hxxps://email[.]datafuturology[.]com/e3t/Ctc/RJ+113/d2pZ0604/VX3rxf4VMnbVW7QvTgv2dlJDhW8LzBkh54Hp3XN7FnD1H3qgyTW7Y8-PT6lZ3llW6YwdZj5BkYKkW3KVvtk8Gb8f7N2Rs6Nz4gj9VN8n7K2lQlkS4N3pQD4XkzrQqW8WwW5N9fj6CDW4tR-8y1b_nPVW98pBf62_GX6fW8G-9km7krR-1N8Fr6LkHd311N8qxhKZ6rDcHW7r-2Xz8H6hK8W1cbwVZ9gT-2hW6KDQdp3F7hrKW29DDmD8TtfKYW92KJsZ4KtC9FW8gDvw15YL0vlW51CdlD5SZKpfW6wpMPc6TD03jW18Tvfv31g19rW3g9Rn-4pr1C7W2SCjqb5tH6ynW8BsY136ml1h8W2q9j213y1cdGW3S_ZF77wWw08W8fyw5t54yWvrdk6l1F04

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 04:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://email.datafuturology.com/e3t/Ctc/RJ+113/d2pZ0604/VX3rxf4VMnbVW7QvTgv2dlJDhW8LzBkh54Hp3XN7FnD1H3qgyTW7Y8-PT6lZ3llW6YwdZj5BkYKkW3KVvtk8Gb8f7N2Rs6Nz4gj9VN8n7K2lQlkS4N3pQD4XkzrQqW8WwW5N9fj6CDW4tR-8y1b_nPVW98pBf62_GX6fW8G-9km7krR-1N8Fr6LkHd311N8qxhKZ6rDcHW7r-2Xz8H6hK8W1cbwVZ9gT-2hW6KDQdp3F7hrKW29DDmD8TtfKYW92KJsZ4KtC9FW8gDvw15YL0vlW51CdlD5SZKpfW6wpMPc6TD03jW18Tvfv31g19rW3g9Rn-4pr1C7W2SCjqb5tH6ynW8BsY136ml1h8W2q9j213y1cdGW3S_ZF77wWw08W8fyw5t54yWvrdk6l1F04

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
4256	msedge.exe
4256	msedge.exe
4024	identity_helper.exe
4024	identity_helper.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 3904	1020	msedge.exe	39
PID 1020 wrote to memory of 3904	1020	msedge.exe	39
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 2544	1020	msedge.exe	83
PID 1020 wrote to memory of 4256	1020	msedge.exe	84
PID 1020 wrote to memory of 4256	1020	msedge.exe	84
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85
PID 1020 wrote to memory of 4312	1020	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://email.datafuturology.com/e3t/Ctc/RJ+113/d2pZ0604/VX3rxf4VMnbVW7QvTgv2dlJDhW8LzBkh54Hp3XN7FnD1H3qgyTW7Y8-PT6lZ3llW6YwdZj5BkYKkW3KVvtk8Gb8f7N2Rs6Nz4gj9VN8n7K2lQlkS4N3pQD4XkzrQqW8WwW5N9fj6CDW4tR-8y1b_nPVW98pBf62_GX6fW8G-9km7krR-1N8Fr6LkHd311N8qxhKZ6rDcHW7r-2Xz8H6hK8W1cbwVZ9gT-2hW6KDQdp3F7hrKW29DDmD8TtfKYW92KJsZ4KtC9FW8gDvw15YL0vlW51CdlD5SZKpfW6wpMPc6TD03jW18Tvfv31g19rW3g9Rn-4pr1C7W2SCjqb5tH6ynW8BsY136ml1h8W2q9j213y1cdGW3S_ZF77wWw08W8fyw5t54yWvrdk6l1F04
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86f8346f8,0x7ff86f834708,0x7ff86f834718
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,6214240691974083134,16726959291369568686,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
df1b01bf059cabf55b15f6c0dde23227

SHA1
94f64593287df5af7502309f94c9859a1170aae9

SHA256
5a004bef3e644234861b9db86cbc943c668bb1b13360690766cf15f9fcc42a85

SHA512
e9f61d48b30b5b081578e9f866f1450f3c44fd42e111960be36b3dfa99fdad035d6b6572252b2e605d287a9f199fed55733c6482ea306617eedbb4e9e0a9a9b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
85902624de66ac984a8c700f7724bf7a

SHA1
2b15bb69d2c795d2da16102e8822a8cf4b30df33

SHA256
cf02077bbf587212764f9f45530a19096bfaf2570307a577770729f67f0ae06b

SHA512
899e4f7deedea56fccc5165beb7c692d7fec1873c7457d5a45f82031a50c9ded44ae5deb7df466277ec9ed730da3d05a1e8d27c26012e67dc803369a6386341e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3991956e84bea820ee5b10ffdd33020

SHA1
ba0794a0fd0783d37950a6316bd428a1ce8a3e3f

SHA256
ae8a059da1faeecf1bac6dda9a2ed5208674e8f4d9e316b119170411da4cda8a

SHA512
3b125c463714bf14af9bf3c7a840dcc2c52f778d27ebe40e38c6cbe3e03755e6684ef0040698a14269444444a7af8988f85c739c9e593281bb33e468b9d60fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
baf505c135d60c532399a6fe2b224847

SHA1
f803d50f2f60d829bb8ec3c969fa935fb24502df

SHA256
f21fae32b85ce6c1141f04b1cf8514a52c923fc38fcc413340c7b7bbb7a9e8af

SHA512
b5f4c72841357c3211e09a3f04918316736726618c231c5e378497cd476a9d2ea25d6b6c2a6e4c88f190ef285eaa26e885b9b12dd5eab4e9db535552dfbaa031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f39f2189ceff4c77d1b9a30200485065

SHA1
7445a47ca40571f71cf1745215c4878667d74efd

SHA256
3557ef0cbbd5c325c5117d4ac0147cd53f9a368d65c22c2efd2a02840753636c

SHA512
38eef3ffed422838849fee6d903476f0ad88114bc74082414e3475d6a0aed2bd14870129393a5ed9bbdfb93013e98a8fca9a128c1b421341d67048df480179c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d555d038867542dfb2fb0575a0d3174e

SHA1
1a5868d6df0b5de26cf3fc7310b628ce0a3726f0

SHA256
044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e

SHA512
d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8ff6226e04634aa1870e1dd00a6bc919

SHA1
7a5791f665c915df90585c30a8fc5b6bc56d06fb

SHA256
402812e7563372c03da07a37e478acf9770283077bfd5eb489e4899c13102f9a

SHA512
b0b7b2c6569f3144a6d2d478309feb6c6191b97030866726d20e294215dec1433467451d6a343dda9f3349ca92876eac75721f4e6c10acc753e2020fae2e8eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581c5d.TMP

Filesize
874B

MD5
96271b0547ae3fed4dc4aceab01702d3

SHA1
87a4c5df73deca71486ffec8e2b14e7eeb4733f6

SHA256
3c2a492c647f27c2ab09c7bff4dd7b6613fb8fe5b9696618f353a338cc7e5a4a

SHA512
d7bdde10fc879342fb751975470f4ba6f307066e96548aad9c6e8bf6e5a4bea348bea75a631147cc992ccac24720a6a2d0dc40abe8b7df1b5376ef9a4cd921c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9cdb5472dabb2f1a25d0b14d2bcc18af

SHA1
9a1e50b754252f00b806cfe9d3a1771d9a4000e0

SHA256
93bd39c1cd2c9dff217d2634eb17216d673ac9b5fe7ec2c5482a207527fdf545

SHA512
484dad86f892b6d64380be44996d026831960f5e0261467a897d57dbab62454a088501fcd670048bf62caf6c7dede35bd6666375f93a1e18131f8e124c3f3f31

Download Submit