hxxps://plz[.]life/S3CHVQ

Analysis

max time kernel
166s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2023 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://plz.life/S3CHVQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
2724	msedge.exe
2724	msedge.exe
2356	identity_helper.exe
2356	identity_helper.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 3576	2724	msedge.exe	87
PID 2724 wrote to memory of 3576	2724	msedge.exe	87
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 100	2724	msedge.exe	88
PID 2724 wrote to memory of 3976	2724	msedge.exe	89
PID 2724 wrote to memory of 3976	2724	msedge.exe	89
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90
PID 2724 wrote to memory of 3120	2724	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://plz.life/S3CHVQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97acb46f8,0x7ff97acb4708,0x7ff97acb4718
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,7959591151995844429,15464275178576874986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5164 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d8f4eadb68a3e3d1bf2fa3006af5510

SHA1
d5d8239ec8a3bf5dadf52360350251d90d9e0142

SHA256
85a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c

SHA512
554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b2ecb0feefd64f30148ed62ff087bd4b

SHA1
ca49c978496b8d990a60a72c051f5c5054f67dc4

SHA256
b4af14d2872954b6b564bea4c3686e5edf9343e22bf0dd9fb76ecd49646b4a75

SHA512
b453a2ba045586a9529d2e050e029f7988ed3eb952a6f5081d55627da9214b4449d7d4a15a2e04b216e1a915a35936d9457de2d50c6389abed82aef6739f448e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1af3ab5c688482d069dc688f4ee0e37a

SHA1
dcddc82b1a62d48bf2be571391bdb602daed8d4a

SHA256
34e5c4a7e4975f08a96e1a8208afd18749a1c79e0c88bbfdcccb7f790dfc3be4

SHA512
410c8e61782c31527cbc2cd6ab420858458528d8a20d69ea479a8c5e5dc273ef8b464876c4d25f31b598279d83aefb62a3e68cff139a7f627d97f7db207d44bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a3130ce3601ef7d3c1336eb19327c5ae

SHA1
b27c79d35bd812132807367bc0aa8f593d5fea40

SHA256
03fca0a5d08d0f445388ec525d9dc02581883bb871ca768693a1be59a5ef3b65

SHA512
5c0496e5da7ae7a84bd8d49b26e63781e872665e6c1268632799c2013e0e3adec6ceeba9d4d00bba00b7b9e8a44a1dd864dca134ff207b15024aa42056ed675a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c24f0f7432243f7a0d8f371c91f6fb2

SHA1
09186e5b73d1474d90fc0253bfcd60b833caa900

SHA256
a5c519c909804376a5ac9155331df15236b86b4814bdc5313a004514fa212579

SHA512
a2a47d8327cf23bb02d5cabdead648aab333561bcfa846c069a3a787b126d50305e2fc67fd4a7c68f3185134b9addc24e124c09626a3342e73bc487d3a2f15e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65fb999b72b2f80f04c9edab4eddc80d

SHA1
0ad225f4842dbe5c579c638b590eb3f4fd6c3ae7

SHA256
c61b7eb2f73b8df37fe54fbc1b0109766030a346c5f9bc9f67c2b364ee17d5df

SHA512
ee523bb4faab2710a370c9acfd8d18eb1b027f180c58c0b69a603485a58bd4b559dd948823d3f00690dddaa935c0828f5f79fd1fb6b0caf6cb49771b0af1467a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c7a434a4a5f316c695637d58c3e95a82

SHA1
7acec93536a12d210fba8d6d51cf3917ea800651

SHA256
b72deb42337416776c4aa51c33f40fd2112ad5360febc752f55a94eb69f0a26a

SHA512
ac9599ca8a2c54edd03bb3a5bf7e3daafa3460b07f43eeb6c0a7c927ee21cd1999aafc73ae41454e5d9b5d8073657c2d0e40ba226bc8ba38219dc5144d3ab7d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdcf9820c87b391cf39a78c9b2deb9fa

SHA1
d5c3e34d6a23a26524a7f7167f119a52ae0fd801

SHA256
ca489dedda57c22efbeba13f93ec5c1dcc341da553d425d19b93fd6aa03042bf

SHA512
76885079e775a68ddd4d736886bac0f21894263c3881a272cfda552579d20525fd67a964a2eff600781b2701bee2384157ccff4a044a39cfac8bff5d98aba5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d985875547ce8936a14b00d1e571365f

SHA1
040d8e5bd318357941fca03b49f66a1470824cb3

SHA256
8455a012296a7f4b10ade39e1300cda1b04fd0fc1832ffc043e66f48c6aecfbf

SHA512
ca31d3d6c44d52a1f817731da2e7ac98402cd19eeb4b48906950a2f22f961c8b1f665c3eaa62bf73cd44eb94ea377f7e2ceff9ef682a543771344dab9dbf5a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
676f01240e3dbd5b7fac397964e45dcb

SHA1
78951c1f35422b87176239b281adc4ef1b57c043

SHA256
6b170235833197a232800fde457586dfd0a2d6b592ebbc81a8bfdd59b6cfc426

SHA512
90df40b4cfc211e4bec5549d347427dbfe22919425d2125892bed64e5d973c6e949c4a8d78d7bb1d5f7ae186cbdd1b29bf04d3d862924afa9890b1ae6b98d1d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4abaeb2aa2cb043a36e539ebb272d0d1

SHA1
d751e84fc997f201ee1857534a80fd27bb492e82

SHA256
a034358ea32a7adaa180c592cac3f1db2bd07c9ed2b59f58543bab8f29964e2e

SHA512
f8085ed47e0b1ecac31c95eed6256d5e5170d5d553e62376c241cc74a8b626d4c82387248900a46b044eff49d976bfeac953f5da4f220f80fbcf1d7922444c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59905f.TMP

Filesize
1KB

MD5
00a168671a0e619662862cb60ba2adf5

SHA1
2d298ff53d54cdd10f0ec6c61e50f73dfda30e69

SHA256
9b48191a079427b2784e5dde05e03050954d0aac8b742dd5da58981ff7683465

SHA512
44cfa82d10de309d1a9f760efe237646af041886e19f566a8a95022565dd0d02c575bf9f609e7370c851b8e0ca1dbfc1d926143b09980c285695649647f71fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cce3c78f3372a98a6d19178cfbc29726

SHA1
4f736579dc275086cf19f3c7aba26091ff5b9197

SHA256
6a22a4fe6d25336c6414e2ca9061362e7622099b813b076cb3325f25d11e2ce4

SHA512
84b2b674ddc1b9fa6ecf8dc43d4a751486324c619cab9dc5cfecd4d397b696175ff2c27eb27d4f2972f2bdefc01824ef2569c0a1af55011aafecce90800fc1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
b04f9831ead3064b7f63d0edc40cb8b2

SHA1
4246dd3f59c9e0a4bf6bdeedd84839726fd0c330

SHA256
e574c1436e6a2f2eed90aa10aabc7db917a24465bb60edc5c9cbce1ed4a9fa28

SHA512
29718bf3d451b6a64e80a896fa1ae88c550c8906edd785cca2e22d5aea755b3b760a867922de90dd33360fe864220b00c1dac3c70f6ea609e9219b88789696dd

Download Submit