hxxps://serve[.]tigogtm[.]top/puntos

Analysis

max time kernel
130s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://serve.tigogtm.top/puntos

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2716_710458400\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2716_710458400\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2716_710458400\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2716_710458400\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2716_710458400\sets.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875603865843770"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920955164-3782810283-1225622749-1000\{8AA66E76-1340-4108-8CF6-B3C5A5C4F64D}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 3516	2716	msedge.exe	86
PID 2716 wrote to memory of 3516	2716	msedge.exe	86
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4704	2716	msedge.exe	88
PID 2716 wrote to memory of 4704	2716	msedge.exe	88
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4700	2716	msedge.exe	87
PID 2716 wrote to memory of 4688	2716	msedge.exe	89
PID 2716 wrote to memory of 4688	2716	msedge.exe	89
PID 2716 wrote to memory of 4688	2716	msedge.exe	89
PID 2716 wrote to memory of 4688	2716	msedge.exe	89
PID 2716 wrote to memory of 4688	2716	msedge.exe	89
PID 2716 wrote to memory of 4688	2716	msedge.exe	89
PID 2716 wrote to memory of 4688	2716	msedge.exe	89
PID 2716 wrote to memory of 4688	2716	msedge.exe	89
PID 2716 wrote to memory of 4688	2716	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://serve.tigogtm.top/puntos
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2ac,0x7ffd3f46f208,0x7ffd3f46f214,0x7ffd3f46f220
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2212,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1876,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2596,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3504,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3488,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4836,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4908,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5820,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5820,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6124,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6132,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5080,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5680,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5312,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5896,i,12337286271856862210,14473067678322753735,262144 --variations-seed-version --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:5576

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\83a54404-b94b-4511-9880-d5ce19a16ba4.tmp

Filesize
40KB

MD5
68c29daa2864543dbde5ffa284ac05ac

SHA1
62abcc81f65e66b067c8ee7c59792961f5977012

SHA256
2f4dcb3ef1f2f0dbd2132fa9b4aa9f232c588cd40741975c9c9f81824683b223

SHA512
0c24556dfe6dc21c4e42d5e20ef7b8487f66e3a2d56ceeda4c3b6c1c1706ccaeffa8b1b18a001a94e9ce6ff033103d4ccebcbf818e7c81ee9ac7f3828e3a2e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
c37f9d2c357647fca20f2eaa89c18edd

SHA1
cfd1035ed2d057c317b48546f467209cbbe15f2e

SHA256
2ea3a0b7e6145fd110653b1a77cb827ad7e4a145c29378344bd3d28f595b2072

SHA512
3563f4aca9e47f35de8cb38e42a3c0448bb3ec4c9183fa392abc28fee4ca08bf16da028ffbf31cf0c0f8301ed810238961e745590e5c71621bc5a2a889dd12f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2f6a18a7-e7ff-4812-8f96-10b04577e69b.tmp

Filesize
16KB

MD5
022624f79fa4dfdac0b3f29fbcb378aa

SHA1
04e99f1b708cd30ff30df5b596d009e5126c5200

SHA256
207a9071aa205dc7730abd5141c37de29b0d7adf2f2afc86c1dc4e4807d9451b

SHA512
82167adb852d9d1101daa3ea763cfecd31551b08054fd6f9f61b473719c7054d2f4ee3dcabf949ae4634a3b8f5c16f2073aa9524f542735c385b61cdc92d2d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c44b677edb5dde030d84d647a3e9ac8f

SHA1
c5d48e6167e4a9aa407b14cf47f7df12f5e187de

SHA256
cf227c4d082f5d010f596170a14f8c62ba039ffbbcb281be3c47f06d22d4be71

SHA512
0578f26bc3264592845c58445c5f916147d3f2910e32e70e7bcdf9d602810708acab2e0908f90f084d5251b267a613cc8e25ad7e581d9a678ecf6032192dd1db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
261b2362a05501f929873895012a73dd

SHA1
ad5247d163c9d5a6f376d2130c14cb21792e2d05

SHA256
60e586c99117d12f67d9726d981a37fe537233f3c9e3f645987df4853393e303

SHA512
230b94812bce3ec4be628904dc1df1c45657359a840e61e9afbe5f63176bbe5bb458beb95cc5f648ad68adf2696a23fc4bd26995163cc530ad7af7b47335543e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
d4c2407c16200760404da569caca35d8

SHA1
cd47216f4911bba1aeaedf21ecdc39703795c538

SHA256
bdb7aa27a87ecb04acefbbc91c585e534ef65af2dd071ff8a960008bdbc8f109

SHA512
097e5765556337748f23418cf95f040dd409743ed66983bf5e2313f4e7933fd639dd77407f8078b26b4b2eb577f638ad05eb9d78541943bf996f490e53e528e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
443d7bf35c2fb52ef8b110a3048860a1

SHA1
78e970c2e2aa738f44293b4f51164aa052e2ce80

SHA256
6a77e9c0e59246fd0d1ade916cd92320f987556885eab12ea4477cf9c0f48d4c

SHA512
7902bc98174263c126732f6c07dd635e45d13b1782cd73e0a1b9e3b5d58922f2f6f8a15e1a4a741b48fc27737a45e75ab1e9234684f7ab60b97f1de8e13895c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
11c72f7bd4de1ae477d1fcbf481c012e

SHA1
8d0f5050d45c1bf082bd71fa887c3a2479b2fbad

SHA256
154ef1e352d5e5c4859bb18e6c826d798331fc17efad62700cf77f1c893ca7e1

SHA512
e7a590b031e3955da2f72f312bf2efd20eb256bde4e1cbaecc36c2028690fb0c1c2564658827c10278a8d1c1799ad802a3b17b06106c37b7c9f5fd300443008c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
34dc7311fe894463ae76851cd2fdb1a1

SHA1
22e97edf0c81089a9331823beba86250fdec454d

SHA256
b83caff9bdd661ad94d5159fbaa5764df978be49501581a91dcfd5504c0d5e70

SHA512
b6095ce432402b80ca8f36e33eb314adea6f2262f17d61fb01c32e048ee828b7ab4e35f9e4feefa0d939cd487362aaf0fc917c4d8a66ea5d53e508feb8201fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
497fa4c14d7d0a02f6947b37f6ed564d

SHA1
ad51b53498faf0b5b25f3a77a6c1ece5fb5a52ea

SHA256
cc3b05516fdf358a252029af117bbe89a4e9fb016b97053bb18aef623af1ad4d

SHA512
15510b62c0c469c60720cedd81a7c4b5cde7f6348a18ff2f4fd2107f9cf43c35c7529f5187114bbdd1531a2305cea0ea1b32eb0342981c5c8eb58cdd3a723dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
bf16ef23d9184a9925e2165758c51ab4

SHA1
944bb51ea4a10160c65282df9bd70390842d8952

SHA256
31277731f213f5eea4aea30d324b201eee731924fe19d2a1960a906d42361f35

SHA512
2f60c85ddfd460ade73fd4f7f5cc87ffa6e4d7e7527b4075720e1ccbed5ce2a25467e7f43a309a0776b39f6ca6c4e110f56c17c21f5419d163d96a375bc11684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
3f77db892ee38ec40a51536a54c9a691

SHA1
1864195f36f940c663c6e8f026abbae21a53e388

SHA256
43c92f1c33eb74ce866ce150604c8e4501764a69aa1ec30401b2a54f43d141f5

SHA512
b1dafbb043175e0dd49438d2f9687595fed8ca8d92d8a1ff62aa84d9495be74aeb515efac6151d4add1aee6170c0e7e37209afce6c1aa6b37cb47308e24b1247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d6f614a3-39e0-437c-9ce5-deb0137db993.tmp

Filesize
54KB

MD5
b1ca6bfd957b1383deb3236e17925f11

SHA1
133263c9083b6f9c999f4cea45902552f00e5830

SHA256
d5820c499f3317870177e58ca5e9abf0180c6be75d1c17a6d39463518026063b

SHA512
e80c6da73af314f724e8abd662695a48aeef2f2e147caac750f1481404a9f863ce5fa908e26211c67eff00f505defebb205dc0729abb641c773233cb2507edf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
46dc5655669587051581406a984a83dd

SHA1
1c584b4c1f4577b910d950fc4e7a5cd669697dd2

SHA256
7002c66bcd36836863c89a03410232733b8cfb14b0e3b0bcfd31467b439a986a

SHA512
8aef38dbf7d12bfadc64018cce91f04fb1d19200fce2697cf5d05fb02ad781498f5398a15b39612ff55a3551ca1f2e95fe3ecc81481a9ee84979c403b219c5ea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads