hxxps://public-usa[.]mkt[.]dynamics[.]com/api/orgs/c5cf4af0-2912-ef11-9f85-000d3a5cc61a/r/DAMPaRkgnEW3xlBVN12YIwEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Ffra1[.]digitaloceanspaces[.]com%252Fmovablepaymentport%252Fonedocxdrive1[.]html%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=XohRHFC7Wzz1A49nYTGMPL2%2FO3hZtV5GRnRXcQ%2FNSFk%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee

Analysis

max time kernel
202s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://public-usa.mkt.dynamics.com/api/orgs/c5cf4af0-2912-ef11-9f85-000d3a5cc61a/r/DAMPaRkgnEW3xlBVN12YIwEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Ffra1.digitaloceanspaces.com%252Fmovablepaymentport%252Fonedocxdrive1.html%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=XohRHFC7Wzz1A49nYTGMPL2%2FO3hZtV5GRnRXcQ%2FNSFk%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4504	msedge.exe
4504	msedge.exe
5064	msedge.exe
5064	msedge.exe
4420	identity_helper.exe
4420	identity_helper.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

5064 msedge.exe
5064 msedge.exe
5064 msedge.exe
5064 msedge.exe
5064 msedge.exe
5064 msedge.exe
5064 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5064 wrote to memory of 5036	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 5036	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3540	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 4504	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 4504	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe
PID 5064 wrote to memory of 3224	5064	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://public-usa.mkt.dynamics.com/api/orgs/c5cf4af0-2912-ef11-9f85-000d3a5cc61a/r/DAMPaRkgnEW3xlBVN12YIwEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Ffra1.digitaloceanspaces.com%252Fmovablepaymentport%252Fonedocxdrive1.html%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=XohRHFC7Wzz1A49nYTGMPL2%2FO3hZtV5GRnRXcQ%2FNSFk%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba6a246f8,0x7ffba6a24708,0x7ffba6a24718
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
2⤵
PID:3224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
2⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
2⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6164305758347384580,1866330555797642218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
bc4b409b42ca91fe2fb06846db6cfaa1

SHA1
edb988761f470bc599ad850253943c9f58689475

SHA256
18337daa27f80665f37e4d6f60376aaebe1969e1cd3505b1aa864831cf805e0f

SHA512
47e18f8f5286f79cb6486a5ae2c203ad3db303363c2a5c93dd5ee712bef73a4f9e5d40af27482afc5ef17e904670c82bd8047494cba8aff930c7e2925c2808ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
4e699e3d326941fd85315893abbd9d86

SHA1
9957826c86315a2ca2d85037a6408d7bb6d0efcf

SHA256
da17013bc14f851d91de726de3322f9ca291d07e8879ea926728c4992db00a98

SHA512
bbd8e2071d3d9a01807348ce85a7f5a9981399f5f646c11a1b8d52024ff61cfe03a8b2b95beca8f3a0536c8d304e8d2d6ba253c65dc083aa020e0e08f0b3cbaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
28a699aaba8026bb3b95973933544a2c

SHA1
2f3b6d1f892d1c199304da98c7376a4f3a41ae62

SHA256
8a9dc7c4b5aaf1c34302ee0b68a22197fe349cc6b195b94f6b2e843e3fd692d9

SHA512
d062c8deecabb84870480d9fc12e89aea9a47dfb2ec7d8fe2f930760f4a6c25e8fbdb31a14ed614d968a950c977d24f3a855bc8fc806b51a33c94f02e9eacc79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4fd9397fb56f5d6c24c5d0c547327766

SHA1
483119ef081db5499c8ef5059d3b542da8057e39

SHA256
c121144d747d01c8b5baf0ae7a9b6c93daf955cd053ba6c615dd40b981ce5f29

SHA512
a5eb56de8ec13ad87761bd62df368f5fc912e1d76f0927a6edccaf4eb53e1ce2ef419d42e8f363eb2fc1b0e8d98199f49e205f8a27fa7a172996edbed28de65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b382cffecc9b06ee5954602e5a1dc9b8

SHA1
94eba618fafe4d16ac0574979d7cb7d373f8a022

SHA256
5468af20b262cc52cfb4c77697125c1cc52883440bcca754079e9a1ff80c8b42

SHA512
73106f59b19b3a3606b42e7e75ee4b3bd0357cc6c6032e5cffab75819a0a6cd0b31f33df8d3346a1bb3b797861edc1739758b379e1abdfa58c644967d7db7bcd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_5064_AUXTYBLQZLCAGMKO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit