hxxps://app[.]hubspot[.]com/api/notification-station/general/v1/notifications/cta/07dda2ca-f7ec-4c11-bf25-26bad1f70761?notificationPortalId=45850585&deliveryMethod=EMAIL

Analysis

max time kernel
51s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.hubspot.com/api/notification-station/general/v1/notifications/cta/07dda2ca-f7ec-4c11-bf25-26bad1f70761?notificationPortalId=45850585&deliveryMethod=EMAIL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
1496	msedge.exe
1496	msedge.exe
2608	identity_helper.exe
2608	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 2948	1496	msedge.exe	82
PID 1496 wrote to memory of 2948	1496	msedge.exe	82
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 436	1496	msedge.exe	83
PID 1496 wrote to memory of 3572	1496	msedge.exe	84
PID 1496 wrote to memory of 3572	1496	msedge.exe	84
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85
PID 1496 wrote to memory of 4532	1496	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.hubspot.com/api/notification-station/general/v1/notifications/cta/07dda2ca-f7ec-4c11-bf25-26bad1f70761?notificationPortalId=45850585&deliveryMethod=EMAIL
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc103f46f8,0x7ffc103f4708,0x7ffc103f4718
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5115672585992711442,14982024516720209901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
7cdf92b5b2302835130254c45d9b0e75

SHA1
f7a79453508e867e78121de81584a920b100b4dd

SHA256
3e285b1b4fde229166ef599c538fe2ee4c31a386fa819b6a9cd583d5a1528aaf

SHA512
9f16144369fea9860e53e1b7a7e4c05e243c8e32eaee0d09078f448d55791daba7aebc16b50eaf84f9ef8a208f1f6b43db0cb3243df4909e648c4aaf4873f11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7e07f7f5c7d03ce5c961bc54016c0612

SHA1
44612b62bf488e65a420401a501af3c487068edc

SHA256
0e9720ecbb800cbb05d2400b10c65626f48a59f0c1425d77b49cd0c5574b3f2f

SHA512
e816eafd1a71be7861a50d97af33b956eaff3f024ba3477e76b0e3ca5cea570cf98383751501fe8541534d6f56bae5f38e64c2d6bf621a2363e8d984d4ed0047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c19a22b25072855b0b651126fbfe3dce

SHA1
bc8b4cd6e164d4d451c84c1678d5beb003330e53

SHA256
ae5b9afc352db71001a5befed35abdd44ac50df6a777bd42ebde0caa90ca07ed

SHA512
6a14f4fb647216d8a1215cca02d33c808d9d65745b21a4e144e734bc36146dfe72b4ac7739491ad04d3a4327ee886a4381cd764b4f743d303cccd0e3ad63dd90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
70f337da14398f8e80ea668ba7ca0e4b

SHA1
8456f09cfe7ea34b777acfce93dcf9460ce5390c

SHA256
c015ed03cd4f223b7d0dc1868f2b70b0bc33bb732b748243b5fb18523e4e6b75

SHA512
d651263585a8f0492c955e534a3eaa24491f54d66a3532d6e848e0c3ed53bb0e94c8cbbaea8525271125232ef884aa15276e6be02d2b0746d795c878b4d800e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c7d6657520a7ca7c09a0dcae45992b0f

SHA1
687c0897d8b97ccacc4fd6b50f13e1fdfe1d3387

SHA256
e077c5137f77953d7a43ff9b436affb5ff84b26d60d8035ff3c063ac73581e77

SHA512
bca203b4c0f808d9dc886b048998b234ebb420c124badab95b07b184cdbb3d08ab328fb76bbd0146857190a39204bd1e9d815e69d586d7c40fe610199d770508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0fba109e125f9022a33941ae042a0790

SHA1
19541c4f4506af0ee3a82401d158d43a5202985a

SHA256
08531c29a67a5cdc57149b11f662707e70ff261a41d5917c8d49da13d65828b0

SHA512
9a23f2d21f5b0adf22685d62ec5dfe9fe01a5f1779b082d8e593795fcac599b1d016bd40aed0e14b2ba21f6705016a32c9f2612efd8e567767efd281396cb047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3219df059d77b0d3b0734309aa1485e2

SHA1
bc74c55c23cdefcb9d7415e27a4f04142a19d321

SHA256
aea420e61bc4a82671b43b3d81bfa349cbb7893985cd8724ac261406ca5d128d

SHA512
ba2f9be3edb5463f170ce2b53740e05c24103c0d34245bf55f72b75323a4eb0cb46baed04ac7471e844e8634f46f6da3166ad8bbe6d0564d5f63e510fd1f08d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e4f58bca0345a9c22284f2a821e155c5

SHA1
d0b35429c20ff3ded414fd26331e1ff3cb9e23b0

SHA256
8fcb6a8122e1b244edd11903adb72dcfbb35a8c5ffa13118c2bad55708a66852

SHA512
e8fa127c47de0e3a5d7b76c47bfb3edbfc874ddaf17e6ed5fac84ffcd3a076071f046c0e021aad291b6c10e057a544e996e89b940123c99ab22f9a52ce2128d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e9f2.TMP

Filesize
1KB

MD5
d910d1e74177c45c8c01533316b60f89

SHA1
c0b716a3e8dc7e59f4dfb3d438445c805222e27d

SHA256
231a3c837c49185073effed696ee23321d6e6144f9758dd79af405bd4e24fdf0

SHA512
5b8a36782b3bdb091847622eb2c67ce88e8a44ebb9d870d9ad42609af8910b1b924bd2e261623b08d7dd1224694c2f9c844398bdff1c8903e55cbe64f4161305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a8c3e4c449aadadaf9e559b20f27ac4b

SHA1
c3942ceca8b85518ba5dc2c635196bda8295405c

SHA256
46d026e22c8db8327d5370cab59bfcd666847540990ef9ebdf79bee0df4e0afe

SHA512
d93758edcd7f81b37d5cd5b69092e44cda1aeebb4d363ccb7b579bdfb079c38f182931a88a8411a499ce9501d968d6cecdcf56eccaaab62241dafc7e69e5e9f5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit