hxxp://vidplay[.]online

Analysis

max time kernel
262s
max time network
287s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vidplay.online

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
4408	msedge.exe
4408	msedge.exe
4516	identity_helper.exe
4516	identity_helper.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 4996	4408	msedge.exe	85
PID 4408 wrote to memory of 4996	4408	msedge.exe	85
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 4744	4408	msedge.exe	87
PID 4408 wrote to memory of 2108	4408	msedge.exe	86
PID 4408 wrote to memory of 2108	4408	msedge.exe	86
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88
PID 4408 wrote to memory of 1252	4408	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vidplay.online
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bce446f8,0x7ff9bce44708,0x7ff9bce44718
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9864048567154934790,15308301985859183071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5428 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
abc992c6cc263082ab3a96778ed0b710

SHA1
1b5932712e2b25ecef915e3642d0e91304a24835

SHA256
f2f436077e55e2a7391cc23279ebabfa425bae5a864bd8032cf476890668dfe0

SHA512
1a57396700a7a839dd1a15852ee25a79a9b03b4f29f298c6c459336b69586e82fa521fea9950c12a8f5c127d7fd819ab04a0052eef594bc2439c261221b08d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
6d96a4c61eb2cd349a6c5870d654717d

SHA1
2bd52748501db04fa880e9bd5dd9fa58fcd78724

SHA256
8ae930b64ddeef0d1c17bad3960e9fa0c5026ad59628249ddc029fd4c768135f

SHA512
71f06bf3e295c80e8d8c245440a200c6cd8fc6d316cd36e737a032ea5e76371bd24cd6ea390dff8ad544ce028f5cf1aeecd2a6745e500f26c2d0db4130280772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5cd8df2b-66e1-47ae-9af0-1dfca76f8fa2.tmp

Filesize
10KB

MD5
66af3c271e9c39ddbb156a8d569c0112

SHA1
74d60cb5a28b9655dba80140ac0963a2115363c9

SHA256
8b2d57128f4468d1c78e37347b37e5d9fbc2e5dd9588ed3e6b68b462b753fd1d

SHA512
1c78c37c2522b9a8daf3ada5efddb00df66f7fbd6d9a59558da686ce75c86e311f17636567656da8b9077fb28ac766801ab6d77c295ce73218182c15d3ca6caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
120B

MD5
d134e9edcdaf074b232b830bbcbf9341

SHA1
cad4b121b846784338170827da0fa6397e782e4b

SHA256
09be73d0cf768ffc54a968b47cc9ef79da420fcd160e0bb19b2100b720af8538

SHA512
d155e03d90c62ec11fc32d5e73371194a0d3600692d5c9c17c5b6c28f51913cb50e17b5a72b575c5357a53822441dbb4e83254f167db33a8b45d92febb41282a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
582de4505b2310a0696397d978b894b7

SHA1
59b88a5e47769603db30ac831b6af67d9543c29d

SHA256
086ddd2d0da2391f760457d0e16683fc6751ca9f9a4f068898121b6370da7233

SHA512
d5d832ee224498ec53c4c7acbb525515634def5860f94d72c0b2e443c369b6068d3a6cd96167ad4264cd1566a1881cf48806e4c17e59cbc1e0ddee367ab6ca43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
792B

MD5
6bcf55e70c03cfdd2231106506cdb653

SHA1
a84710c1cf1a34d70c07e66359df702aa108b020

SHA256
1faffb59ea6f129750f1d5063b92e371a0533c43feb15afb1ece3591ea7f0b33

SHA512
4755882f7e1b953d88ded44036fe9c52de1a037ebf96b350902560412f0664a9f6f5804899074651dc8b45eab427088fb7f43a6ed312ab57c8fcb1a45c76cf23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
854B

MD5
dc42a0e8925f12b8601b85fd7a8c36a4

SHA1
b2d99c681c7b0fa595236a8d52dfa8be3841e7cf

SHA256
773ff61bdd8a1e7ff316ef8e182e1bc9f049c1e63316a791188d2f03bd515b5e

SHA512
ff17cd47935143ff03dec3f9f5cf3cea63c94aaa25c7661461826bbc15c1b4ba8219db50c11c28907cfd6d2312329b529a8fa2741463ebdba14c9d537f443f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9728e08f12f2bdb2575e9844e70c03dd

SHA1
53821dcd7eb7219c110cda751e8babd5b9d8b1a9

SHA256
5a7fdb3508d93d13d6e0a45c90938932c93f094724fd989424319f005f58caf4

SHA512
0e289469a6d1917d8ba9e80c68df5bc7de0be1f740b9430f76bbae5583842adf8f567b88f5dcf4cad84eb44120f7a1310d398af48af58e48b56a8e17e8245bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4bbaeddb897edec75aa1cffb3d60cf2e

SHA1
df5c07c9a761079c28e0c3d43cbbae06874a00f5

SHA256
089b04c190d604746133212abfdf462f47f399a1a62714615e08e6c2698cf474

SHA512
7f3dd3ee7efc57e9f4a47a324726b3b469d732c154756fa447790d256a173d910e221c12f38ae5c3300c32191634df91f96aff79903698479fe4e8b8e2a80550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ae57d8e517b401323da0d6111930781

SHA1
45eef1c61928e86e56a8180fcc3e3de3c90e51c2

SHA256
b8c484bbe07b1a57cad40422700dc72d6b8a86cb76363de564abfa13f522deae

SHA512
358c12f68b03cc258a97d9b7e55ae5597845fca68b792a51ef41fdd72eebaad77dd8b58923634e29ac79052baf17601676e926cb24b3f6f875661bece67abc14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
d9e39faea759ed894418024129507305

SHA1
af493a3bb8022ad3c46754ce2ddaf4664a825b98

SHA256
a2aa8d6490be7740b84d12b06cb32e850e7b3c664b62f186b6bf2e75de8916c6

SHA512
f01c30f49b397b4fdca6e8a211b871cb4ac2bc8653d04c4b0f3959430428beff45149f51030691b7ad9aae701dbb28cbfa7e7964590b285a005982f5d687f4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582cf7.TMP

Filesize
372B

MD5
b2e5bdf66e813a43daf1a29057f99cd9

SHA1
a69fcd8fb2dcc5e3a227f3422a513343ee580ced

SHA256
7db4a279b26e1ecb4e74c790c4f5360bf8150138c334683e333a34cb52f3c185

SHA512
4a8c96364c7144ae574e7a8f56cf2915e261f2d9edf8a7222865505b5700535938f7c594541f21ece4258c2a2186adb08c4597195833155d8fc9df64a51099c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dbb02830b7b47498114cc9e4056369bf

SHA1
0845cae5b4c3be4458ddd04a9b9a110fc1a23c04

SHA256
2a5740e7d9fab0bfd8abfe9d279b24d76518fc35f70c971adfdb11465c70b372

SHA512
2ae08de5c4b72b869f4eb2d0d8f4ff7c2624f6bd0dbd98b842e1d73c7cbba2f51a3635ef3ce28138312a3c17cec784550116e7f0dc82ce038f554c27d0e3f244

Download Submit