100505fbdfe26150699bc85f89a400885ba2613e4c9a24c81b755e728470783a

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 06:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TGMacro.exe
Size

1.1MB
MD5

253df7499b12b561edf7f46c7e62af56
SHA1

40d45e7cec6ee45cdbc9e1bf2af7c0d236008237
SHA256

100505fbdfe26150699bc85f89a400885ba2613e4c9a24c81b755e728470783a
SHA512

9563d52832a79be6ab0169cdfd1a713f3ee2b0cd471732455166019b76f2e87801dbc348a963f3be897f94253cfe155c90a793a50239c32cbfb250a698d15bcf
SSDEEP

6144:UpJSc5sfCkYTjWLeymFEymFEymFEymFEymFTymF8ymFYRM3GWOFymKci:UDQCkY+JssssjajRM3BOEP

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
4308	msedge.exe
4308	msedge.exe
3520	identity_helper.exe
3520	identity_helper.exe
5168	msedge.exe
5168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 4308	4344	TGMacro.exe	96
PID 4344 wrote to memory of 4308	4344	TGMacro.exe	96
PID 4308 wrote to memory of 1544	4308	msedge.exe	97
PID 4308 wrote to memory of 1544	4308	msedge.exe	97
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 5100	4308	msedge.exe	98
PID 4308 wrote to memory of 640	4308	msedge.exe	99
PID 4308 wrote to memory of 640	4308	msedge.exe	99
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100
PID 4308 wrote to memory of 2816	4308	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\TGMacro.exe
"C:\Users\Admin\AppData\Local\Temp\TGMacro.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.trksyln.net/tgmacro/download
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e07e46f8,0x7ff9e07e4708,0x7ff9e07e4718
    3⤵
    PID:1544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:5100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
    3⤵
    PID:2816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:2848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:2080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
    3⤵
    PID:4180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
    3⤵
    PID:4708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
    3⤵
    PID:408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
    3⤵
    PID:4120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
    3⤵
    PID:5084
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
    3⤵
    PID:3016
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
    3⤵
    PID:1148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
    3⤵
    PID:5264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
    3⤵
    PID:5748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
    3⤵
    PID:5828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
    3⤵
    PID:5124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6248 /prefetch:8
    3⤵
    PID:3048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
    3⤵
    PID:5296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12572555673063740470,16101049641757149463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
    3⤵
    PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Temp1_TGMacro2.5.Portable.zip\TGMacro.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_TGMacro2.5.Portable.zip\TGMacro.exe"
1⤵
PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.trksyln.net/tgmacro/download
  2⤵
  PID:1704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9e07e46f8,0x7ff9e07e4708,0x7ff9e07e4718
    3⤵
    PID:5304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TGMacro.exe.log

Filesize
660B

MD5
1c5e1d0ff3381486370760b0f2eb656b

SHA1
f9df6be8804ef611063f1ff277e323b1215372de

SHA256
f424c891fbc7385e9826beed2dd8755aeac5495744b5de0a1e370891a7beaf7a

SHA512
78f5fc40a185d04c9e4a02a3d1b10b4bd684c579a45a0d1e8f49f8dee9018ed7bc8875cbf21f98632f93ead667214a41904226ce54817b85caeeb4b0de54a743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
17KB

MD5
8a9daa6b720570c0e33b334317438916

SHA1
46691e4b971c3092603a2ef5fce1bdc81f3018b7

SHA256
c83544a603eb8ca4695ea77a41d1466f2a90fb75846e530d361c6a2740d128fc

SHA512
22edf4e0a80c3be45a696f45cbfc852d233fd8e57ff64e85c720b97768a52b592ddb1380bc5cfad7b4d259f134f0b8ae1c6cdd8a5f711458b6df8581f0a902b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
f0ae59d9ce65b82d88ef10d837668384

SHA1
fc92057609e673567048a9f3fda88b1507e3a390

SHA256
7443adc6dce22e739286ea281f527e757ae43736142475b94cf8548bd6892b7f

SHA512
71e8cb4ca32ffecab9353b623988a927ae5dad2c6872feb60984a622a86f7a839869bdff005c4c6f97d4c396edb77aa1f7d6996c6691763e5ab55b366324991a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
92KB

MD5
69d6fcdcf434405d7bb08b540c71fe95

SHA1
32031030e82a1348beef14ed23a1dc32f6850ada

SHA256
95bdf9c854c0ba40ee0a730e9861202b358222bd14cedb97e5ea106bb5f93adc

SHA512
31f601a89edab16ee87aec08f53d4513bc2998f091afad67e78133d01788f4f52238ae305e82ec2bd30dd72b26ec40b9aeb782d0627bbc99cb464a1b4b348f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
51KB

MD5
78e69e33fa53ba22661de315df5fb7e8

SHA1
047749b3158f687154bbe377ae5e440d5aca6a0b

SHA256
00eaf7ff4b4349d61949a7c7e54e7753f3818c4e50674d763d1f6964f576067d

SHA512
9d2e36d9fc31b80bc2a9640eecfea7415466793fe2caec04830c691fbd6ec48febf25c538d79747339fd9f03f10910bcccb56f91ea2cf347b5d7a9d0786aa91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
134KB

MD5
df480a7393cbc2f331d6a56ba2c5dd73

SHA1
a9c58c12be73e353aa6a7b2dad1ee1bc253786e8

SHA256
f62a63e8a9f1d5aa4e28c4f3cf9aafbc68bb4da44cb09c0729ce9fbbd10d1ffa

SHA512
dc3d61b19a6d7c0504df3a80914f1211246b63784a282d096b32381181d058dda5c8ff606ae576e91dfa8081d427ae290da4a9c0130990f4b98049ddcc2eabd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
54KB

MD5
be479f52ecd31c8e7569a0685e65bcf8

SHA1
dd3eeb88cd1dcdf294bdb5cae457995ff6abea7d

SHA256
b4ccc3b267ae3c059278540dd566dd5bd9b706f5ceb5b81769c902299c03f1ea

SHA512
0639200e6d18e5627be8a029d6e30713722078e2c53c362e01eb610206227924223f195493b575b16ddc68b5988cc60a3240d4f7e4848bbccf7e407943ecb6ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
8f827504fed8381a83e3e728542218b9

SHA1
ae7e3bbd17c67eb2ed0f9747f73db0b302d143d6

SHA256
aa7be0a1bb1efb2347a9caa166cc7fedba6032b8b6c74006112f20c8fab191b3

SHA512
0333cd0df9c863bac9acf68f662468c04c2a5a258c64e8c305b48016115bb455a5626accb0bd125e3a3236ded51632c60554e7f7ec41b89581432a6ce7cd633c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\463fbd108cdb08ed_0

Filesize
3KB

MD5
a8a3a5494f27e61201db64a21e5d23f0

SHA1
f75785001c1a86207d24624c91bba186ca5f9589

SHA256
b8bc395ea3a89a009fdd6b9140cff2a39a1bc4e413806a108c17d912b07d0b05

SHA512
c0a70e705cbd3ddc42c78d90b81a8185bb82d9b12bf512dd2e98f1313592522a24df88c1ce14ae9886f9681950a4eed487a2a45ffd449eaeb0c924352bce3899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eeca42db30eaa8fe_0

Filesize
32KB

MD5
7752d5a65d695c46eb8abd84bbe78b99

SHA1
beaf70cb0315f131f048b779d2b097a0b17114ea

SHA256
adb0e23ff976146874243d755d06bc40b15e2ab25014c56189fd99fb55ea300c

SHA512
14950f07a5fe49dec707aedc8df3c37a1c4f5b9530b2734a226e57ec0464c51f47a56c4b6971501bd6f7f231bf0d2361ccdf99b700da080521891b2a74a914d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
025fa99b83add3482d16536ac2e0afcf

SHA1
9edecdf1e9cef0e6e2990536252b3d7dde98a2e6

SHA256
ad60b0fb2405c57277e6a0dfb19ac91fdb7d0572d78d7f822e72e939c5d49b53

SHA512
14f5befcf7f8f160c7e2e3d2e5de34a99de23f7071715f898eaec54e5aaf03b24876d80708dc15ba7c84afc9bf999927092ca6471c10e69d13e79e4677527d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
16795b0d3b0f19402ce67535e9cf1d47

SHA1
51a49efc8e1ab137f95e1b41118a716878a4b4de

SHA256
721be18629e405a85db3df104ab994281075d1b8e2ac6b7a569ed202825a140f

SHA512
34a2281a3793998e657e611aa382f5504096b931607affd20fcfe12a66194c4b284911664ebcff7fe8d5c769aec824a7ab0e308a152d64626db231920e3959a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
c19749994cebdc818014439fd0147cca

SHA1
7f0b2fbea1738f61cbabff34e15d27d78ac86301

SHA256
0079cc95e54ebdcdf79669cf4e03fb422b08433328f9597238fe9c467c071409

SHA512
c6b4fe535d8a16d9c5a6b4286876533e7ec8a259e79dd090d885ca532a57d9266658a1c3eafa1141fcc3e81a32ac0586c7f883376d0a6cc14373864b8a6265e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0adbe5e71c5fd1c8df361d453b9e5c20

SHA1
bdefdfea44c45371ba909e8a4da875c2ea9fcc9c

SHA256
5ae6fb439f26e35d865f63bc53aeafe3d3fbcfd2ab7a022d025aea58054c6a5b

SHA512
0443fdd0eb4e98ad73fefd4c883095160807cc92069f33058b7ee638305dd355c32f5ec30cf2cba622bd38eeea0646070840b73adc76d19fe98400e9a90d3662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
abc9f0c26b555f880d3f40d04895796c

SHA1
3e3ffd225dad51f6e2f64a425f55cb049bb74e28

SHA256
a451ebe9930a36f9f5d7573c207deb523b0f57311bdb291cbea7e6c3979acc78

SHA512
a8f37e4e6f390c2c6161c1bb071cd86d7302e57e816b4905a8984b2487547eb3e76f15c194b3b89f0853f1a5d1b001f207c24f39d82e245c0ba50608998ee697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9381baca59f7812d0d170d702afdcf60

SHA1
4449c8618779c8227c7f52dd2e093deb0211ac7e

SHA256
a593f3622810a7c09ddaa0a31b5046ca078ea1860230e1a0cc1a4679691b45f2

SHA512
ef18fee05d6a299938e357b05334d4e93ebe468c24d12506db2f823a26f34ffe607eb960395253b3fc13aa341838827f17a7edac969f8723ebe34fe6703f25fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f738da05d5ca9c57734b8b06cb8ed5b

SHA1
4aa82bda64010e6c02c91286eb2fb88843efa83a

SHA256
bc5e82488940a85587f62d346a502444010bbade54a65f3f60478d5e56d76316

SHA512
6375a2ca3f29a1749ec7f6283c945d56ccb68ff9a4d1cd08f44fa8fb0754526f13d7dd21e56d8517330d9dc9674d5dd636a71e0d30ea8ac14b3f23ecddf4dec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55ecc5470e1796505ed2d585c2821986

SHA1
81989e86793b0c094d62ec54dda667329a727b21

SHA256
bf437d601462e053ecca92055f50a98d92db99899c0f51869cc4087449683fe6

SHA512
922f5da7de7bf5eeecd92b69cd77c18c620e2de8ffb331cfd286e6aea9f34b542994ed3b6db58f894e49ab7ad607cc1355dd0a901a0c8ade997212d5f01a89b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
28d7fe50736c6b8305a88528d542fa0a

SHA1
c9ca2a3b7165e9fb7882169eb0f0f9d35a609d83

SHA256
8834ebfc84c03acbc7d091c5f330abbf4ca3b7851fc27f957b3d76fd6f4e0ebb

SHA512
112b0f31c4fe8acacc64ad49ee7082b639453a34fd5ceaa1bca1e193533fa81ee9507726b11afbc1b2170b4008649554a73c29a851062ece2b6e78224ddea3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d99dd990909a78fb8e87d0772b662538

SHA1
ed72ca251c0f5907b521a051f5625daad7c0066d

SHA256
dafdd26c1343ae07e5d8e7fe31e9faf9c12ba2ff7cca5e81111f1ce79a3ae969

SHA512
3e19cf29b06a066ca026d51d98dc166becc72b195c5358058a7717981dfcbf8cac6604b3beaec925cb67b4aa4d2c5aa197cd7d808e63321186068a1d47503926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a5e831a250d4ce5b4a85a9b9fdcc4342

SHA1
23ec50de4b4a2f6a3f70f10b4f7bf2bcc3696e4b

SHA256
662497f98e763518a21928428c73b3d4e8895806c0ce93681337611446f3d584

SHA512
7187a53c17852aee9321bfd4fa309bf1512f3a5d2396ba23512e69647f841a7eafb7a31efd542ff60d6c02ac42b5284631f25f687cc08f15ad105ae65912fc42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
288cbe10a1c0d00fdd74c2a2c876f43b

SHA1
9b6d1b98194d6a1ceaffdecd055fa0948e6c2fd9

SHA256
4dcb09c7347219ad48c4772b3e6cd78d1667b8494612606f91b8403ce5c7969e

SHA512
312f6ba308db9d0f4cb46f50ae9921772a25b11753e4825acc8a5841c2ae9f7022db5b59795100f241021ca48489ac44ab7e0dc7144cf2dfa8486e6ca85c6110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
abb456ca764fb0b93bba06526039a756

SHA1
a5717f3b64f516e3bc3b4d6126e30be6e0093a32

SHA256
af9f1270a6614915ce5b6627fa8bc8c7c45c42ab0e3980b57840b6034c18886e

SHA512
792d733dd1bf183cc6f77e4177740a2d8c18cde604e683faa474f352357b02770d077107e26f3de208c537e6015aeb9f835f916620bb4beb45c5a8388a18f594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583a83.TMP

Filesize
371B

MD5
ecc5d735fe8849fe6493b0867733cb1e

SHA1
3fb57615c7f9c6c1a8ca7cf3a7cec5403690c798

SHA256
384a2fe9999320e5fbeb32c5d3d4f1f1dd56bcd30d9eda99b1cb57e5e15827d5

SHA512
8bbdc165192a77f26ab6798c9250045a0f26e9c1be04df61a54338365f64929b5f3988138c332472c6b13e8a3bd6ef8c4f8bfe083bcf19b3b64ecc3a1ab1cea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a36787833bc7adefcfe0320851b2fb4

SHA1
c87e59ef6daffd0f7a3255964e5e09730b6f04b9

SHA256
b1e6ec5619f027607aaa797fea3543cee4ec1ed76ce76aa6620efed10b61cf99

SHA512
1a2c788c1b69bd52292210e5eb313f4781e0befc82e8cdff1d04d926dc6962bef56c560f184be5dee6a6158d03af929a2833172218e4371ff8e6398bcadb7182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5fc314064af40a613544862e1170f432

SHA1
0fc44d8927977aa3fb811fda3baf88ce4d1bd6fb

SHA256
2a64ad49045898151606a450cc1207afc93c319f2e4634ce5363ebc9e516b32c

SHA512
f4bc909eb2f2d7cdab27adb3cb234fc6335c0cc77e0006cec6e3358f074ad3c2fdb6af9366a75a5210341f61d22748cbab29619712e3122e9208e56a0f9435a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
919f29a492d214568c02fe1b53fe6721

SHA1
8e9d12f9a47c16e0b0f83d6247e70934fbc146b6

SHA256
233f4d756f6542b7bc91f8cb46e6b80a93c4d229b0d561658f09cd399a0248b6

SHA512
c3e4e1921f3f8552d275a8de4d70ac47ebdd6b5ca54be8561fea3fa7388be74104917351b2f4821ede10c159efd4d14a508efb6e1ca579066072d30e34349f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8b2a465cfd244bf50d56b1ff84648e9e

SHA1
10799a46687f2cd48593f5eefc5eafcaf9c595de

SHA256
d7056e93a118430a004ec6ab9957c31e5cc5714c9a55e944f3428cbc9f4a6938

SHA512
7468ed5de254cd0251584a8c4e1c9cda348b7cca05c5dac01f47b5e1b689832bc17979485887f26bd9048c2d0c5847049125b77e7cfc1f8083b0369bd9e6b3e4

Download Submit
C:\Users\Admin\Downloads\TGMacro2.5.Portable.zip

Filesize
288KB

MD5
422233e3075d32cf7165b39797ff485a

SHA1
126c626b31fa00b6c3472f8c4ffa7bc284f2654e

SHA256
e61066a58c1f85be113689476f607243a77323587a0bc4cf82a8fd6bf2f2b9ad

SHA512
716810aa556a66580e3440ffd592902ddf6de5af8ec3ffb127ce4f54cb3c6336b47eaae36147b718bcf3a76d0fb167d76ba57c74347e5d41c28f8ff6e39e3b16

Download Submit
memory/4344-0-0x000001E6BB280000-0x000001E6BB39E000-memory.dmp

Filesize
1.1MB

Download
memory/4344-5-0x00007FF9E3E80000-0x00007FF9E4941000-memory.dmp

Filesize
10.8MB

Download
memory/4344-2-0x000001E6BD1A0000-0x000001E6BD1B0000-memory.dmp

Filesize
64KB

Download
memory/4344-1-0x00007FF9E3E80000-0x00007FF9E4941000-memory.dmp

Filesize
10.8MB

Download
memory/5700-340-0x000002753B980000-0x000002753BAA0000-memory.dmp

Filesize
1.1MB

Download
memory/5700-341-0x00007FF9DE450000-0x00007FF9DEF11000-memory.dmp

Filesize
10.8MB

Download
memory/5700-342-0x00000275560F0000-0x0000027556100000-memory.dmp

Filesize
64KB

Download
memory/5700-345-0x00007FF9DE450000-0x00007FF9DEF11000-memory.dmp

Filesize
10.8MB

Download