hxxp://news[.]bbc[.]co[.]uk/2/hi/entertainment/2028725[.]stm

Analysis

max time kernel
150s
max time network
142s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20/11/2024, 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://news.bbc.co.uk/2/hi/entertainment/2028725.stm

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\732db8c2-5711-44be-a5d5-e526fb0ba6b2.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241120024048.pma	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765439909620032"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
1424	msedge.exe
1424	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
6072	identity_helper.exe
6072	identity_helper.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
5092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 2872	4764	chrome.exe	81
PID 4764 wrote to memory of 2872	4764	chrome.exe	81
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 1064	4764	chrome.exe	82
PID 4764 wrote to memory of 4296	4764	chrome.exe	83
PID 4764 wrote to memory of 4296	4764	chrome.exe	83
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84
PID 4764 wrote to memory of 4224	4764	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://news.bbc.co.uk/2/hi/entertainment/2028725.stm
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffae4d6cc40,0x7ffae4d6cc4c,0x7ffae4d6cc58
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,9562490594805628997,18186949378051439597,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,9562490594805628997,18186949378051439597,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,9562490594805628997,18186949378051439597,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,9562490594805628997,18186949378051439597,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,9562490594805628997,18186949378051439597,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4516,i,9562490594805628997,18186949378051439597,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4664,i,9562490594805628997,18186949378051439597,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4488,i,9562490594805628997,18186949378051439597,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4988,i,9562490594805628997,18186949378051439597,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4816,i,9562490594805628997,18186949378051439597,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffadeb246f8,0x7ffadeb24708,0x7ffadeb24718
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:5552
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff7fee35460,0x7ff7fee35470,0x7ff7fee35480
    3⤵
    PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3746323374143461751,3675219807413166661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:5784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1aec3e9d4763c687011e949535e56d7f

SHA1
937f82efc73ae0e40cd56dd7dc5654c965c3d54b

SHA256
6440e8c1541ce150f3c593e0cc64a024cc3e3846a69620bfafebc1904e31aaf3

SHA512
fb227a740277e60d4b7306290a00f50dcaf66f03fc5070779ffb49a7cad9014954bd526cc9ff1f543895aa2618d9a093888c5105a8ac8fe322801c4d5e816635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0d9310e8288b234ffa6dc2ea289a0ebd

SHA1
ca74cc931ffd0f7ac8df4771b64a4a5755767169

SHA256
176932c33db876c8e22b34476902174deeffa2f6f229807fb944a3ae3f4d26f5

SHA512
3a90792abaa10709d6fa6adaf8bdd39ad5ad2b12f828075e4703463f8202b883db19889c9d9a0f88f368103f47c14d5016face15c0ab87fd808b96b920b76562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
0dc6a7b9c038c1f967a882ddafc1d73e

SHA1
857af279a21e3543b9d67d3aa0c3b2fbf10ef73f

SHA256
498209f1d18ac35a6e20b39dcdea9435b8716eabc51feebf8ee7b3c7c84b9e35

SHA512
9eff0eefd63e77b0d2b4d5c32562115790b8d3ac511e3d72214d138bb5578fb13f45b3b9c2ac3d36be1c8c9b1c1c211a06beacf5ce7d5a1fefff3394f7ba7e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
171a7f8e9f28218b8a2b08c88b62740d

SHA1
410828750d19e5b032c8b04dd9d4701af0102842

SHA256
df19c4a49483e37677ce8c0c46ca753d0f4709c318c9bb2dcc89d185f1630be4

SHA512
655c8bd48c6f5d87bdba6b78d8215a9e04fb3adc9e99d8632a2c2abb07881895ec0b8b1c145c76b67f180321a0758e2599cc314a2b96639c53a8f05614ca7a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
658d3acc361361f1614c179d664cbf1d

SHA1
8a4e5113db0836686b7234d36ef9a61848722044

SHA256
09f21c49a0a6b61f6e11717452d4b82952aa5b2cdf7c199d3f3231a29094691f

SHA512
d804a2f3a95966513d764dac155cc30f37049945de9f1b8321f2a97381746ed71595ddfd14947989e28fd51b140a29e2013ea510cf39ca451310a419f4f04328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2c14237c372b02e4f9b6b3dd5271357b

SHA1
a4afc57290de3506f9f0eb79eaf236d6a5782452

SHA256
ce4f4eac9b8fa7f40127241ddeea37f894e4aa5d2e30778072af1a3df9dc97ad

SHA512
055411fde2261f197944689a87872ffea42379a9c92cfe030992d6cb00a38339381b1de9fd5090a7e67f9128c8b484ab76063d8baa5645b1d183a7b2e193e2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
71ecadf53d380f07f3facbb402d71982

SHA1
cc0447de06e22d276ce0f85490cbb1298a02d666

SHA256
bdc4aad1318398c10c1e3f8eb0e2e1b9ec5288792706c7e0bae1c13165d98e4c

SHA512
05ea778f091894de96a0595e95143bc14d33a855fd3d70e1e976137de247fca6aff075d3e892f9766441e0ba71aa7be2c07c6aee060fff981b4a3d57cc04a7b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
68ed67c7eecaeaf4ba574a50fc660d31

SHA1
6db622ce41c69fc0c7299dbeacf22de76be42cf0

SHA256
830177e5be5d9ae6efae1f208eb649622509c2eeb26f2a6e2b8412af8102cf3a

SHA512
73c53ac7d453cdd3fe02cf9c07dee4754f6b8d168de8e08ec283d006b1943019b53148277b666fc2c566a2474648c01a1f1028fbc166667cff2f52065b62a560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d70f53ac817555e50b72e83e976e6421

SHA1
3f4be25fda0b7f61322161a29d4d306aeb9a310d

SHA256
15c58cdfa5ea3325f9bbcc80ff2a5e26a54e4b090e48b4f25dca7e544f7e7efd

SHA512
bf04b3b299f6455f076b7f8baf2d49d7ee86af5c53244c856acd397ee52ad48262e84596b06e41f56a60b0f203e1aa22d500bec703dba89dad64b62f27dd5b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9539e31f372cb48a043dc11298dad52

SHA1
5b9c7f4d1de652fa4f0c8a83d9df65b0d66b68e1

SHA256
9091d3bd5d6dca10d388f5f7765118fda3260b1f8491e90901f63b777561bd17

SHA512
37315f2a7bc47f2d6b8d89404f4bc4013c5230a106fd0079e89adc0945916c1eee83ddb955a2072d131194bcffcb65e545a9f27757e12a055def7bc7c908a055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ec7b913d2f62b79eabaf48772331ccb

SHA1
a9276452af04e456e50054ff6244d8998d71b92c

SHA256
cdff5e3026c29219dfbaa98eb7f63f742dda962769232e4cb9b34063d13d1552

SHA512
465ec3ea565f32a9adf6c213e353cc7d614774a56d796c685f7f2fbe73a634f6bcac635d932f22f4c8d50d37c84754628d41a11aa24bfad8386197505883ba51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c808c4bdf2e01defef72599f3be50deb

SHA1
f3a7a3ee11321991f93a2a055675dde218324281

SHA256
706070c813d72fdd824ca94bc6d8513a8dc717b4958c9ebc6f57e9e177e851b2

SHA512
7d5e884e1bcc43087a8e09fc694a66854d36a35cb7b75d11b312f83446b2e26661a13b2fccc162575b89ebb87dd0de6adf9816ac01c34ec8a18200a746870b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c663b65ed9299b0874acaca4bf133697

SHA1
ab45a660760e49598e65db57b576fb1f2cbda810

SHA256
b507aa256e638e276f0cd772f8425f24d41accc0584a283f1f64080beaadc387

SHA512
854d86ae115131f3c5b4a88b89d5e0cdf38c220f890eb8394847e76c6e618e6140d97fcae9ce0e8c1376a697de0729f65cdbac5491e181fe5663640eaf527260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6670e5fa54bec1f5e9a6fa003956a3c0

SHA1
83465af4387c90253194654dd801e20c3f205ec6

SHA256
882606904a9b6ce28765499c6a597f2893dd01c50725b1a7c7bcb8d97147926b

SHA512
28019f17ffbd9313be56a0e0860c1e5938db8d648a4002f6b334981771b95e1d7cec9f650506bd56e8e028fe924a9f921a2295c9bb072f816ceb300b547e60e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b55653d5182bf3317bf43e0ab4d02dfe

SHA1
e98ce40b80a187c92f821fbfb68b3bbdcb45800b

SHA256
4c538f0671e8c207d6efdde7f704af6eeabdcd1aac121d12c33fdb48e61f0e77

SHA512
81f814c3b1651619c9bdbd8810ea93f07b22c6ac3c68c6c6f22ec590aa9a7cb7fbf2d4ce0d500a74a1a7acfaff1d5d6dd5215a6ca05a1af3c160e8605f0dac9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2c695c778b6acb869168a15a6b6dc055

SHA1
aea348adba79b9220f28089ccd1d169fc324eb33

SHA256
028921f242f863d5587a10d5ec2dab54f0f6f12141e979b13614054f63aedb82

SHA512
04111f3af574067f581cfd3a8c390dc98552a7b2cad9848a2b3d054b36809dd68709d3db41d198c7244e7c23109952218757379d9b824bad2416fbdf45eadac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5021a58a1060823ab4cd887336e779d

SHA1
a97feea8160e1e8a3264512e77d38d83b320800b

SHA256
6939c20a3ee0843ed449f16ba201a673678967af29b12e03d899b39b5e287380

SHA512
e87a8b1c5d01acf2d67b242f41cbf274b613e770bcdc2ee5bb5063c3c2d22f065a00ef543ca43b54e29f38074bf6771bffe814e620a00df40b2f4b95b658207f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b666f97917041c1e655355be5e7c6c89

SHA1
9becc79828faec3457ec0685e6184d8369ec8bd8

SHA256
2fa48340adc5c3db5a9fcdf028ab2235353bc605ea20f1fed04dd5466d5c6d7b

SHA512
138d91363197f783630d99c209a9e886836ca6d35f29413887ed917a0e7d8a0edcf42d04213525e944dcc48950415bffd89e988085d37f09a67af9e918aa0b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
786c32cbb59c70fa0f9dea9e6654fefd

SHA1
c7bc6a7e59bf0597c24b2b55ece4c000ee25a7a2

SHA256
e71662ba949fe1be67036a197e41cbad2c185de6ea2366e3c9d7cd9f1756f32b

SHA512
403ed832f75b11da3b641e2098e84afc1df3dc9a66f4e6019bdf5bd07b28c0d0a571082d23537442b30eab7840584fd5c35ec03c42de7b98796756c82bdae1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
92e24a7d050c0374977fcc3ffe207e56

SHA1
5ba3ba2f7b2a02b85f0a60f5d82dd137851a49be

SHA256
c15a03fa51343205b712a755b95eec6ca6228e583e142d32082861ab4c8cc10d

SHA512
32cfc5faddb61ea678f4ba1cd42f71c61f44b761bf89440c5a38314d6f30aca1af531760667a0277ecf8197e2e3fa4c29ca698396aec59d1f8b0330eb66b1ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
f87a23f904348aa1952a0c6702607218

SHA1
baaf3c29a01567baaaf21409ffd5a7a24cc15226

SHA256
51d2924cffe1a4c93b5c3771610261b1a88a50e884a3ed8c61ceb8941be0d771

SHA512
d64f57cadaf9984490e4c0bbcc696b759b38e4d16cb5b91aed8dc557bd899eb5067c0edf33d43f2070b2539030e665aa9b39ca79e82d07a635b9abfd5e95f838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
32d05d01d96358f7d334df6dab8b12ed

SHA1
7b371e4797603b195a34721bb21f0e7f1e2929da

SHA256
287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e

SHA512
e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5fffb9ed7c2c7454da60348607ac641

SHA1
8d1e01517d1f0532f0871025a38d78f4520b8ebc

SHA256
c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73

SHA512
9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\984cc8dd-c0b6-4546-8a9e-93c8aa8cd2f2.tmp

Filesize
24KB

MD5
ac2b76299740efc6ea9da792f8863779

SHA1
06ad901d98134e52218f6714075d5d76418aa7f5

SHA256
cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199

SHA512
eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
4194d33ac728850e7cab7d505f7a37cc

SHA1
811de72077e9aaabc81a1e6437f3fbbef133d6a7

SHA256
a826569d89fb08a0b9150ff3c9461c81b96c48ee085bc54aba349c117d9aad32

SHA512
344cd76dea23aa54e4c1d487d179d011600b38a78ebcb9b871a0deff8e3ae0548903a0137097cb17a32b65e8e580490c55098b75cad3f7a868f968ea0288e977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e2ea61e739a978c73f7c456379f479a4

SHA1
b410f72348f070e2e064a5737542b0c5eed58206

SHA256
07a4cb64dad9fa7ad2c41433bcd4647d050e6226d5935a98af2de11f1c80598f

SHA512
00ca4b7d5b360125f88b424e6777fb0049c776cb544256f0fd4e7a05f537efded394439cdd40cea5ee3f76d7af6b3a7e5f74989f10dc00bbf195f6e25b72f47c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
485B

MD5
8926ee8778d53f236c39119986ae201f

SHA1
2e5e28694403873c14e6271895b3ae30f5eee026

SHA256
47dfd23688c21105404cbce978ebfa058e464a0755a648a7fe78c86d6683bb75

SHA512
426a31815f0209849c99797b7dc9eb68c916081e9188ebaa8b137155f391aee33198f915116beaa5d74e9596662ffafb0455ad3c8b15b3abd1d7b5f0adc7b93a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe599f24.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
24d7880f37d672b8d146c62190c864a0

SHA1
85b90fdadeec13dd9b339fac4c9818eae77e4039

SHA256
5e470cf0015eaed22705faf81ab01bc48d86092b487b5c83d0fddc7117bcfc9f

SHA512
9e8a66331871e5587e8f6b5b4ce90346d42cdb1c3d1f06b4df46a7101dd4e6f9e53d87f9fbe07ac7cbaa1827a80ba92b194e70a75ee66f045dfe6b3a557b207c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ebbdd6c2d7cfd2f03a15130ad5aceec

SHA1
44c4c9699c5219dc0ce14806ec2e7b86b28f5c5b

SHA256
15666dee30eb18ae33d3d1e9a4892cdc338368b4ad26f15fa2208842093153c5

SHA512
b20fdb72126263d4ada709b6150491582d46ae46ce971ec7fe5e4437b69fffbe27dbf4bf6799038376ba905104fa6fb6bd45e161ebca0939e99e8775bc9537e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
22ec4b7e9a15eb54ab2a7e48a62e0399

SHA1
f08a257ba0ecbcb5dae77c11c9cc789969839230

SHA256
54e1facad6227bfe641c98f90e363fae6fefdac97a441c646b1ad2b0ab88cbe7

SHA512
fed667c5f1cd85410f84e39ff0a76b223ccfc72011b3b0c8ad5a37e183854d0f90fa5eee7bca9d07ca07d79d7eb881d31b202543a1f70c4061f561bc8d693ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44654bf62198654590dece2c94ad2bc5

SHA1
a71fb5a0ddc6d6db08feaf349e9430e276fbb560

SHA256
9e9ea6767b3547e769400ab89c83a5271eca15665630276b054be435b74577a1

SHA512
25537ddcad329699a6d01775617e6c359fae98018002f5ac011487be28ab76c0fd4cd262512712c1c24a7d2d6c209c28978053af62a335c5fb7d0ee6b61dc2db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6e466bd18b7f6077ca9f1d3c125ac5c2

SHA1
32a4a64e853f294d98170b86bbace9669b58dfb8

SHA256
74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc

SHA512
9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
76d71b578f0353c562a6e347a00902ce

SHA1
c80ec5b3b8c4cc79a69832cff4fe0b7974988b15

SHA256
5f3918d69994b5eefb0266e7e797893cab5877c6bf90bd88575c0b0fbb402038

SHA512
e88f4451d85819a5bc3d5698c836e85a1b671f81958033c97919d14857b4efece0a0b4f24b1882236f8e1c4928b853cee64464cc415780ce12aefaf76860471c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c7e12aa7111fc6b1c1fff42e4c957675

SHA1
c40a61b7fe3921181d511548f9c9b54964784efe

SHA256
6ace2a9feb0ea2669aa80cd4ce20b3365db87641f5635007e20b45f83a84d152

SHA512
86f20a06930c57d6ca37041b334a779341d27d5eadd56ae8e24866aa34c5254f8610ff5e47d2c2730195d52df1061e6ed68c907277acf2177a08e46b392d50af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
8a80d0222ad8d1eaaa2abf88e89337d9

SHA1
a1e10f17bc0b44fef36c136cb779aa632ea404e4

SHA256
c8fbcdb10b014f614866b88dee28bcf898ae869a1d60c0ec013f1665e821001a

SHA512
e8b8ecc0e40aa8a1d2a9f4777420b0764a537b1a905ed4572f497d0bab22a5d7885218aac6bf37efbb38ccba7d62bf2777dcc3b13cc7254aa26a54e96c8904bc

Download Submit