hxxps://tlauncher[.]org/en/

Analysis

max time kernel
157s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tlauncher.org/en/

Score

8^/10

upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
5492	irsetup.exe

Loads dropped DLL 3 IoCs

pid	Process
5492	irsetup.exe
5492	irsetup.exe
5492	irsetup.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000300000000072d-567.dat	upx
behavioral1/files/0x000300000000072d-572.dat	upx
behavioral1/files/0x000300000000072d-573.dat	upx
behavioral1/memory/5492-574-0x0000000000F60000-0x0000000001348000-memory.dmp	upx
behavioral1/memory/5492-930-0x0000000000F60000-0x0000000001348000-memory.dmp	upx
behavioral1/memory/5492-936-0x0000000000F60000-0x0000000001348000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
2372	msedge.exe
2372	msedge.exe
1144	msedge.exe
1144	msedge.exe
1144	msedge.exe
1144	msedge.exe
5768	chrome.exe
5768	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5492	irsetup.exe
5492	irsetup.exe
5492	irsetup.exe
5492	irsetup.exe
5492	irsetup.exe
5492	irsetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 5044	2372	msedge.exe	88
PID 2372 wrote to memory of 5044	2372	msedge.exe	88
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 4700	2372	msedge.exe	91
PID 2372 wrote to memory of 5052	2372	msedge.exe	90
PID 2372 wrote to memory of 5052	2372	msedge.exe	90
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92
PID 2372 wrote to memory of 2256	2372	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tlauncher.org/en/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1a9146f8,0x7ffa1a914708,0x7ffa1a914718
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,16044107190125802816,15961419411365092960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,16044107190125802816,15961419411365092960,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,16044107190125802816,15961419411365092960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16044107190125802816,15961419411365092960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16044107190125802816,15961419411365092960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16044107190125802816,15961419411365092960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16044107190125802816,15961419411365092960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16044107190125802816,15961419411365092960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,16044107190125802816,15961419411365092960,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ffa1a4f9758,0x7ffa1a4f9768,0x7ffa1a4f9778
1⤵
PID:3988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:2
1⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:1960

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:4756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=5348 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:5412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=5232 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:5656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3576 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:6108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=4004 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:5592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5176 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:5420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5536 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:5608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=6072 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3768 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5260 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=3568 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:5956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5936 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:6120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=3360 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:1076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6044 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5180 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:1
1⤵
PID:6108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:6004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1020 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:6024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6424 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:6008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1156 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1696 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5816 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:8
1⤵
PID:4216

C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe
"C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe"
1⤵
PID:1800
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.885-Installer-1.1.3.exe" "__IRCT:3" "__IRTSS:23661420" "__IRSID:S-1-5-21-618519468-4027732583-1827558364-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5812 --field-trial-handle=1828,i,5522406257858062631,1705678850545084601,131072 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
19KB

MD5
31a3d861474efb8bf6b6ee2f6bbff9a1

SHA1
fe9daa3a95e68302d005f8d722da251635eb2f43

SHA256
6ac776dc8635aa0d28b9c73588833a6648412df626806f1d639d7346f0551a58

SHA512
420aaeccb165bcbce6b67ca096831fa7e2af8383ccde94afe6113d8e94e034a9e548a80717d1cc379a9786672dedeb74ff521ad8ce0cb4036d1f9d1e9a51b7fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
33KB

MD5
89072e4b3fe475b77da13a99691a2a22

SHA1
b3841edca0f8bd6b376e83f16bc9f742b069d656

SHA256
643eaf3bbc420fb32b7ce3e53ee20f489eaeac99f74267b6d036be91eb877c96

SHA512
75db33d9d84e334b2dc6d9eae0e8f84381c84c5f52cbde845a46e5ae08e1a11283e7beadc7cdb92ad9b19446f0eaec9d8145363999574e0d819bb961471258f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
23KB

MD5
62720c9a907c507b1bb5f96456e909ea

SHA1
b9fbb9d303e0211adf4100a21dbed327bc8a8330

SHA256
810b070752f06fe3c0ade50f301ca1db94a8146e432ec37a20a92cfd9e96fa72

SHA512
7d924d2c6e9627237db89476b6fac98f8580f9f0a5656ef65f761df7dd6a53a13b20b19941bf845751e726fa6726811a31c4761b505bd7871f75d1cadab70485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
25KB

MD5
0b3fe56f33ecadd78f59e4e25ec58daa

SHA1
3003018d3f19b5dd515c985b21c38a74135c9382

SHA256
39112c7d74cb319df165d6bd33f39d622dd861bf9e6254285272cc6daac68dd1

SHA512
5f74900000149a2b30506b24b96e5cac9ae546d57796fdc0865c82fa5a0ffb3bf121a6a9a21f864625de771803d5f9815db7de18cf4d7d320cdae01a77a75e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
143KB

MD5
991f4c97bf1103c8055fdf7b79985358

SHA1
9b585042f26e5a0324d8b311737d2573e8a8e80b

SHA256
f0ebd16e6da14d25d6c918bc8c822192372b552cb6b2463fb91d7cd483ab3f7d

SHA512
214169851999dabeca534344823d5dad35260cc66431781c83123f2819513e534f9799a5b6f397759e986f85e39a58fe5cd98d089e6733b5cea1a52ddcec9fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
39KB

MD5
300d4422261bb53f1f10c64d3e1ed34c

SHA1
a30e9b84467ac197742e5e422e809afb079e88af

SHA256
e7f2490e82598e0edb025658bcf321cfc14b8e1508b2e75fed18c20da8c6a887

SHA512
1f62ad5b7bee599eb59f1b79443a99429922312888ac7d89344143079c4a625d84441c19d3b40d0fa5973c4d64a67dcabf9fd595ce896d3127b588e1872623b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
54KB

MD5
bb5b9a573666fed04e602d0103025fd4

SHA1
b58b7037e1408048bc6f972c6049fa20fbe66d68

SHA256
4fd1f844981c53cca0e76ba611d4e9c5c9ef19fa8b7e1b7b1878fa19846343e2

SHA512
371304dc2539c4e13d217d1bb3ee258f0bd7dfe9e29fb836342cb1960e2d00a46747df912c346cfa65e779db6339739ff2a18be65bfeaeaf07fa06479a8892c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
26KB

MD5
47673b3b9928f849f17dbf45f84134e6

SHA1
096f0a5ca52068adead3b972332edf105e26b826

SHA256
13e603ee3d65caceff49438dced13f38bad40ffabce9665b7cfc5793884fd907

SHA512
caea6daf95014e22df4e7e0d162403a682fdc94e0fa3ad1fff52ca9b7d79403f8f2e5e020abb2dda14085399f3ec13997f8505c2a6e52ebeb28f23ed65e02719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
223KB

MD5
158c015923521af2a91c6b4626aa862d

SHA1
592eb38efc9a58b297bdfe7068f96c0f2f747e99

SHA256
2d2e0bc417bd6135d35d37453001b8123c6a97df1b2a04f839a991e15e7fd33a

SHA512
6b1a0ac880462af45750910b2b3577288b56d58581b58127ff1ae7a231687dc1d99f50df7963d050ed94e4515bcfb4ba42e6486bcd61e457129d040a4a6bfe51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
25KB

MD5
1075f352511a6c440377d085681d82f7

SHA1
07cd6f25865c9969944830b79bd6ec910337f8e3

SHA256
79c23c2253b72101c8cf20eabebe006dee845b1a63b8f74e4ffbc456345a9e50

SHA512
65ec14e058cbc7b7de804bef22f423f117986823d0efbb5ee411018cd4a8626e2e43323f782212b743e5cb27d5f06bf3bfd3ebe212a3133c8e2b6472bd654c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
33KB

MD5
a18e72ba4ade601f719c4b57069ae43f

SHA1
681ed15eb564491f62f609a46ce5ae6c5e84d246

SHA256
48a39c9a59dd5fac67d4f97c6a477d5ec040afe46c67eb365615ae2567646e04

SHA512
a93b0f21f61a7af4973aabcc9b121a08b36c3ed5510baedba1cec503a42bbd83109c95866b4482e9581d36fb6d79b6e0877d2aacf549ab4d4c4443595cc870b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
88KB

MD5
d9e7145ee7c00a8230874f5c0dafe573

SHA1
7d02b38418145624d181fe4f5be87d9299f3aa32

SHA256
ab1d514293be6df659956f2bf0409fea23cdd9f742b840de6a6f9e3e6d3ff119

SHA512
4b4b80860e9234667b75440d5a727a044a36bc721d97563d68319fa32cb6a1ae1929baafecb154179a6bf80d61ef04b1f6e78cfc689eadaa4e3aaccb39aaad8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
100KB

MD5
fc174d909e9526fdb7a0a651115f9681

SHA1
c5623230322adfef099be2bf25e0a2fe9bbc521a

SHA256
47c20218ddb7ebb8d8b4482d73f87856a75f7062f3b0fd2401b4e6622041e781

SHA512
3a3059231c7513c528d96d4f7793989a9846de0c08dd5af90100c351432283b1ce8485307d74c56afa403c32b61005d92ecf956d764d54277bfcb778daa66672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
98KB

MD5
e126eb7c9c831da3df57436217619c66

SHA1
e5814c5c0c2dd106e5e6399cb1c2d42409561949

SHA256
19b7bfbfb7acdaa05f362b1c2fd1e68a201a3b26f232ba69392d4bacee5650ba

SHA512
d84e6fcaf61104f63e1e19d7feae87527e8424d5bf69e16e2a769845b78e012dbf6eac1ada30b7692cf66fa2de7300553d2d8afc5fdb8cda7894f83d7d2498b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
87KB

MD5
4530923956c3aa8ca155253548547b77

SHA1
4b9176fde8a3c2f42c2b3170b4f5a63723d35dcf

SHA256
e9402857f0906d9e13501d41494a6f62c40fbda5e273e02f5e4a8ca575fef937

SHA512
e31bcd5518055f376bc360ee684a6d0fb0108e23819dd8a06d7dda3a8c358c3a1e9a4e111c621d214431c31768b271e596263be00059b5b3ce084a362ed1d7b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
173KB

MD5
d3d1aff7a71e5f6f4537a0b3cbbd5c23

SHA1
82bbaa35980290986094ec5b2f33da17fe0e1ca8

SHA256
d3ac13e9bebf6119830ea38adf6715f42a193e7cc5834087abcd77bec3c07291

SHA512
9f5a8f657438a49e2b60db1372ced7edca4ca714efc63ff8791ff232d4252178b5a148a02b049f279007f095e7ac5b649367a2fb3dbffa14b39b637f1d30d42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
47KB

MD5
31a8297826cdcea344698ff952694a7f

SHA1
4fa1ee4c471d1c05e9141855eec5ee09b898d594

SHA256
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

SHA512
a303971f0e1ea4759679adf3be3dc26dffb13d9ab6b9d2b3c1cc34f57ea6b7870f18e4b7c8552b9225915a5e9e070faa37dc17f83b5cd66cdbc9149238692123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
56KB

MD5
19f562e4a40daaa27240d269f0b6a86d

SHA1
fe2c61eb42a1f41bb33d05486faa9ee996d0353e

SHA256
9e4b7914802931db8616aac9c32c6e5e84d7c356d5c98e00baadb8e42902f15e

SHA512
04a2cabfe61f8d469806476123288ebe19875ee10f586abf05f6cd1525d228012daf2156eaf43df257b234c6afd930c8ebb43621e29850ccf6642f910d6bd3e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
cf1d366d2b79bc9ee6d3c3b76978d714

SHA1
904e8128e7300b316ab71bdb194a699748f9a729

SHA256
8f60172a21a4f459dc94236863319612623cc1f44095433e33b4699a6a9dca42

SHA512
bfbc0363bf007ffcedac49c912426af58bd73368dfff892487371c53fc98e01d33df73d13ad276fc06acf0ac48b9b445fe0f100468ae955972759e084c5c15dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d337f2860fd75015c7d345d574005784

SHA1
a841fe2d072eef59f2a49207d61d1f2d197d11c1

SHA256
f4e108fa9ab09acbc80e4b976fc23b994182a26e2a57fdcfec8dd4d6d6b15e0b

SHA512
b4ffd437049a3303f9f6d8170a3aa81d8623f7945831fe544ff752dda5edb86408f6ce1a65495d9f4412c1724e9e8042a710885bad867921507923ad0eb547cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e2cab8be22f879f4db5e1114307807b7

SHA1
3235da75097886d8e8008fd3a64333063b3f4ee8

SHA256
4af560a726315d98390e4d307d0db5f1b406d626e088bf35fd9243486d284ae3

SHA512
d4314ddb56285b4fe5ebedf5266a101b1d272e91e07d0444f50d00c16d609c5871a23c128ac074aada6263ce955f312e8f31fef62b4939f791fd41c63dce8917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5e4c3fc547b45553a2b8d0910c14906b

SHA1
25429ccb0ce221442c2a15147b020c775da4ecb0

SHA256
b7be21e73697e44a33445eb45bbdbf99659442463c087f3574af99c8e2eba118

SHA512
e07a0560451ea6ff3be1ba19627c7dfdef86120763cd526f7627858927cc35d62e21dcba344887cda005ec93e9c862744c9fb4e9c78d12eef882ca9dd5751743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
7bca4e043c1a6149bfd646b733d57200

SHA1
0513cbf6458d0c223877a1e317c889d9749ba825

SHA256
74a83ef368eef18b35f75d1f90f64f551850689a6f1c8053734db1db4f234b00

SHA512
c001480776e0bb988b0b10e1c40ef6b3113f7abdce38b4fb27eed8aea677faeddb2704ebb02e823ec279a09de8f59c2ffc63c3e783318c5c3a673703abfb9de5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
514abcf6e358f3294477ebc92bfc8176

SHA1
58a4756d41071ba02e53e0289f589cc2b3146bd3

SHA256
e76f178d287bb53374bca88871534a0e9f03cea15ef01948bdcc2485e6cfd7ea

SHA512
bd9d454ee658652c80d97af661a65847bcd513d529519881f5ff15396340ea868e1c944c83eac2fdeb2c831df629e034132cb1270d05f374906a3a13e2c2ce0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c5023175-4f15-45a6-a40e-36dd6da38491.tmp

Filesize
2KB

MD5
bce183671df9d8ab31428c582db58706

SHA1
058eee725775cb0e47ef6b99169109f2739c8e6b

SHA256
ed78b7fae885a5a44e4b9d69d85e2d5ef8b701de23a230871cba445801f1500c

SHA512
27408145e1aff737b266f3c26c5b3ea5556feb8deff5925c3fcce975d55b5e92de66d9fcba56b2b19a0dfeafe8668a71a1964ccf205867252df5a81aaebac8e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ad072c162322fadf03f06f36a04d6d0d

SHA1
cf068bb651cf2e6860ad7324be1d1e2c82324755

SHA256
2cd2965d1482dd3c11ee11a287e3f3817360553fbc354bc18ef5c71f5f4072a5

SHA512
5a28546f0ea25c11983669ce4ef3237ace3565f4a29e0ae56672370e0d91871ad508bdb9580cd42f68b75144d70d5cd794dbac5bb3356d7ab59d6a91b2b9bd8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
74beca7ab9bbd22a31825994f9bea335

SHA1
dd1e5af7bdbca2edd590acff7bab06ebfa6a84a7

SHA256
6c6efd14a096ac4436983845245d9cef678440d6f03915dd6e56b2bdaa8d2877

SHA512
cd42036856ec8c6c8a8ce84b23574dd08029c8b7d3f97ed0c80e8f1c122fa66fc6cab78b676137d3187759bb4abcc4831f612c090a83fa4e46112a9a5903cecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e060368721e23f6881caec7ccacd830

SHA1
8f308ee2ad685943bd94f86645dbce8dc8eca213

SHA256
9acc7b97b55619d5e1875597d8b23983037a778e15a640cfcabedcb8d546bc89

SHA512
a37d868defedaa3e8196bdedc62cd61748617ed42e23723c498ebf10e828b1a61a144a1837e38c02959a5ec82c765edf725cb9232a2548d6f13cf93290cca9b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1171be2d9e1ab7a339820270d92700c0

SHA1
18bcb81cc5199be77983332222fe936d11f81db7

SHA256
a54151c3c4b0a92ba7452592a9e50957432a6dae0e32a4d90f15ae651bbc64b3

SHA512
e357a9b8cd9400bd31d957efda62645f88f00e819d95bf317c0390857a8f40be384edee315d71e398ab3cf76f18d0cd66a57e81cc4ba1e47a80638f954716c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
074f80f80eaec7fbfb635389c77e246c

SHA1
6405aa39300d1bfbb49e5e008c379400a04ad9d1

SHA256
397f70b639a238485e09f6786fb95f453180705194d90826a1334a08afef82d2

SHA512
8b802980b84f09f2000ce75be6e209f3e38e467fbea6f6daa97e7059c2e82d1f000de7e626f5a4cbf99b1a20dcc1041ed3622a0aa8243a0773ff5f1d6aee0a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a478f1e08816969e8214f982850b754

SHA1
1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

SHA256
665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

SHA512
7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
72f569b3da4b02d3072530cd0058b5fa

SHA1
5867ba2c91e9d66d55d0d184d404d8a8f367eb42

SHA256
b01e622d449c6f55f5605059c8fa9ce3722b36fc1cb5ada3ccb3f2fca14b3ae4

SHA512
15c0717e7ed31ca173d7e38304ca615585db1532525a752444e52fef110b468f2018622fedca62a85bda4600ac463b4bd05c6892eebb97138ab60e1039503f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4345258841240c462aa46b78fbe72179

SHA1
f68700e5b094e3e5a449a597ad5c6deb59e2933c

SHA256
5980fa2453f806e0f7bb772efc783345cdc3314fa90b0ccee7d9b6f49f8e2602

SHA512
2d503cdc3ef45e4a7621761afbe35999e82749ee429e893ee3afecaf8a612eb10795ad0dd8ebb5dd333f6c9f68a8d761cdcad853624bd3eff06ffebd6f846f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583573.TMP

Filesize
538B

MD5
2cff32e516266655cec0fe6466cfdbdb

SHA1
bd818d1f6d5c74039dcb969409e50f834ee34b26

SHA256
23f0ae28744a3e406a819da8d3dbc8ee7582863974382bb56c6df138d08332a6

SHA512
47d6ccfacda13100f213f37a83768f3e13f88e7e4c70e8ad25f5427555a2624ffee35203e4a184f31f7a86c0fe54b344b18e0a13c0857343c69790729c105b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e69922ac18fff4a4f10344bed2f879e9

SHA1
bf26493fa20c5c8141a930d609e7897b34500982

SHA256
6bcd10766359280fc2d3339912a9e3d501207f248ae900bcd97d4101d201d8bc

SHA512
bd5892a1fbde61fb6a29fcb7b2fc4613fe2dfff85db82d804201f07efb2ea24980e2bfeac383ced03f0a2f572282cbbf04a2fb4985fb86f5a09b9e4c38321430

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.8MB

MD5
cb50d496ae05fa1c8bfbcb3b7f910bfe

SHA1
3ec4d77b73c4d7e9858b11224314e99d082497a8

SHA256
7616c72f6659a3a2439d0452190459cd4ceb83fab2307e3e47c9604fa29d9f34

SHA512
22051de06c7e52a37ad36250aa095a8ccc0b0e1cdbfa2e9073c146e77e278cbdbe89bdb078dcfd8babf48baec1902b303ac39cc9db4114ce1516b06552dc924d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
a70accbc1f1001cbf1c4a139e4e5d7af

SHA1
138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

SHA256
b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

SHA512
46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
a70accbc1f1001cbf1c4a139e4e5d7af

SHA1
138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

SHA256
b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

SHA512
46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
a70accbc1f1001cbf1c4a139e4e5d7af

SHA1
138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

SHA256
b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

SHA512
46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
memory/5492-865-0x0000000003770000-0x0000000003773000-memory.dmp

Filesize
12KB

Download
memory/5492-863-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5492-574-0x0000000000F60000-0x0000000001348000-memory.dmp

Filesize
3.9MB

Download
memory/5492-930-0x0000000000F60000-0x0000000001348000-memory.dmp

Filesize
3.9MB

Download
memory/5492-936-0x0000000000F60000-0x0000000001348000-memory.dmp

Filesize
3.9MB

Download
memory/5492-937-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download