hxxps://go[.]crowdstrike[.]com/Email-Subscription[.]html

Analysis

max time kernel
48s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.crowdstrike.com/Email-Subscription.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3316	msedge.exe
3316	msedge.exe
3912	msedge.exe
3912	msedge.exe
2320	identity_helper.exe
2320	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 2604	3912	msedge.exe	84
PID 3912 wrote to memory of 2604	3912	msedge.exe	84
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 4576	3912	msedge.exe	85
PID 3912 wrote to memory of 3316	3912	msedge.exe	86
PID 3912 wrote to memory of 3316	3912	msedge.exe	86
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87
PID 3912 wrote to memory of 3052	3912	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.crowdstrike.com/Email-Subscription.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea4b446f8,0x7ffea4b44708,0x7ffea4b44718
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468965542072778628,15448982931130406905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

C:\Windows\system32\charmap.exe
"C:\Windows\system32\charmap.exe"
1⤵
PID:5344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
93KB

MD5
9622806b74083be0f56403057a15efd1

SHA1
7ebaf6ab733757fa73947b347c01b06739985add

SHA256
44c56195888f29409358a55235cd63f73103357004d1616c09a38c09db38aa60

SHA512
37b208679a1247bf903dbf2726c57fa9dee710725813e7c0c00ac0d493c9a9f5729697d376e391b7d652a70643997ebab56ab70cb25979a977226b69a5a2c235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
76KB

MD5
bb698c781c14ca1e479a9bedae8d45d6

SHA1
49c459c3b58df4311193847e09a455e7546fe7ae

SHA256
c3e95ddb4fd2a4fdd83f0452346867430a09d80f8639312f1670a5ce4d40863d

SHA512
be5ef5cbb2906bad7f7fadfa8fe88d9a653187e916dce24656bb9794877f079e36269d23b73640c21ecf7286db565435d63882ced5136c48af83a2286f939ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
114KB

MD5
16d3d2ca5a08e5a3324af3c254139b54

SHA1
075261eca64de6a872796e992a697845f367bab2

SHA256
37d14f86a5f15cd7aa7b79b1222ab7d83bafb581724c7625f9fdf1d549311ebe

SHA512
120f06d2bd6b1969bc8944c6cc7b4f0722979875a3b0f6ece0a9c3b3d1d99d88282efa71835143f285af5e58a9f2a5143db4aac4d0cd7bc2e5c803fea02e040a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
57KB

MD5
7951997e378ba689ae8fe6679d7c6218

SHA1
def0a90bc5bc21a69258f2998e67a4b607301848

SHA256
d42729c17f21e5d94dfaae882502e5d9f4a9ad6be4425e6a265d2e425f0be5e7

SHA512
ab6955d16319273610a419420ac77caaaada72beef51d0f6efa2baf69cc9bad12dab2a6766147469665891e97b98162c0f5d2a33ae7a4dfeec60995e2694c471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
117KB

MD5
f54ee1e02305da4373bb80226d4f038b

SHA1
1c7c36507253ce95ba16914003aec4d68d29d6a0

SHA256
fc779d3f1b6187cee1c7f5b1959b804fe8072fb821438551679dbf734cf76027

SHA512
d871a8d1062766d1d9d9e9299731b041cf7ee948479b594f126172e4cc149be8678610531798c715a7ed598cd0f75e86f06ca31a0ef1af2ad768806c2245d512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
117KB

MD5
1e56912c6f5127746455858fa7646658

SHA1
dd52e539663de40e6f0f3158182ef14874f56fe4

SHA256
b0865470bddc78f09e8f056d0348188af6f4ccf71f7a25d22b36ab39770e9bdf

SHA512
ba19582b24b2d78c611dd41c363086c803364dd10183f139702d1e23c5099c0ddc81c6528b939c4148a3c82db8f8cd8d700bf30dfc3196a28dd778bed7149043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
1ee7e2243a999e2808ff11711f014e63

SHA1
25a9095516005bd6720ee21f0e86e8fc076c1dc5

SHA256
ea283e10be9a299f06994a249285a92cb958805487abcc225c8b74d6dfa23166

SHA512
95fc4febe075541aded29e9c0aaef4e1630df14a373c384fc4294dc32dff7739388c0d16b2ddea1d0f8e5ec8c1d49924eb8cdde53741024fa134b517141518b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
067ff3f8d63aa4d28d63a924397c61f2

SHA1
ab66a7a672033580121011feeae36b0128918608

SHA256
49dc3eae6cd2fb5d0b8989e290a3086aa6c93f63988ac24ebded4a4a3af73e26

SHA512
98dbd3ba2a06d60ccf5476f749da125fc0bdb83694d4d74b9b5f73f67a1c0a39797b81a1091a7cd4846b46a594b97db3b480c248cd83e2081d00cd1be868586e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e01d0adbde968b01d182d0fa8052520

SHA1
94964b8606b0218bc19ac4cfa5de3167cc309559

SHA256
b04df6af3a85add66e83af9ec7be04f1b71f8e22cea7bdf95a78cfa2f45e40c3

SHA512
e9021de288e65a2a59a52489b36fb74142589813024479181280da358e65fd531fe5c436914f5b4b4dfe44223aaef7e5def58d833513830c1ae54ce59f8af674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0fcfe6b144608eedddf05c4c4f00c163

SHA1
3413f7f239f371be18e303e8ef364d63f02b7669

SHA256
62f9f11145a3128b2dc0ffba181c8461c816ba7c7e6996f3d951f3175655edac

SHA512
603291f257c340c7b68ac0ff92ab6d3123789b7247832d3a4f21473d6ba17cb11284405c68ca729bee035678b1a04f4cd8413128590eed23140ede91cb3781a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2567e8dac04fcfca19b764bfcac9ecd2

SHA1
cd9ba88861540eb62a7918743e0e145b55ed2879

SHA256
c36789b60382e18bb5fd53871e253cfb970f7aea0a20a0039ba314a62ccfd33b

SHA512
1c0ed7a7001b5b256172c68bf69422dcbd8a884a02a398f5593eeb55f0c9a1c18ba5ba55e54b0254e3b15843124c9edae3f5a8dd873e85e7ab0b25584d1dde30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
53419c1203807cad6ccf7318ffb29560

SHA1
4e105499e64612aba82d6177891bc66b2dfc741c

SHA256
147f0ac2bc805d35acb7684b1a50dd765aa0713f3cc579cc7a2d39eb6f0e489a

SHA512
4de019490cdf50cf46f8b7f3a595d235c5c8f1df8b044b6be2d2cafa8f503f24ec815d13fa481c5147eb8886763064428453d5b7752a7281d5ae483f23ba7784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e20.TMP

Filesize
1KB

MD5
81931d85e2df066df63bda577b1b7924

SHA1
011b4dbeac9e781e03e9e56e155b00444432871f

SHA256
6b2aab6c255d28e8ec19672c809bc573a290ef1a7b250b427eada3399d63ee96

SHA512
c63d1f78b97926ae9a2aeae53983db0aed314aa1a43d6db27ec8f8964dbc14a32d1cd58789a896c8163d2c3216a729ecfa8a84943921852de7cdd8065a067066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99fe706e18ebe6c23f22625e2cd86b8c

SHA1
d022b5ee9916185f8ebd7fecbec9bd4239797997

SHA256
a756ee189afd6b38334cca4a160b683fc75f8e6fc7769aacd4bbd55d42ad0d11

SHA512
319b0545450edf9ede0152c86a74e5b843e26908bb8585066a5b53251b2840b7fbbe05de5822415a1e43e87577989ff48573a75f2b4cf9505cae35d03adb452e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit