hxxps://drive[.]google[.]com/file/d/1XKi_KHilCSci9Xa_ZmH1b9I836VGXTA_/view?usp=sharing

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1XKi_KHilCSci9Xa_ZmH1b9I836VGXTA_/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
2220	msedge.exe
2220	msedge.exe
4388	identity_helper.exe
4388	identity_helper.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 4556	2220	msedge.exe	83
PID 2220 wrote to memory of 4556	2220	msedge.exe	83
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 4724	2220	msedge.exe	84
PID 2220 wrote to memory of 1576	2220	msedge.exe	85
PID 2220 wrote to memory of 1576	2220	msedge.exe	85
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86
PID 2220 wrote to memory of 2104	2220	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1XKi_KHilCSci9Xa_ZmH1b9I836VGXTA_/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff992e646f8,0x7ff992e64708,0x7ff992e64718
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8002667149251538037,4769561641398352066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
0304a202d0623a0b035165aed963bd0e

SHA1
8b4b64d20616be24e7d68cd07b1d2b205afa1b32

SHA256
6492e308438bcad2982cdefc571ff6927a7e711ac15f7cff2fcbe9f16c4e5e06

SHA512
4d16a4357ec1a64efc7733034431d8a8d4b182ab52d4da8431dc283b66f851bf26f257c6b065c16474240e36ffee1148e32ca7b63fd4bf8168afa3e8de520b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
08d6840dad4e6071e630ebd2a1774f3b

SHA1
9e34fe974beda2a8530392f603da8bb088aa1567

SHA256
359aaee1846baa90e8cdf0e2ced5960a5c1e8bc439707ffe732974e18ec66ba5

SHA512
0580419ea3eaa72aaf5ab2dfc5a49e965d5b4b439cb466c9b599711512d3885cac4bce642268550f80f62169a55b82535a57c38d13a5459aca9430690aca7aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
574c7ac2bd4c1f589994cea34eaf6de1

SHA1
f59c39b63e21eaa6195e7ba74df73674ba640579

SHA256
b172a1f48734182700be7cfc62e39360f7e25a12604a1fcf7b9a23974d346b59

SHA512
4167460350dd9a641487cd3c3e0524b1d1ba8addaded9f1658a697b38d8d1e71cde46ed7419d87d22f2230a852e38e0cb55e7917d5fe0111ffe76ab5de812e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59f0e13e4260c97f187b11f30719f6df

SHA1
9a5738d6ccec5eb70857ba1664dd30534684b4eb

SHA256
d8ee0a273d6c2921d2fd57da4fa141b89b276ec795fed565b7cc04ab4fdb0dd6

SHA512
ae0dbecd07381104207b09bea99704a25330e362ed8502a84fc3d6943ccbca333254ddffa7ff29be2bc8099bf0fd79f95f6a0f59e26b85235e89e136fde217c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7ded13b04b87fcf66de2d22ed81774d

SHA1
aa79212b9af7f705013ee8f5bbe82e17a2597968

SHA256
be485f0d1d61d2111b0af0a2e51e94bcf6d2dc90ed2236c4435859e31f6cd6bf

SHA512
f2411d0e35b5a28d41e3178b59c778b61834618ef90d3bed6e07c425d69a226ef08669c5001362ba006b382579a435a458403f15dc6cc48b8aea278a76960fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4659d2d902dc5398de698cc54e0a70d

SHA1
2fd256b97f1811171eee7bf8a6638a5eb22ffb8b

SHA256
4c8f280c246ed29619b1d47b08073c3f6d519a22b47ef1f5fbe18aff14bc2dd4

SHA512
e21a851f1ff66565963b3108a859234b6fdf4c9fe23915aabc33146eb90dc13b69902b5a051fedaacb5088620079c410e48d1202ba8bde09ff17d73424637565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a9fcf1e17749bd0baa2a851fcbe52de2

SHA1
9aff990d5ff26feda9e9eac1d21b55b9c84a96e8

SHA256
6b69c4a2202ba368f44e60d1dfa3d26fb668d819b642c1dac04bc04033c52937

SHA512
136a2e69be320494ceeb9a93ac7bd7d2e96e6185a9311674662d6442f474beed9ec33c409b46835cca5b7b9472862da9b244840991fc24a550dfe737875715de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
70a55f9cc4225408c8ec4419a6c19223

SHA1
bdc2605bc438d1d2607e9cc2e8ee4904a33ae9f3

SHA256
54df5f4cc51c09a5498fdad1d78ccfb64f2d9b5df3d7ca85758ea154320a087d

SHA512
9ce5f6671015edd47ab479f8625cf22b8e17d45cc29af939340cfab6419288f1eb2a2a9ced459cbafc325f680342796ea176dddf95339330c86b74ebc64b802d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
f9d7b1b018ad671089eb52d594a97741

SHA1
e0a30df26e751063139113b1efe7b5479d27eb4d

SHA256
369074ff2fea591be78c64ede8676f8fd6afe4f3f8182e8c76d70eb50d21d19c

SHA512
9dcdeb363c05c742b36c6ea24a7672cb5ce10819aeed3e8d0e6e5207fb1a39069bd484d14a0481dae4214082db4af490a7881046f1a144e124b68282596a9c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d2f0.TMP

Filesize
203B

MD5
bec233fc1e90d52920447d1a54717637

SHA1
df559c31c760b0712753c6485b6a961b24e51fe3

SHA256
ac5b1913e39de325c421760833af429682a98c11ae17ba93722fb3f2bbd015a5

SHA512
81c3247fbf6fed8d0ba076a019f88c78726bfc37bf2d67cbc2d6709f2adf44f897efbba025f29c885be9c7b7ac6fef4d2e57e950e2ade3b0f1c7844cb6a78d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
61099f7334de4e7596fe95bd66a334b6

SHA1
d857dca389e6fbce441e700b70d0ed315205873d

SHA256
3bc5eb226610d061991a8c3675e28bfafb3c05a2a8c938c0581d8c90947a304b

SHA512
9b0256979c67da71e0ac59044bc66c866275a74f424407d22706f67e7bf253a27454102e987c1b946a89dd5038a7f82c409f8a1130f83a1b7c4e843971a92257

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit