8ef0aa04db9fe87fe3e9d92103882dde1531a55f8c7fcbceda55f8ae4f501435

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2024, 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LOwIP7.html
Size

1KB
MD5

0961eb13ef799b1c1f2a335965f343bd
SHA1

5d7ce0e0c0137d85da4d7ced88bff2bdba80ed20
SHA256

8ef0aa04db9fe87fe3e9d92103882dde1531a55f8c7fcbceda55f8ae4f501435
SHA512

554458650ceec6f091e6451ed3eb46141d98deba5cab9fc54c0b956b90939caf5d846edc6ae4d368d88a964c2259f5cf9fcadc8f7e610b30928ea65af9b5c777

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1824	msedge.exe
1824	msedge.exe
4688	msedge.exe
4688	msedge.exe
5084	identity_helper.exe
5084	identity_helper.exe
5580	msedge.exe
5580	msedge.exe
6080	msedge.exe
6080	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4392	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 536	4688	msedge.exe	83
PID 4688 wrote to memory of 536	4688	msedge.exe	83
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 4324	4688	msedge.exe	84
PID 4688 wrote to memory of 1824	4688	msedge.exe	85
PID 4688 wrote to memory of 1824	4688	msedge.exe	85
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86
PID 4688 wrote to memory of 1108	4688	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LOwIP7.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8975346f8,0x7ff897534708,0x7ff897534718
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5875715832700110752,16626195937691226891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x500
1⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultbdad0d96h0ffdh4a03h860chdf24a57e5545
1⤵
PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8975346f8,0x7ff897534708,0x7ff897534718
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9016595223811564792,15062280401433445228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9016595223811564792,15062280401433445228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8d7ce272bd0ae28e8cc983c7157ec3ce

SHA1
0720e5c6988a96ca1f38c1aa712a46acf50d2c16

SHA256
e1bc49b1eb5e8b94513ec2cde8e2175d2068043d34a36b204f627fa4b25d579c

SHA512
3dc9479beba651318d2670b248db88e319b889e8ec652e0c2e4c289cf3ddc5efae9c3b65e006d76cbb510de34767d1d78caa2dbc147c3a48cee9e9f89bd35a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
27KB

MD5
17b6743977bcc7a7bb29fafc37f142d5

SHA1
a06d514d3d380b8c28696bba059c62cfc54deaa2

SHA256
7475e9358cc8ec5ae95b1b485ae0f5dfea9f22c375f9ccd1107b53025f71e3e3

SHA512
1696cb3834251d9f4c1a2bd5d884d06a5efe2b53e15834f9f78d60bfb186977abedb007a37eedf3a23b9347ee44853c1c715fa50faee04b9bc8cf0d3e712b5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
66771bd70f06f409746c670f70b95889

SHA1
9351468d41d63bbc323daf65804e0e65947f160a

SHA256
e67714c53abf6ed6fb1b19774a51e2a4ef26e63b8ea1fd63bc3e67ac8c3db58e

SHA512
f1bfd723027febfef83345d723fac8836b1c5c10e509fdbd6080da053f81bc0e4b1ba9b49412522b4f86a4b6325ce53bd151f693eb66e4057f2a64f7a0e4324f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
71a32e3432e01e509fdb03a75494fb5a

SHA1
b6c85178cb20da95e15610badd1ca6876cd12f66

SHA256
0da807a02142a35e6ce05912e838d898d9874c15cc72ab3883609b6cad1ed4f6

SHA512
52f1e1d2f55029bbd65986539ba61b3650daab86b457afa4f5436e2431ed5a5f1dc77dd2036ac3bbaee3e5db991e74c55daeded489f75a20890576ce168033ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6d195441d60fdbb33faf17ed03b21b1

SHA1
8946f62bcb4352ee2a568e614f6f947455b1ea53

SHA256
86b1b39f972d93e066ddd5240aff13752d1028849335d886d5a953efe9808104

SHA512
e278d6ce25ab0ce729241b6eb5a3518c262456fb71775837297acbb9e53ec161ff53c697582eef4d6aa4b852bc181511364f47e03d989545f5a085b6dbabf29c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4638a9c4c1db8ea8966501ec755d329d

SHA1
f47b77bdf49306b8ed4dcf0c98fdcc06b6d5636d

SHA256
67064a44816b55a9ba83342149c02c5c2f3b7cc2471d5b18d4b3f72a6c9e6fa8

SHA512
273c72941054b311e62efb494476c751bb4e79aed0b30bd647f33b78adc2ebff112d9d797c5a2c476b358a46015406ce68c67eb957d7141cfc737cfae8ded3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6040d508cd334b00545b6bb5fbc0ac39

SHA1
cdc53f908555823a7e2b282e51d92697d3b8c3c9

SHA256
b71bcdec995e004697745f8fce2bba304ec887a2ecd490c38f60b7ef4e8bc0d2

SHA512
63a085cc4b495bcc50a132791ed99ecad4e20a3ae0a6f338aae35f879f302168de8fe08f6b7fb8363c40382aefc28ff444d4e3aa21e500b66a5503ef0ae24355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbfbf8f09cad0272feb5d8282b9f476d

SHA1
726703274fc9d612f9749c6435e144779e4aa0f4

SHA256
9d9f8657d71f01f08ccef84a8b190c93ef48def5669856e2930e0baa029443e4

SHA512
e26526340df02595fa909f552fd488440bfd8a6f96088477361c0fde1bce8baafd288874ceab1b95fe74e44f3f46a49b53f09b79ae29c43c1ed02e44de155773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e9d6a0a70bd970d8606931b3abe9f7a

SHA1
9a2304b52ef3f2cbf13d1118f090f2f5cc44446a

SHA256
3bfde528cd7adc1b9f0b1fc7d6c401539eff45a85c5ba8e266e8baa27c55ffe3

SHA512
3fd9d81810305e5e69bac3026218b9afdf1d4ccc6265bcff34f51a763e4eb4d588c9821ea7e716d6b54333566298814b53584d0dc799eb7a337b0d82b6e406e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b322f0eb3c78ffba275cc866c70b9902

SHA1
b97148dd5ba932ca399ae1cabe91a3aa296aeac9

SHA256
032c724669696e7904b98dd103dba386bdb22e9f5bd6d43010e534a05cb5f07b

SHA512
d6e920997ac9f06fdff4087a57dd0da773c6da559b140a1318a0c641849c6eaf2eb745fbf1ad84a972ddef2fd542e3c7477800f18f4ea45a3de72e632b4c8948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a547bb4f3212e0cf8b9327e4aa51b5f

SHA1
6692e6f68fb4864e7d504157704b519a65b884ec

SHA256
977bf171c9f838c3c3896e7cca7efaff578740bb13964431b961fb5d9342987a

SHA512
5365e6a5ac6b245db9f72d225dfff1c1190d6f2535564a81aee457307a81ae95339b67caf33ef2bc530883d8b880957ead22b0c129e64edbba1d056271bec2e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13799b2605dedd7b52736ff59b731dec

SHA1
303723cc1438594e821cd8144c840e27fd7fae8c

SHA256
5dbff85824361e8236e7af239f06cde829c62a2921f26cecee041109f527eff0

SHA512
3f58a40570c89eefc941fb1c90a1aeeabc41c2eaaba1b930d9f11d0361e4d314f895a3621842cf8ff23a03e168d36d6dadcf34cd99f04964bb0cc36d4723ad04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3cb7495a0fd568bee7a79738e146805a

SHA1
16306741c779c30f27e08f2ad9db41451cdf5c43

SHA256
67be6a99ffc06667260ac94975ddaca60d99a2755c54ef1d2033746e352e3bdb

SHA512
44d470d5a51aba1bf6bea75885fca164fe33b792187b0a1d133ae4011f68ef45fd43da5c1baf0196b7f4225035fad1d47ce2fd60cb22915ce097ef0737567ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33dcf6ebafc0dd6fde41bbef13d1a48e

SHA1
1316aaa3452825c1bd21d481a921fb9798c22e3f

SHA256
d777af571e64075fe9cb71dced69f88e08dfae3ac2a4841c5adad8f28d89b23d

SHA512
2ef31414812ec320b42089d83bb6ecf0baeefa3e5c54d3112b2310dfc7b4656546e55d064e4a0a40e44b399fda4c91ec821ecca49449cf5eed4a8561d1d8aa6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d6e6dfe5b36506c1377a4c1f253fb157

SHA1
6a23d564a787680ac3674225a0bedaffce550b5f

SHA256
c1fe62e4d8d973c781f7cc642696e2011df806dc5f37285533b596b961754cdc

SHA512
9444430f1de8374d737bfcb2baaf478d56510e7cee6504720814a24ddc3a37875a795ab5ae3d8dff48f6b9dc5f671194d843444d45012aa2e518822e0f9e2465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588a1a.TMP

Filesize
538B

MD5
49e9194e8bc3311b0ff08be2cda38013

SHA1
8c414e6f950253818ea375f3b97e7fc9a934f213

SHA256
aa8d223929e30e8fad6fb7dce06e435d88640a353a84abc7e2ea2cbb00d6f0da

SHA512
b740c0500e20a0454a8b7a837e60335e79214c2be9b8d1e372522af727d6fbb076538dcec09377e89587ec68b62fa87bde31c44b4bc38a54807b9c23de483747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
60cd2b2a1419366950618412ceb6b4e6

SHA1
40b95a535c63bf1e4603050d72b0742596d2fdf6

SHA256
2daaa53b0a0b6bb8d4916790299fce5d5dc03d142d589f31e03bc1a053b2205d

SHA512
941ed32cb514e2c85638cf14dcb58120013e4e1e624ca4708ab7d024fb9e227742d0cb357ac23f2327377b3af316c0e60731eca7a42f40ced4fa193ecf43d336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4c46830cee46f658d4dbfa5bd1876582

SHA1
5ddb0ce155603d678bff913c1647e741fed174d9

SHA256
c5f6015fb756c0eeb8f457824dd3f2d7b69f25b6d2593bf260953600c429e40f

SHA512
06e0fa6cc9630b9ddd7f74e6523f4ce924a687b661740c05514c304ff5e3c5178e7444e9e93e7e3b138bf1da382a03ffa2419f944befea0e93452535aed4d5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bc191f4a5d9b76eebacaa333977c684f

SHA1
1f48ddab268726dd9fd90b9ee1779ca684c06aac

SHA256
10b94c49c936108cb5a98e9f6b0a8b751f653bc18249b74c00c7534ecedff811

SHA512
f96f9aaafe2d4ace4e57bc4a01c9fd2822d29fdc46fa43638fbcc2107a98f42b2c2569aae03e0b177b43b5d299fd79886e74f79ef1c08b9d007bbea61df6ba10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d3524437d2b8a78b446df1d99058dd8d

SHA1
36be6bf2a16084d1cebc695242635d0cacc62036

SHA256
1d0d0ddc93a5de3623faba988415f46f1edcfb213de12635b7009f05870464f7

SHA512
e84f24887c617faa425ed2019742b9279260a7f3ccfd11da31738dc44b189330c675467d90f6c3e046898bd88a4d971707882ce7618bfa56340bd730ef60bf7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
562dd683d72714d22f4a28383c38c7b0

SHA1
500766f7d58c2369936371d911c19d57c842889e

SHA256
9e9d9a0f897ae4698acbd00ea38b770f2d7ac3ca824bcb7cc6dbb2bfe6b5185b

SHA512
ab64c5e67816e9c0ba0cbd59c9c39bc29b2eae3359cdad6d7d4bed65249053b95fdfbf19c1d3b45107746fcf57f440db42e7087f3bf1eafec1afc1a1e5bf4181

Download Submit
C:\Users\Admin\Downloads\Wine.zip

Filesize
14.0MB

MD5
1f199e77cdd1753e74c1dc7f2a345128

SHA1
092fae396b33043338d6d97ab89a8386d4b8951c

SHA256
54b57d569886d199268a9036884f6a7a40a16f5438484e9a6abc93314989d824

SHA512
1d8de3de79a9c7819ea7442a8282e5629a44d16a6270e4590f94b66c541bf922a43ac03aeb1a24c055ad76211744db35bd5ab65ca58e5aeba5d7dcf12037cb51

Download Submit