hxxps://videy[.]co/v?id=Hr7AEEmB

Analysis

max time kernel
600s
max time network
588s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://videy.co/v?id=Hr7AEEmB

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
4332	msedge.exe
4332	msedge.exe
4144	identity_helper.exe
4144	identity_helper.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4712	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe
4332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 3228	4332	msedge.exe	83
PID 4332 wrote to memory of 3228	4332	msedge.exe	83
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 4772	4332	msedge.exe	84
PID 4332 wrote to memory of 908	4332	msedge.exe	85
PID 4332 wrote to memory of 908	4332	msedge.exe	85
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86
PID 4332 wrote to memory of 4116	4332	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://videy.co/v?id=Hr7AEEmB
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6134581796264777429,835580211139256843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2b4 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
1007KB

MD5
7b76b1807a4c32beccd35683e0f01183

SHA1
3c33ea39a89c0a24acc49a97be255352d03cfcb5

SHA256
1eacef8d1a9a0e284e7694283177324fc0099b552041bce82518c7e8a8ed924a

SHA512
7b95f67eab987a76a27edc15e94e7d475e6e675c92d5f002d565d6b54311b093444a486bc78a3d301ba4573d8572196129345e217bf950ffc495d1d046b3b9bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
831KB

MD5
c5fe6e9a1b84cf6d14eb37124d72fbd8

SHA1
7defd7f1f8631ad8aa1b0b34ea87cebd98b81c42

SHA256
1ae3a1d5990061104848926f58d66fcf39b90adcfb885dcbca42b938b1d9c7b3

SHA512
7e684fd0660bac159902b27dd1a5865b1e45727484564c411f5efd03cc1fdf1034d323823c87510af17a2c9587fa286ab300865628285404d16a16c4c71972f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
736KB

MD5
540d5566b4c42facbe5ee9215a3e87d7

SHA1
a17682e5952104fc094f3e4f7a6e1e2327582b67

SHA256
d2a61a298b4465cfa784aefb18ed0929fb9892e740852c2d4a21b3bd5ffb1a71

SHA512
ae49e0a1bd166169dcb7dc78abaa6342317f064cf51f2ce69da992067a7e92b4889bb412980ee900cd683e3dbe7b71e4359409914b6ab0e0d54451027505507b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
992KB

MD5
4690be9778e1a4db48f049e7a2aac11b

SHA1
a61e5c35a5879ff4e93d93eb6ec2d33032406fd6

SHA256
9ba8c7d5a94bc55c9e31b6a0d1601e940ba349e5e9eb16de56e948618287c889

SHA512
7bf68efd6c2f5d5864b927447d381519eb40eb0f4c5b8fb132e87823ade36d95ff30b4f1f542f7977e2efee28b06ffd49bdd89f64fff701559c6d1c451b92761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
991KB

MD5
1ca58afa64ae0e4414674c3337566571

SHA1
318334909dcb09cfe866f8c72d97287f3737ad23

SHA256
0d57c6c1cdeb49d5e5f059e759b26ad878da62c8990d49bb4a81cde881cbca39

SHA512
3e1220b4659ece43ec001a4b0c5d4e821c1ec3c2ee56c7c9d77cd89a43fe5398b52e59fbaece8195c2213c90f8b8310e78817b451e32bf15f52149c42c231286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
735KB

MD5
3d3af041bd0c2eca2a9adfb620fb7082

SHA1
4a808a426898a16cadf2c32f4a5398b2f2d4297f

SHA256
97698bca54ba31d515968e268cd692c7083df4a666dab1155b67c7b96cabacdc

SHA512
c5f64d273e077aa64a034325c81301d7f5c73cd37e69a4d5a2609f43109089263b8be2d3950cf5f063b17173c65b1b736937070f9a225c13652b0e829d16a886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
672KB

MD5
d98f483fd10c8fe8bebb981b417bbe66

SHA1
0f19f8be8584e386d23ffd6327ff693a83af9926

SHA256
9bb27daf953e780a0b2b255c0349602467074b625faee081b84e78e4b950d315

SHA512
f9c0d0ffa4c2cc2381515f4512e03f4936602a6513dd65a72e64101c9f6e2f89c65a65d20f220e127d80f51da5012095cb36c14583ef9e45ec3e38eccbaa5479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f7c1363d57650b3a5cffe5a0b10bae1b

SHA1
18a8134bf62b4239a686c542eb277c9fa797b2ac

SHA256
cf6a29ed3f224bf0c6d63155e6a965fb283a4ec4db05b5739fab7abe8d2dfff8

SHA512
caa2db5a8398304f25ecf8217fa214f2183b3e8f162b1702102a3d69da2564c0f6b95daeb9484a0db2e8179ee357ce563b21347e91f21b547c98d5cb043d87c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
54907d15beb60158d962276a99a029c5

SHA1
f2ef4d35485b681453e9b06f8ddd78c18b617c71

SHA256
2849de40542db0504a1ded80b915b56e9aafbae971b83fc946f87d19dbbab9b9

SHA512
5dcc155e864c91fab7f8732f96c5316384d36b19b80a7d2d60b04679ce93bff95257a6f418e437aee75a939e14f93b9e02bd4f985f693e185bd536e1c54a285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4fd6d758dc7d1311410cd471041140bf

SHA1
1a4832e472eade96f9c2934716ba98fb83b403be

SHA256
6f8f26a56679846f654c15720ec7944f99d132c1e1f98849787a8b0d46ee2718

SHA512
333d07f5a1f22ab530eee74ea97b006102007adf63dfef326c38a51b469af9221a2757fedc2d69a03cb1c2caf6f92853fc38f6aeadbb17ffab6cad5664c262a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
861997174ee0c14399484a57122abb01

SHA1
b6b5269d2c96a190289321c43157548f74e708e0

SHA256
6463d999506f785d203556541e1c30b22fb4bb979ecd53045a907d248c5c4452

SHA512
d9c1fb00933e19b92e28ee4f5ebf0b1203ef3e0e4fd71dcd94a57ea18b1d085961d44396fa30f58ff6e2c0147c037227d402cbd538b23f8d7fb66870a8a7fda0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
82ef965ec79a3b5b71c05f3429210bd8

SHA1
a893fe32879d4b59cd20a5fb5ac8099a27e780d3

SHA256
6b26edde24857e29ac35fef5ae302eef225cd4f10a2a7e6093cd887840b8416d

SHA512
f618a55f6b32dc71bc804d5cf5b7507fc88faf2be29ef0eb353a5330a10ce460d588e790411241bd0fd4610001a926a69c6f50554ae4f43c8d3f5774b923d37e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
764e3265fef1853c55cb75a01e438524

SHA1
8a3a20f952f29a052c3c620c86f1162206803684

SHA256
f41cf7f11d83a33ebe56cf460e95b491b93249bdbd4d4e485b0b6a41e7a96f36

SHA512
bdd5c4c582b1e1ed8aa9964d2df58181cb34557dd8020ea0caba69a6ebae28424e7692c5f974eb3be69fb00941d1fd18604450b5d996879f95eeb4b523068a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
89b3deb42ac21b75a4f120f7ef8c5963

SHA1
59cdb0a00bd43c6ac1f3f6b3be4f87307cfbec72

SHA256
3dd4105ca342a8d24e67bbea9d0c24108750d09614c1227a248e41811aa25b05

SHA512
a7e4eadcea049f13a89524260490aa660e47e064699ec9f298bc0a404842525ae8a0647588e9cc057c600c4631962de91e0e31bbf96f2d17f9bf7f493b76a629

Download Submit