Analysis
-
max time kernel
202s -
max time network
206s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
07-06-2024 03:07
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://public-usa.mkt.dynamics.com/api/orgs/c5cf4af0-2912-ef11-9f85-000d3a5cc61a/r/DAMPaRkgnEW3xlBVN12YIwEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Ffra1.digitaloceanspaces.com%252Fmovablepaymentport%252Fonedocxdrive1.html%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=XohRHFC7Wzz1A49nYTGMPL2%2FO3hZtV5GRnRXcQ%2FNSFk%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee
Resource
win10v2004-20240508-en
General
-
Target
https://public-usa.mkt.dynamics.com/api/orgs/c5cf4af0-2912-ef11-9f85-000d3a5cc61a/r/DAMPaRkgnEW3xlBVN12YIwEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Ffra1.digitaloceanspaces.com%252Fmovablepaymentport%252Fonedocxdrive1.html%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=XohRHFC7Wzz1A49nYTGMPL2%2FO3hZtV5GRnRXcQ%2FNSFk%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4504 msedge.exe 4504 msedge.exe 5064 msedge.exe 5064 msedge.exe 4420 identity_helper.exe 4420 identity_helper.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 5064 wrote to memory of 5036 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 5036 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3540 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 4504 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 4504 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe PID 5064 wrote to memory of 3224 5064 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://public-usa.mkt.dynamics.com/api/orgs/c5cf4af0-2912-ef11-9f85-000d3a5cc61a/r/DAMPaRkgnEW3xlBVN12YIwEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Ffra1.digitaloceanspaces.com%252Fmovablepaymentport%252Fonedocxdrive1.html%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=XohRHFC7Wzz1A49nYTGMPL2%2FO3hZtV5GRnRXcQ%2FNSFk%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba6a246f8,0x7ffba6a24708,0x7ffba6a247182⤵PID:5036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:3540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4504 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:3224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:5056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:4472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:864
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:82⤵PID:3188
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4420 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:4492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:4804
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:2160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2016
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4580
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
240B
MD5bc4b409b42ca91fe2fb06846db6cfaa1
SHA1edb988761f470bc599ad850253943c9f58689475
SHA25618337daa27f80665f37e4d6f60376aaebe1969e1cd3505b1aa864831cf805e0f
SHA51247e18f8f5286f79cb6486a5ae2c203ad3db303363c2a5c93dd5ee712bef73a4f9e5d40af27482afc5ef17e904670c82bd8047494cba8aff930c7e2925c2808ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD54e699e3d326941fd85315893abbd9d86
SHA19957826c86315a2ca2d85037a6408d7bb6d0efcf
SHA256da17013bc14f851d91de726de3322f9ca291d07e8879ea926728c4992db00a98
SHA512bbd8e2071d3d9a01807348ce85a7f5a9981399f5f646c11a1b8d52024ff61cfe03a8b2b95beca8f3a0536c8d304e8d2d6ba253c65dc083aa020e0e08f0b3cbaa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD528a699aaba8026bb3b95973933544a2c
SHA12f3b6d1f892d1c199304da98c7376a4f3a41ae62
SHA2568a9dc7c4b5aaf1c34302ee0b68a22197fe349cc6b195b94f6b2e843e3fd692d9
SHA512d062c8deecabb84870480d9fc12e89aea9a47dfb2ec7d8fe2f930760f4a6c25e8fbdb31a14ed614d968a950c977d24f3a855bc8fc806b51a33c94f02e9eacc79
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD54fd9397fb56f5d6c24c5d0c547327766
SHA1483119ef081db5499c8ef5059d3b542da8057e39
SHA256c121144d747d01c8b5baf0ae7a9b6c93daf955cd053ba6c615dd40b981ce5f29
SHA512a5eb56de8ec13ad87761bd62df368f5fc912e1d76f0927a6edccaf4eb53e1ce2ef419d42e8f363eb2fc1b0e8d98199f49e205f8a27fa7a172996edbed28de65f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5b382cffecc9b06ee5954602e5a1dc9b8
SHA194eba618fafe4d16ac0574979d7cb7d373f8a022
SHA2565468af20b262cc52cfb4c77697125c1cc52883440bcca754079e9a1ff80c8b42
SHA51273106f59b19b3a3606b42e7e75ee4b3bd0357cc6c6032e5cffab75819a0a6cd0b31f33df8d3346a1bb3b797861edc1739758b379e1abdfa58c644967d7db7bcd
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_5064_AUXTYBLQZLCAGMKOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e