hxxps://drive[.]google[.]com/uc?export=download&id=1pxfq3RDpRCHuAbAfn_UCkrMNMzhCCfRt

Analysis

max time kernel
99s
max time network
101s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
16-08-2024 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?export=download&id=1pxfq3RDpRCHuAbAfn_UCkrMNMzhCCfRt

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{504C79DB-9FFA-443B-97E6-683EDD97C105}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Sparrow's Pack.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
2364	msedge.exe
2364	msedge.exe
2288	msedge.exe
2288	msedge.exe
4480	identity_helper.exe
4480	identity_helper.exe
356	msedge.exe
356	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4076	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 1224	2364	msedge.exe	80
PID 2364 wrote to memory of 1224	2364	msedge.exe	80
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3604	2364	msedge.exe	81
PID 2364 wrote to memory of 3460	2364	msedge.exe	82
PID 2364 wrote to memory of 3460	2364	msedge.exe	82
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83
PID 2364 wrote to memory of 4120	2364	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/uc?export=download&id=1pxfq3RDpRCHuAbAfn_UCkrMNMzhCCfRt
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xe0,0xe4,0xe8,0xdc,0x10c,0x7ff98e393cb8,0x7ff98e393cc8,0x7ff98e393cd8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:308
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1568 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6524 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5387034426680588394,7486276308713687662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6b8361ca45bf35173fe57f32bac8e7bc

SHA1
617d126d193f8f40b13fc7eef1d48bd2b5ecdead

SHA256
acd7073a79c37af6bc053c8216db31c52e740ac9ea7152282ad399a2668e7421

SHA512
af09a1d652ef26eca363decfc14a1cb31fa8d3fcfb241b6c0e64964a727ee5a69195bc255a02643d20855b467c9435bcc5caabb17e5f75bf304502c4537c092c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2364_1710469540\scoped_dir2364_689517778\manifest.json

Filesize
1KB

MD5
aebb8019de3024d50fedb5fba34c9cc5

SHA1
f4247f5c4f13407c17b60ed9a26613b25ef08282

SHA256
48687d3551160068d4f2f015803e67d24f4107982b89df9e193e36f3df7670fd

SHA512
e3c61dc49f258df586797cb39e6780c27c155419185ebaebbeea381e86349b2d00cfa6c0c697aa63bd4946c7f642eff43abb6d307c2766fcd7d8cb2984c8f0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2364_689517778\icons\256.png

Filesize
12KB

MD5
c62102008e28bc84caf97bb37be6401e

SHA1
bf678589d4e1c151647ecb520d06841e66f25ba1

SHA256
3e3cc3691a620a89c4f0cb270954b1f54c82eb39bc7cb8f94d5d36e22b76c547

SHA512
a6c7455e974c3b8a7d4dfc464a14c3b375627143b447e9aaf505302fbcb9e14fb39efc8f40341ba6bd23fe8b833856feb553e06b7bf364bbbab08a32eafdb368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2364_689517778\icons\512.png

Filesize
25KB

MD5
dd1287512cb64b95ab4cd4be5c64a3d6

SHA1
c11e0819c23238bf160c8597329dd6d1da5b247e

SHA256
e4706d055da0314fdba04c4ab425d93b9aea85a6cb70c94602f91a6c9ae36a14

SHA512
b5d1069e631c1a132887bffc79e745ef4221c8cebe4bfdafaad3a393af4b37309013645a4e044f919336bf21d68ecfe974a3f7a53b57a3e6780631a80bd6ff01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
03948356cde29f70ae0d8435d89caec8

SHA1
6c401f6e431207e62b85d46799ade2d972788dd0

SHA256
e4549941da4f133b315daeedf8823ba3bee1b929162fa6ecd2e6e239481163ff

SHA512
318a507b97703b883d98b32655f482690c34997b2998804495789d24a69b272d34414c56773274bb20c18ff23078d18f8f826c9c85cf4ad38cb0f4b99a5e6b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c1cfc29421132b195fbfa274d779fb49

SHA1
d7b1e3291426ebf7493c10590dea5a35e46951f9

SHA256
4e184c57f52d6964400895b767fe149e7c6f3da48b99d77b951c2be60448e228

SHA512
b9b052e7d1693d8d77ad89ffd4dc618cbd53442c685e27da66a703f08bdec4f865d7e566d044996f721fbed7a62859011eef6223ca439a00ba341d118fc209f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
395c4db1dd5a9210dfb600254d2dd133

SHA1
12100cc12422bd0892c8a5ec5a363b73e735258f

SHA256
2fb5a895fbc66e069650cac91a8fe0122e458fd7e6fe442f253038947e426a26

SHA512
fced6c6c6b93d30cad8eaaa806ca59058cd94de55842987b1d55d9b358969e27122d78fe5d86bd5279010f9e08d2b4fb8cfbcc4c915bca0a9740d7508a11f776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6eeed4077c8fd560723713057896512c

SHA1
69366d995b2b51b160f23c9bdc7276d7e2acb4cc

SHA256
4cc58ab0f119a1128b4fe0ea8dc86f78c6bc28f0f0e4f331d3738a5ea8a0997d

SHA512
3fca829b5f45340968e0999ab157b271a4443cf358319b655c5540339737da07703523be9697c80836d71e3388fb90f16f4eaa4ea202d2627191a926b1f99979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7bc1dd00817fa0a0611fb59b5c08ee18

SHA1
0b4ef22f8054f5858ecd896b796afb22bde8be14

SHA256
16b4fbec3f7727969f3ca2aa0c2a9c1de4cbc3eff5e857cc69cbddf0081e5803

SHA512
2ede5abd8f3784f1a7df756b7a948d41d86431dcc9b078a95e392035750be45bc4e009ae91614098efd54700723bcb3a57af50ca3f7b7819abd482ff212c65fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b915f2f9898a38d8dd00be67f1f108fe

SHA1
c861bbe09ae00beb774eadaf3a97df3003e83b93

SHA256
3e00e7b99f4371c599813ce4cf5df0d6f0437179e49fb7dda4523c80ce18e5ae

SHA512
8254cd91b0d307e38de2c786d37e350e9ff2e297ef1185d36d5f04cd4c38face53a88d185f3c1c604e4e8b68def197d1471c41f8bad75fd793ad1c1032e87f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4adf22cdb9bf1265a17bb7cf86a24db3

SHA1
e5d3fbe08d777b1a5ae9ecae9276b3dab02f8276

SHA256
76446246687d756abb9516a60bad957324c1ff50b4586db7512be48427dd770a

SHA512
ad0c99415eb0d0bcc20c6c32149876f7c8f7fbd658dba00f2bf64e3049a462103a33a48c558293b49f75cd469650087f50b1be106ee5e55e21c6f5acab025286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af816ea38ef3eb46f334cc5fefe39021

SHA1
921274c5619af0b25b2f69aba7dea71d23300426

SHA256
68f4bbda789dd905eb69a7fe767bfe52c694e4ef2c99e3d457ccd80902700eb8

SHA512
2a49b64ea873c19e8c6b89c288a08542bc6ef4a6c18f70b92e6718f44b18e0b588c9de9952a913fcbb20055155743212e591245d08ade0099683eeb461c62a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
27KB

MD5
dbcc2b3a4a369faf95fdce31c0f9e597

SHA1
6a9a4b71d714a551287b4dd6ae266d626e426309

SHA256
d7498d802d8a40e4251b84ac15e86126edb238b4cfd2bfb3933a93cd2e5667b3

SHA512
d6d8d13d841734a25c36751123fa46545ab63be8f67d2787c67ecde79707fcfdd9269a341a4ccf9a4c1e8300f7183405f9ead4e1f7d98afb407ff58cdc9d7de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
83f32c37cc7779cb8d32929d8e04c893

SHA1
3894d3d1cc017678d6d7814281d900fe37fc3958

SHA256
1d207a589246389105dd3572728e9f69a5155d86e916e52ba1aae3a84779b36c

SHA512
7f7846a09a2510020b19f1d238dfa008d7d4e95961210cf13096359baa80836c68d4930ce232c1d0fb9ed169955fb69669bbde96ce05211b7b1cfd3352828f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e097.TMP

Filesize
48B

MD5
3eb4fa8a04065922cdc435a954b9fb7c

SHA1
9f8c7435ffb8cd0c0f417317994e57a09113542b

SHA256
9f8129f318b6fe6be499b6c2cc06a26119f55c8999a02296bf4a755a08a352f7

SHA512
86e7c0c10b55140a108944e14352d9bb86474108e445a0d8e4cd8ef8b3cc2b454e6342ed4eef291326eb49dab1c499f4a682434ea0d1a7b9e7ca307605bf2103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c90b19e7e878df7f1bd0becb4595cef2

SHA1
0248e1f54de884ea4142e7d77d03adfb54314ee4

SHA256
8f6e0bee63628fb6eab3263b5da5f398c5f4db6843a6288863e864f58991cf23

SHA512
f52f4ba154e02110746265507465d395cae41a7a4b6a4ed7c98807947d6e28200a045a06e51541fec5cc2939b7c21bdba64695e892aae8e0db4b80a8f4110d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
305261b8b8367d1e03ecb0819fc86acc

SHA1
32b18f66641183330a259daa71f3785e8f046e1f

SHA256
4ed626b15891d5fe02a7d8d05e5ac32346825dca2943ffaae76757be17b35e4a

SHA512
d4de9fb71744111055a45ba63a52eadd1223d44231e304faeea4929b09dc36860aa3002edca3c537542a59d5c6e3773a875bb2c5d54fea886c3da56031f0718f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a090.TMP

Filesize
204B

MD5
f0efb31726f965f94edb5ca2553a5dcf

SHA1
67fbe1ffef9bc5e8994411f5e5fe5195da1f6c49

SHA256
17b6c402959de04ef21a69c9fb9b3dac91c731f273e309fddbe60cf1d60cbcad

SHA512
38d8afc8f40df967033d76687dd51d6dbf71b8828fbf298992a4b8547e0b673a4b853ba0e2c656a58d3dcf6742eb7a0b44cdf5a395d7851fdde950050108ca93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\Manifest Resources\dnopbpmlkabcondfpckfnhgabfcncjmg\Icons\128.png

Filesize
8KB

MD5
386f68e94da25ec0666ff3f11a2f0931

SHA1
6af9de4482f72f5486e1c018c6998df815647a35

SHA256
5bd4764529ffed54bfc574924507c922fda2f8167bdf268b98f876abc75e5a3f

SHA512
3e038589d6e751887bc117fd2a1ee3d3247750003dd04a7ebb2d806b58a05879620b2ac58df3155ca02a42885d5ff534658b9f628bbe9e70db0bc9f350c2960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\Temp\scoped_dir2364_2055864520\Icons\192.png

Filesize
13KB

MD5
e950f6bf91460233ba529b84e969dbe5

SHA1
c20ee77fdb8ecb9ffdf0f84d3d81c7f651272410

SHA256
2d8727f0bec9ba1987c3ee2f652927958a96cce3952f9a78c471e8eaf996a76a

SHA512
9db4f8640466e5d1e989759b479e1ee608a3cf2e00aec9f03060c1170d1bc2464226c91499e39c86bd4c35ef83564fec34ef53ede99edcc6f4a0716f4b6898ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\Temp\scoped_dir2364_2055864520\Icons\32.png

Filesize
1KB

MD5
2703c0a0f54c39a89904954a095335c3

SHA1
e7933afb5d6e38bc8476dbd46ca142b564aad217

SHA256
5bcdbf1b7483ede722f46742f6e2675396c8464980f62cdb899ccf6951e3611b

SHA512
93823ebcbb161436d8fe1123cef57181b0f61c7bf47c6b965480125359344955e763ba0b2b1059dc406474d2c68df15980babdef4b72c4675334671aa72573f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\Temp\scoped_dir2364_2055864520\Icons\48.png

Filesize
2KB

MD5
64c2c8a8cfebadd9074cae2a28c2fe23

SHA1
655c76d8358c2251a168233b3fbdc7f624783a55

SHA256
9eaa08bbcbb4eea901cab80390c08f7cd23b5a9fead8838438f850fbace7f5bc

SHA512
e0d124fa963dac297ef1ee02c53c721c46ca98989d92793cd4c7fbda38490a8e5c12dea06ca5aa8232dded1364a4cfa9860c41862ed0f730cb8188c787e103e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\Temp\scoped_dir2364_2055864520\Icons\64.png

Filesize
2KB

MD5
9fd743a5fb5c3ac0a0cbbc669b4a6f7b

SHA1
7af4d3368e5cb28271c87830ca7b755cc470e67b

SHA256
7d31dd02972c6e46969624f32ee19547abf047056fa733deb50eaafe32ce7dde

SHA512
10e24f2c103ca676ad26eb51303d7592c572376002112ca539f16af65c68fe1554eee6866f2b912481f643202a88ef83acec689ceef9add46f0ec23db8f3d256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\Temp\scoped_dir2364_2055864520\Icons\96.png

Filesize
5KB

MD5
b10f7c73f2aa44591e59da818cce429f

SHA1
b5e2201fa1c8e8642bdee23b16e1b53aa926848b

SHA256
7fb5972c0be4f4ab20c67a06e7661bd7ff2b6eb0e6f83b00d224b74de34985c1

SHA512
500cdffce3e78845f52170717341e152f9fedbed954461dfcef2ca7075e0d6ee2018773141e4c26ae84e31445cb08272dcb091fc7776002606ef28bc3ae79085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
70200627cb2b86a24ca16a05d24c5f41

SHA1
9f2549b5de8026f82585ed4c9a838c1adc667d21

SHA256
425d7bf9bb064fadebd98565664b23d018c856008ded2ada3aa53c0e4ad41042

SHA512
c0f71c1dce396b620ce7eebee31ea0be12b58c566bd6ae82b6d1b1a9f9b19e940cbac30cfbd7f64848a51ebfde84af89727a39c2eca5d323ac156deb2ff9cbb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bafcd93d69d35eca8bffe7f5e2cb4e5c

SHA1
7d77718bc7ad6fea791ee735db044b1004aa31f9

SHA256
e4ac79c4526e580b0752dec9e9b4e514722c77a7d53bc0beb5653d790ad83025

SHA512
37c2c18b72d55ad419f03624122d46fdb716b62f19fa35276dee4a9ba20a96ad8b63faa1b1440b4f9a8baa345eaae9004c615519661cd1d2387a298d8ab11f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d88ede14613717186e6c48912e949342

SHA1
67287013d8e3b1fd02c24c87c15e511a01b32d8a

SHA256
ea1ac5d3f9b8c3373eaf1f835c7183c0f2c3bc1e1939921735bdd8353df0538d

SHA512
56d1deda5b84c51d873677f288fec6798030771e3a60736d0a376c0826d93c67071a9273e0e1551fe51a5846b631ccd7031805028b55c34d764a94162722ed43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f3729eb0b40b79a7619c962d4fe30d23

SHA1
934bda0476b2a827ed4a4a17859cd799f01bf98b

SHA256
d0500cef194478fc3edf026c646c73c5f5fe0705e9ded787911262e8565535ba

SHA512
c99d96f7145c70be039f677d644f8c63bee6a37101af07dfdff5001ed71930bdc0ad394c9dec5a3c17a4817290b5f462c12476cb370490887b35b8d6269594c7

Download Submit
C:\Users\Admin\Downloads\Sparrow's Pack.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit