hxxps://hs-25970776[.]s[.]hubspotemail-eu1[.]net/hs/preferences-center/en/direct?data=W2nVjwf3Y2w_1W30tDPW3ZMXsyW45mkPN36hRLmW2zvMGW3y-pQYW38x2RL3_SHMxW2WxjNW38h8DvW4chQrr36hQ2FW3M4sfk4ftynGW2MGgmY1LfgCgW4kvq3m4cwX2TW3_MlFb43xjr3W2KTMKr3ZD1pdW1Qs5gx254Z9hW4kqgF-2s_CjQW45B0MF2p3RBZW32m-rm30KvRPW49PB0J2HYlcJW1NxVt41YX1r3W2FzwrT2xL42WW1ZpdPZ3Y3nlpW41V-b52sK8FsW3_GJnb1BlH_xW3jl_fh1XnZmbW1BlHDX2Mp96ZW3BVz-P4kJHmMW2Ww2-Q3H7MC4W3QMyLH3bhkXNW45nvX43h-BL-W47L45W47CQzGW3jl5MZ4r48ZlW1_5H0C1V2r4DW3gnPy32qDqcMW4kGY-r3ZHmydW32Bc8J2CwlV9W49M9g41NcprXW2573MC2CPscbW4crHJq4kskgkW3ZvNd22PwGHwW45SxQS2MyZ6dW1_skpX2YG-47W34h-n21Qg63rW3j6nVh2vZJfpW2zsjFw3Cc43qW4kM7bC43VpxYW2xBwFc4hmwYlW1Z5Md63f_wlQf365Sqf04&utm_source=hs_email&utm_medium=email&utm_content=90823064&_hsenc=p2ANqtz-8ja_LjPUKB1chpU24wRnkexr0bGQaYKwvCFun49MjAVoUmixe7Jznkt86CP6z3IKXBr0JaDulcB8XMXLD03wk4SFcY6A&_hsmi=90823064

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hs-25970776.s.hubspotemail-eu1.net/hs/preferences-center/en/direct?data=W2nVjwf3Y2w_1W30tDPW3ZMXsyW45mkPN36hRLmW2zvMGW3y-pQYW38x2RL3_SHMxW2WxjNW38h8DvW4chQrr36hQ2FW3M4sfk4ftynGW2MGgmY1LfgCgW4kvq3m4cwX2TW3_MlFb43xjr3W2KTMKr3ZD1pdW1Qs5gx254Z9hW4kqgF-2s_CjQW45B0MF2p3RBZW32m-rm30KvRPW49PB0J2HYlcJW1NxVt41YX1r3W2FzwrT2xL42WW1ZpdPZ3Y3nlpW41V-b52sK8FsW3_GJnb1BlH_xW3jl_fh1XnZmbW1BlHDX2Mp96ZW3BVz-P4kJHmMW2Ww2-Q3H7MC4W3QMyLH3bhkXNW45nvX43h-BL-W47L45W47CQzGW3jl5MZ4r48ZlW1_5H0C1V2r4DW3gnPy32qDqcMW4kGY-r3ZHmydW32Bc8J2CwlV9W49M9g41NcprXW2573MC2CPscbW4crHJq4kskgkW3ZvNd22PwGHwW45SxQS2MyZ6dW1_skpX2YG-47W34h-n21Qg63rW3j6nVh2vZJfpW2zsjFw3Cc43qW4kM7bC43VpxYW2xBwFc4hmwYlW1Z5Md63f_wlQf365Sqf04&utm_source=hs_email&utm_medium=email&utm_content=90823064&_hsenc=p2ANqtz-8ja_LjPUKB1chpU24wRnkexr0bGQaYKwvCFun49MjAVoUmixe7Jznkt86CP6z3IKXBr0JaDulcB8XMXLD03wk4SFcY6A&_hsmi=90823064

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
1616	msedge.exe
1616	msedge.exe
4576	identity_helper.exe
4576	identity_helper.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 1756	1616	msedge.exe	85
PID 1616 wrote to memory of 1756	1616	msedge.exe	85
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 1152	1616	msedge.exe	87
PID 1616 wrote to memory of 4052	1616	msedge.exe	88
PID 1616 wrote to memory of 4052	1616	msedge.exe	88
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89
PID 1616 wrote to memory of 1876	1616	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hs-25970776.s.hubspotemail-eu1.net/hs/preferences-center/en/direct?data=W2nVjwf3Y2w_1W30tDPW3ZMXsyW45mkPN36hRLmW2zvMGW3y-pQYW38x2RL3_SHMxW2WxjNW38h8DvW4chQrr36hQ2FW3M4sfk4ftynGW2MGgmY1LfgCgW4kvq3m4cwX2TW3_MlFb43xjr3W2KTMKr3ZD1pdW1Qs5gx254Z9hW4kqgF-2s_CjQW45B0MF2p3RBZW32m-rm30KvRPW49PB0J2HYlcJW1NxVt41YX1r3W2FzwrT2xL42WW1ZpdPZ3Y3nlpW41V-b52sK8FsW3_GJnb1BlH_xW3jl_fh1XnZmbW1BlHDX2Mp96ZW3BVz-P4kJHmMW2Ww2-Q3H7MC4W3QMyLH3bhkXNW45nvX43h-BL-W47L45W47CQzGW3jl5MZ4r48ZlW1_5H0C1V2r4DW3gnPy32qDqcMW4kGY-r3ZHmydW32Bc8J2CwlV9W49M9g41NcprXW2573MC2CPscbW4crHJq4kskgkW3ZvNd22PwGHwW45SxQS2MyZ6dW1_skpX2YG-47W34h-n21Qg63rW3j6nVh2vZJfpW2zsjFw3Cc43qW4kM7bC43VpxYW2xBwFc4hmwYlW1Z5Md63f_wlQf365Sqf04&utm_source=hs_email&utm_medium=email&utm_content=90823064&_hsenc=p2ANqtz-8ja_LjPUKB1chpU24wRnkexr0bGQaYKwvCFun49MjAVoUmixe7Jznkt86CP6z3IKXBr0JaDulcB8XMXLD03wk4SFcY6A&_hsmi=90823064
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7fe246f8,0x7ffb7fe24708,0x7ffb7fe24718
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7028306894816475531,16265229528715201753,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
11a101d57b6fd5b8c20d9314d96d1c5b

SHA1
bdcbcb3280411f0016a1ac299079cef059af816f

SHA256
6c79da13e86469ba7ded3eac9793907d07ba51066b91c4ce48953036c80ad29d

SHA512
f031651e541121a125c7cf4cbd40d1f9d87b6d2a998b5b1ecbc30c7631a39bd05d24432ac4b364e116802e6b91aab12ecaa5e95f75e7534c26c8c6a21e75d5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1010B

MD5
5e348f57eb06d1d4a6dbd447f627a398

SHA1
f5bcc41b306b5dce703cadb10881b4045a396080

SHA256
4a2078ea27beb26895db316ec407002c990fce266c9f8bcd59ffe973d1b360db

SHA512
c85736a214a2f65bdb0e90791de0cb657eb269286077cbfec9547b5975c75329efd8de550d7233c8153a626cf4f443c52fe72cd2c44c8fe882ec46cc0440102c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc0d2863cd154b7aa2eabd9190ffb739

SHA1
7a2a677b3d8f1193a742f62c46a97feb78340d4f

SHA256
59348864261e845985f0879d4b4788c606026c3b44cc6e0576eb20ed206a9796

SHA512
00a2d51713e7250283b62aa9ff7979a784696903735001f84adfede87017c35e85c495193e0e10d373d6fcbf98411563aa35a81b13ff924c09909e789d715b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ece7f7fe60696bade969103a5ce049d9

SHA1
afea00d316f405a9cc9ceebece554948d47c2215

SHA256
824f01b9143bb98988675dff6db79e38bd04f693ab254a961e4b9e6bfd170ac9

SHA512
cf77ad01e01df5b373ff53a90f1d8cb2f3e1d770d44b472df0babc35624c1fdf0415bb5cc943798dcd3e687b07162049cdc013f27a02c34f35ca87aacabcace4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9c8b2ad5d9a7ded03149e906d8a3cdd

SHA1
fcc01e7c4ea12ee81c3cdcaa947c62cdf09999c2

SHA256
ca67752c461283323480df77f8a5b9d8d08bae7178d47740c2665695d1b89f47

SHA512
8c72459134a3812b7323cd2f3aeb4963c17cade601206dffb1e79fa70e742cb3498daa1d03ea7fd2c66f783b34594be31ba1c6e2b266f05d4e64887a4462ab35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d03348f806c681d427935d30632cb25

SHA1
8b102b719f8ce451f5c22a802adc7e0f9f02cffc

SHA256
a7f4c91c4c95a7dd5f0f716ae56ada0c5bafe15c669386306341ec57044d0ddb

SHA512
867a94cef4860232b02ed59195aad266c473aa7ec134c22cece9d4a8b9921086afc21aaa7b3a03ad083960fe4f9f13fd7efabafe23fb31a4136ed2861bbc6826

Download Submit