of 348	3036	TGX.exe	86
PID 348 wrote to memory of 540	348	msedge.exe	87
PID 348 wrote to memory of 540	348	msedge.exe	87
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3632	348	msedge.exe	93
PID 348 wrote to memory of 3872	348	msedge.exe	92
PID 348 wrote to memory of 3872	348	msedge.exe	92
PID 1856 wrote to memory of 1676	1856	msedge.exe	91
PID 1856 wrote to memory of 1676	1856	msedge.exe	91
PID 1856 wrote to memory of 1676	1856	msedge.exe	91
PID 1856 wrote to memory of 1676	1856	msedge.exe	91
PID 1856 wrote to memory of 1676	1856	msedge.exe	91
PID 1856 wrote to memory of 1676	1856	msedge.exe	91
PID 1856 wrote to memory of 1676	1856	msedge.exe	91
PID 1856 wrote to memory of 1676	1856	msedge.exe	91
PID 1856 wrote to memory of 1676	1856	msedge.exe	91
PID 1856 wrote to memory of 1676	1856	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\TGX V5 - V1.0.0\TGX.exe
"C:\Users\Admin\AppData\Local\Temp\TGX V5 - V1.0.0\TGX.exe"
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tgxgang.xyz/discord
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd203c46f8,0x7ffd203c4708,0x7ffd203c4718
    3⤵
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6435726217007943808,13778349177201268741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6435726217007943808,13778349177201268741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/c/AttAnxiety
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd203c46f8,0x7ffd203c4708,0x7ffd203c4718
    3⤵
    PID:1780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13643878891700819684,13579346977479642790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13643878891700819684,13579346977479642790,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tgxgang.xyz/scripts
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd203c46f8,0x7ffd203c4708,0x7ffd203c4718
    3⤵
    PID:540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
    3⤵
    PID:3632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 /prefetch:8
    3⤵
    PID:1184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:1324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:1840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
    3⤵
    PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
    3⤵
    PID:2544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
    3⤵
    PID:960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
    3⤵
    PID:1128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3952 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5060 /prefetch:8
    3⤵
    PID:1064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
    3⤵
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
    3⤵
    PID:3236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
    3⤵
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6964 /prefetch:8
    3⤵
    PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0xe0,0xdc,0x234,0xe8,0x7ff7f6b55460,0x7ff7f6b55470,0x7ff7f6b55480
      4⤵
      PID:716
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6964 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
    3⤵
    PID:5416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
    3⤵
    PID:5408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2979377111038839806,12691983203491146308,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1044 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
427319130734f6feb61353112a0be41c

SHA1
22aba75d75ffd924b4973eaff18e53003cfd087a

SHA256
fa893b65650a2435c1a01b8e0382b803774214a732a7cf5d5937aca88049d2c0

SHA512
3a37e3f9755adb56f423755d6796f2ac738375b1a7533592f45b5615b63436470d2a51420e2159dd8008ff386bcc5d087a46473865c096ec30a9a595bd7c7786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f883800d59332400180abd49c4723f1c

SHA1
851e2e071aa06f4bfedb35ad096beced2d5bc024

SHA256
875399d34bc6cc6d1d09154b02de5d06bcf3f154df644899346d238026109983

SHA512
20c0567489fb30735c33e07fcf959657a6dbb2d7b0c2b07de852a5e892d560e4f5e709ff0055f98fac61df77355a92489d05950dbaaac14378d3823ba19dea7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57a3b2.TMP

Filesize
48B

MD5
93a06661da85b521cec6a3fe7493e892

SHA1
691af5b0ef4ac21a4011d90ad34da4324add157b

SHA256
3b91a261e906f160d406e6eb26546dc0a0ffe095c0e675f95b174f98d48cde03

SHA512
39d72b47cdf5e3de1e788bf060086cda30abff2fc0089ea9c7051045b57f58f4c9a271d66d9c1cc4b0a738623dcb6a7dd313707a1a4a30a16b6c0efb8eef3bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cc7828650575fc439856ef607040c48d

SHA1
a152e39e756108f8ef7134e09fefcc4d3a589a72

SHA256
44920081707dc661041cc4eca7d4e667382ab40ebf7091b1379b65a191ccd4a5

SHA512
2c84f353f4f25ff1d0948c8196bcf85f6764744a8ff503488710acdd894375b4a1074b65ccb0529920292a82f8842ae5199d7ef0a98bb779d8e22b1bca74519a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
d631b4913dad98af84f1d214de984799

SHA1
99a64c913a1988b1b53f5bad7643ebea8ed842d3

SHA256
609185a85bed1c92929d4f8e21e7d8676522b952549bb405ef8adcbec6198616

SHA512
2c3f145be919b803cc5bf842330eb8f29c675fd0a642d6d00bf58841cd8d361777df3e1055e083a6fce2dd43d90f3adc2ecfe2128b8f2a1bc60175ffc0ba0bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64b740e5b8e378fb96fffd9ae4d250eb

SHA1
1bd63d2881f686dcbe12ca769a70d7a540221e47

SHA256
d0956fb2437036728879ecd3fd44623bfba95f4a325ff80de5cab16ec2657b2d

SHA512
2e2b13c6c48b6e7c86a096755b036bd11041277b0ddafec1d0bbbf1662786034e6262614e323f6b6a3a013d2f13a3531e8fbd7b51e4c46dd3f40509a34f742dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
745083ad4e9e10f6997075e21ad6b80d

SHA1
b9cea85148eca1b942cc474c02a238d8ff9af6a3

SHA256
51b9549583e3ac4430929aaaa3e59efee4f6d15c47e54508371d9961b92dc1e7

SHA512
876f365a34338d1d8446b46ed0da31cad32060d2c5b6ab236a6728b4ee171abde5e5ca76347c0eb14b7180d6b392c5d5470b08cfa684b3629e113de2aa60b48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
955e279267f9ae00df141931a64d6eac

SHA1
61a45fef801963d3c701fb1ce69ff2596609ad23

SHA256
740f3c420b093af6482896c92feae6eabe0fa9192ffd52d030bd4a3bee3f4056

SHA512
07d856cf7cea516d066eec6e07289f08190dd55194187d1739cc5344ae51e849481b32cc76bc85f69dcc80a6bb0b8841b67c9c9d158538ef7ba945a701fa1dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
784a51387993e9aeb34d4ad4ed93ab48

SHA1
1cbf9ea1b6c2ea18c8670f26ebf9c11d7d245bc4

SHA256
567af49b26f4676e8c8ad07b34db13ae7a9e19ba01e6bd1af390a611b44413f8

SHA512
ba34c55cea5840723b16f09f0a790f823a5a65657f8163018cbfcbc3a13c83b1b4b6a1f8ca0fe188c1ba7d78cc9319889235c0f6042a2013755fc6d820e4b9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3f8ae210-9767-46fe-9aa1-4fcf9b094220\index-dir\the-real-index

Filesize
624B

MD5
58cc0351aa211ad84c99ec8954a3ee79

SHA1
5d377a87bab5ce38eaec3607ed891973d25c533a

SHA256
da769660801c73a02303e4e912445a006458d3540fb801cc680d2da01b4363c7

SHA512
305bd82ddc32f3346f5f8690767b5caac07fe5ec96d135cd9c14ccf9c33c133cafbe5d266c5a823cb2d769e94be90103a7ce5aa7c17fe5f937232a84fec171cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3f8ae210-9767-46fe-9aa1-4fcf9b094220\index-dir\the-real-index~RFe57dee6.TMP

Filesize
48B

MD5
6a7392997b1b325a1fcdd458163dbc30

SHA1
ea83b81e3ceca00190f9865cadd2b588f64ab338

SHA256
334022c39906347d34dd0683b2130dd73c34043af29a2d44257639a6950f3a05

SHA512
64843d079cbb5f61c71638d8af1253d041d4415a83b8cd7333f1539bbdc40efd1ed35cdf17f51a570a73642fec293fb0d4e6da9e97cd3c97d7daf2179a909a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
cfc9da61cbee70aeade9c5bc249d8e9e

SHA1
f8e302ce9d4aee0ecfc51b2b20f8eff005806c01

SHA256
3e373fd0c4e68200f1c29bcfbe3872edd9399bc05ecbb4b0174891d39f5c18a7

SHA512
b82d60c6ff4129b8f3c78351d8ae081614a3f013caa6e6ed69b6ef9eecf29749fb5f1dbdc74dee25f3605cb2962e7174181b00d02dcc526d33ba0a4ca76f1fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
ee276ef83c7090b4ee77191d5ad7ad03

SHA1
927249ae11c4912f6c52ac369e0a510f8c40d5a3

SHA256
ace63e39bb67bf674b15b1be93ee46d08de8bcc2f25e758edae296d5a2bf352f

SHA512
b041be03255977cbffda98712f0d1f12d08df1cd75e6a6a0576c57f879ffffa9b00b168f015ed4c2d590095f1c6f14e26935072dd21a6a06916a2179b5dca163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
c796df917d6b5d9cc4c1374ee55ac92e

SHA1
e9c2d6e305173850c921856b520c088d2eaa6434

SHA256
864ddba66343683aeffc3b546b996f4c4e85764adcfc14291839ac607e803c55

SHA512
720dc0423e9ac880c6f14da5b0f23a6c5b3d945e94e21650d64744e5fa497045e5db79492a07ea0ba339b0b1d18dc16aef4d68741303b60b504a79ddaa1f546c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
c68ba22e0acb77034731a8a94b1e912f

SHA1
b44a75c9ec72122c265bbde64e208a50831a2f87

SHA256
883110bf11c9e09c0a11e9b1d163df5397a87feee5230aa7917f07f661ffbb7e

SHA512
45aaaebccad54379e034446797d1a4ac6e58ddb36c0661eabd0cb53a409129e205f474767b29f0e788296c4dae14f0ac91b1a9412bf3b212d8f74c3bf735e071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
151B

MD5
542c62566e0e6c166e7cd7749abb9d57

SHA1
36166f8cc041c56a6eedc259807f3ee7675b5910

SHA256
07add7af46a73fb5430e52b9c353a63c307c630252d1905e5c71d2087bace7c9

SHA512
6121dcc2b64ed6558889a5d786e79b8cb8443a3e9e465607419b989a87fe59048217ddb2a3dd7e99a98dcd8663fcf165a9243dff2dfe9339a11463bad2ff2fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8ad8a2f8370cc39cf47336711d43a245

SHA1
49e08be02533e4e886dd575df481fe64ca0e0582

SHA256
865a937c5851e557c8895907d79c886ce8e246e98d9d1fe96f97eb23a1b9f3f4

SHA512
66e633292be02510f2d7dcee293d250430b0333c052b102bd85fa0a72da80c9cf3a80321aade5d125c37359cab0b82ddbe41c2448320a7ee45de50567b9cd1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d5af.TMP

Filesize
48B

MD5
769f466dfbfd555f734231a95bf34b4b

SHA1
4388c3ee0f6a334adb82747a7e0cd98e40c88ac8

SHA256
b16077cdb7fe69fc77fc9a84a996582a4f696f9ccb47ed819cf45ddaaa5e1d9d

SHA512
8bafff06de796321fca81721b0a6f8ee89579af16bb11c379d2e58f0841b72ce4349a7d34a164fb9f55c9a0f4e2f12e8083b41567835bc689141a58641728b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
39c8ac774a903a644ab78bd71adf565e

SHA1
c31be44ae2022ca85367865a51ba75b10ae3947d

SHA256
383e1b9109b2dec2b9a976f9d1313ae68fc5539f09380744d55119dfae437343

SHA512
34d54d35acbd5ca59f0bb7c309217d219ccedd1d4bc087f6133ea965a06839e40f2c64bf60f518e4921b9a32086e9cef3037b2c225a3ac82293b7d660b13a3ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ade63ca5e1de2f8583752fe481e38eb2

SHA1
6d0077330f74c674bf76eae8372d827480846bd5

SHA256
6ba50b2e41f0c8f6b1d97d742484005683eb812e64ea6876d46cfd3e51b1f47b

SHA512
d2bf69ced1a3e5a9e9641066051c7ea5cb08f84eeb67f532648dd16878437de83527cb6d1434f145d75a7f48f6de6937310e22f421112a537e9fb8c59370bda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5759f7.TMP

Filesize
1KB

MD5
3531a40aaf98e68807c0b6c1d03ac9f8

SHA1
896b19d05737151917896530abd04093f540e4bd

SHA256
34e11c32f445956eec13331063b78abef777f2ae9e48b118f5760647bd9e89b9

SHA512
a20622bda1e5afad2c1d53bce0ff837cf943a2de45e15dc5b416c33d36b9e7b1e2a453466c1ae14981675f9ad8ad82f8eb5faab3ce0d5acdba02209505fccc63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0dd86e48bd2db85a3935d094c82efa84

SHA1
f0e59924ec206bee008316e6e8cab805ba2fe1ee

SHA256
1a316f8c1c4f29ae4d197422dc060d68194c15fbec3873fd41be9ef9b4b71c94

SHA512
a16ecd95a396131dcf1bad0248c5a67450236ebe3a05ccdf7f368aa0a5de1d611a14aa9dfc8192b0f6491ea9e3eaf376ca1bfee75a88ef09c91d9e46a4099c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0dd86e48bd2db85a3935d094c82efa84

SHA1
f0e59924ec206bee008316e6e8cab805ba2fe1ee

SHA256
1a316f8c1c4f29ae4d197422dc060d68194c15fbec3873fd41be9ef9b4b71c94

SHA512
a16ecd95a396131dcf1bad0248c5a67450236ebe3a05ccdf7f368aa0a5de1d611a14aa9dfc8192b0f6491ea9e3eaf376ca1bfee75a88ef09c91d9e46a4099c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6ae529418cbc7f5af0e644998708e73c

SHA1
226528499a4e3307391f4578f346b8c90b4f3baf

SHA256
d2ab7a40a2eeb28252d590142bd2e0b4d8b505dbdcf3e34f3cc2cf6cba3debfe

SHA512
083d1d1e7942dd5dcc29289b43207512f79982e0484f4d197dc2ec58fcb298adcc9d44453e95ae11e58829eff2ca70b66bad7900f6b9698423e32c3809caccc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6ae529418cbc7f5af0e644998708e73c

SHA1
226528499a4e3307391f4578f346b8c90b4f3baf

SHA256
d2ab7a40a2eeb28252d590142bd2e0b4d8b505dbdcf3e34f3cc2cf6cba3debfe

SHA512
083d1d1e7942dd5dcc29289b43207512f79982e0484f4d197dc2ec58fcb298adcc9d44453e95ae11e58829eff2ca70b66bad7900f6b9698423e32c3809caccc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0dd86e48bd2db85a3935d094c82efa84

SHA1
f0e59924ec206bee008316e6e8cab805ba2fe1ee

SHA256
1a316f8c1c4f29ae4d197422dc060d68194c15fbec3873fd41be9ef9b4b71c94

SHA512
a16ecd95a396131dcf1bad0248c5a67450236ebe3a05ccdf7f368aa0a5de1d611a14aa9dfc8192b0f6491ea9e3eaf376ca1bfee75a88ef09c91d9e46a4099c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6ae529418cbc7f5af0e644998708e73c

SHA1
226528499a4e3307391f4578f346b8c90b4f3baf

SHA256
d2ab7a40a2eeb28252d590142bd2e0b4d8b505dbdcf3e34f3cc2cf6cba3debfe

SHA512
083d1d1e7942dd5dcc29289b43207512f79982e0484f4d197dc2ec58fcb298adcc9d44453e95ae11e58829eff2ca70b66bad7900f6b9698423e32c3809caccc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
5a45b304c5a4b928063e892ecefdd2ab

SHA1
d6109beaaeeb59138a6fb15199c8398029ada12a

SHA256
84ed7fe04d75732d53a202bba8970b6fed8232cf04564bc3ff934ee015adb1ef

SHA512
08ee7f99ccc935e4c1259f8ff7077c2c3490d31d1337944084d740e597e124c4f09f029245709865dd0c9033f31820935f3df48f4d23ef95cebf5ac0876d6c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
6dc637e808f08e8b78a1ec2c7acff17e

SHA1
2e48086fa59eda173d7ca98ec9c89e41085d9840

SHA256
7df6d21292f2ed2967200d0422376ff20533ec0f0bb25776635caa03ce2653ae

SHA512
1134cb06f99f7cf8e036eb77cbe0efdba881398cff0f91a3621dce4e8339655b09521090c39abdc5a425c9ff90fbaa72271fe6249d760f7cc43114c48905ebb5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
087755ccbf032bca2b3dff80a845dfe2

SHA1
fbf4c68874eb1b6e5a0041b4b4fa3c1856d081ea

SHA256
92d7e30b18f5fed235c25b8f2868c2842e9973cd7edf51185fc2ccc5fbf3a225

SHA512
9563f178ed9620ce1bb3c9ec5068d45c09db39338e34853ebc734b14bfac7e078125caa9b3d254907606d428ecd76f8586a17ddbfc03d4f5c8803484af5ef348

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9ddfc1c488b10a7dff54548d5129d320

SHA1
5df752f5d525d98ffe38d5fcc403321b082ce25c

SHA256
32bee99d7d0396e94d349fbdbd030b2b269178447bf0f872f84fb21f6729a7c7

SHA512
dba1c212cd215ba173137c1031848078673aa9c7bf17e1e5a7fee7a2ee233c72dd753f8415a46bf58276c7b92be45baeb007e8e36aee7e008e80f7414d2e8569

Download Submit
memory/3036-146-0x000000000C1C0000-0x000000000C346000-memory.dmp

Filesize
1.5MB

Download
memory/3036-141-0x000000000AA20000-0x000000000AA2A000-memory.dmp

Filesize
40KB

Download
memory/3036-133-0x00000000008D0000-0x0000000000A2E000-memory.dmp

Filesize
1.4MB

Download
memory/3036-142-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/3036-140-0x000000000B510000-0x000000000B532000-memory.dmp

Filesize
136KB

Download
memory/3036-139-0x000000000AEE0000-0x000000000AF90000-memory.dmp

Filesize
704KB

Download
memory/3036-143-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/3036-152-0x000000000E1D0000-0x000000000E26E000-memory.dmp

Filesize
632KB

Download
memory/3036-155-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/3036-138-0x0000000009B30000-0x0000000009B3E000-memory.dmp

Filesize
56KB

Download
memory/3036-137-0x0000000009B60000-0x0000000009B98000-memory.dmp

Filesize
224KB

Download
memory/3036-391-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/3036-136-0x0000000009AE0000-0x0000000009AE8000-memory.dmp

Filesize
32KB

Download
memory/3036-135-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/3036-134-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download