hxxps://github[.]com/youridiot/youridiot[.]github[.]io/blob/main/src/are%20you%20an%20idiot[.]html

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2023, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/youridiot/youridiot.github.io/blob/main/src/are%20you%20an%20idiot.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
2960	msedge.exe
2960	msedge.exe
3848	identity_helper.exe
3848	identity_helper.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 4236	2960	msedge.exe	91
PID 2960 wrote to memory of 4236	2960	msedge.exe	91
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4688	2960	msedge.exe	93
PID 2960 wrote to memory of 4452	2960	msedge.exe	92
PID 2960 wrote to memory of 4452	2960	msedge.exe	92
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94
PID 2960 wrote to memory of 1048	2960	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/youridiot/youridiot.github.io/blob/main/src/are%20you%20an%20idiot.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd368146f8,0x7ffd36814708,0x7ffd36814718
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3048 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,9671006003866760074,8845075918285832928,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2012 /prefetch:8
  2⤵
  PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
30KB

MD5
037b8ba938d8f96e2fb7e59b45a1a580

SHA1
1ddd335dff017bcfa2a6adb28928b05649e7fa7e

SHA256
2426e28556ab110277f8a13f2d2055580bbcbdf2b0d452afde4669be1ee9b7f5

SHA512
ab1905a6a3c81e5aa6a39f99e8273ee9adce13851b65cc5bb211af1c811652907bca28455846efb0fd56276af2b2376d406f138eda92835804bbcfee46d34845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
40KB

MD5
15cf16ac70eaeadfeb7e933ca57b4167

SHA1
15ebda61a582d72af301d740a9f964a33a441cb2

SHA256
eaba8bd92a571ee5fbfe95f39613252b09cb0155a0eb2fc4dbc508c52d292306

SHA512
8132d11ce25b9194531c7d3172b930e6a88281a31cca75afa4323444eb7ed5bb3de625058db44445f0fc485c0a48cc5ccec033dfc8fe22b6e4056a181567a15b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
43KB

MD5
461fca0881aef0cd2fd12e1f24a7b466

SHA1
f1e58deafef86c0a518ffcda4aeff9d652fdb87d

SHA256
69a375a5abda534d6fbff863473e8724684d9af3ab9713a170117bf0cb49ac27

SHA512
bd0f3fe0cc52609985db24e7ffcb4215d1a8d12b0428ca707293291e1eafe4518c3c4ce60196cde654e028619396f1cacddb6433a383cc09ab9b98769e62ddb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
16KB

MD5
7c5274fe6abe2314d016cfbe340be855

SHA1
562a3dfd63be2c6481c4e370190c122b081f4ac1

SHA256
8857bd2d2f1679df695e348d27c884904d855987691567cec0a9a929cfbed1e2

SHA512
0a21b0514c9f90494acee0248a8025c09466349b27df327eaaed081b5f7e9c9234a0c51a6aac2013b4d38dd58c28d55b911f22189a5579ed3e74272e5f9ff478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cc1216630975c632a087223fc2ad13d1

SHA1
84b0f294f21eec14534b45e0d5ee071e55af98bb

SHA256
afb53cd996924c31bd238a215e9abe445b444d1fcf27879bd709377f786d8f73

SHA512
723fe02ef6f80420db5e5afb7aa198fbb6d858edc0e1296bfad5ea897443f6318abc954eaf759937c26257455329105466bb42772fb1919df3e15717b4317aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
88ab5296e718d0e060d67ce4fb88dea7

SHA1
2dd5d1ab9cfdb61803e6953dc7245702f3b820ef

SHA256
3eefa1dc8a876108e3ee52d1bc2d6e3bf2c13bb2f370b30eb87ec4d0f471b221

SHA512
06889a4c797aff14df9eea6b7d517b83b7392e48f79c0f6ef34e997828edc664e1f94dc96283129ad52d98068c93ea7d977ad71f498525d468b2cab2eae7140e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
377151d535acb34e55d6350a745daaf5

SHA1
9de7eddb76ecd33983107905c158ccfbf5115f33

SHA256
833dbb3d4c76f01f8a28f5883a25e1c0445f784027be30665d235a537a57eb82

SHA512
6cd755b62fa5a27c99451ea56811cada6512d9e4cc11d184630c9fd35ac6cada39cf3c395683dbac2401d990adb0d25f041078d3bdde70b1f580374628e26cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
b979d366d6b0f26c47a9af9a198ed10b

SHA1
06bf43ec16a8176a1996508956961888faa7b983

SHA256
499a919236919b8c0684d608e12e3dd3ad2a23af1e81970bc8a0ea3015dca196

SHA512
ae0b999fc4b4fe24e0d40bd3eaca1107eaa3ce1eb6ad1f3d4b46479966448d1b3f80b5c9acb43afea21c744dd14922b68cfa04855521fed56e12ace25d78b1b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
566B

MD5
6a2eba24be163e3a656ca0ca0c298146

SHA1
76998a96890d3d2db97c019c5e1544ba725cf9ac

SHA256
abfcaed9e75b6c533add7fa1d5253767b86332c3b416d4037e773417d0bca3c1

SHA512
abdd984723082c3ed03e915fe9e741515a6dc32c59af4076956f0a285e110cad5a53d8668bf4704e7abbec7246e23f4728916c4a9ad0146df68f51c523f79c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0d3dc5226c93b26b71d951820f38ee87

SHA1
ea4f3ac957827f7efd86e999ad95b47898e84605

SHA256
2188edfb7ad6653052093320d5394f26dcfa54924025b21feb42203dc02e10b2

SHA512
e069fc4f23c77d82bead43299960b204c0a6e4c754799e84a218331690898f0885059248029b23ca17a2d043439924f75c198804f538ac787a8f0f7a6c30de4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fd3499dd75791d0bcb5619ccdf70fd9d

SHA1
2a195064c9035fc0b3a83a12b32add8652cdb052

SHA256
3b5d15d224ea98d66c473404c25577965eefa8e535ee0f5dc9c530d7aad24c62

SHA512
ba64e6bd1386d3c3484bcf00c8a1aac65e383c40cef66a73f23089a43669242cb4d54a44d1ca0543be77b262a2c725902a8c157500246b2530a9dc86ecd86608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7e98881807193ad8e20e5ab2f351ba8b

SHA1
5cd6c8722a4b6d15a6c65449aa01fb9925958a1c

SHA256
8e0eb4abc776f4420b7dabd8c3db159e99d223f4202f5ead635a3af27f78b902

SHA512
4b7180f79ca835bf746a94330f35c6bbdda7907afbe21172882f74d18cb7215a61586478d395a15ece8d8fb17c6258d8abcb98aec31d80c84ff779531797de38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a11b51b4a47e351ae5c00f23b8a80d8

SHA1
4e9d369ad363ad90b4829d86b304c59ccc4a4baf

SHA256
2d98c2b84a4b6ae5f330909d5f50d229376c02f0a05d0bd0ee53dc1ddbf95d6c

SHA512
778bc2fe7643a562dbf2ae9902c3a8317cc0484d638fa811e562abf49dc33c47d83993ba6fbc28dbdce62b5c61857a8e097e50722585583b52bf911307b14d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cd513fa40f6a1a98bbaec0a5bd0847b

SHA1
3a3edb2f9d6eabbe66327cab45b7cadb9f48deac

SHA256
6c2746933fb5855969f781f82badc9c77dc92ef96d94c84717840ea87391de5b

SHA512
35ef865ddd419654ed147b1ba15aebf50792f6b4d4549a22baf236fd1dd0fc5a8521f58e11564e82b4851f08ad3fb513cf7e9f9a66a2e0915f772e868a371e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e18f007839e58ffa96fb1106a4ed37c

SHA1
b291245ea9306df91813860c75cbea398ac4865c

SHA256
59ddd5a265bfa08769b79bec2936a05a6f7aa4f8fe10edc31f89313c5b8a51d2

SHA512
cf863c94d3b6b3895fbe710567b96fc4b22c5b61d7839fc5763c1f088c0d97b000f73daf53552899dc48b7cb001807782525c24432bbdec3e9ca639023654a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6a8a613bbe18069402bb56f2e42739fa

SHA1
4356456facd7f18281f2831b1ffa9f67f5bcb5b2

SHA256
8126c6633a65b788fe95aad7ee87d9e2d1165068a607904b6bc520b63e9fe4bd

SHA512
997dcd3e8e1c6d6a5c481e0d8c00c0f1f595bdf70da4a11e01fe86cdb0d206ff515cf2b6fc979c458eaa76b0b00ef46c9021c3a73ba93a79b56e86bd9737ab84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
d7d11a00883f593109dc2377618ddf00

SHA1
3400b477585e70fd7d979fdf87382a1521efa75a

SHA256
4a33bb60e4840991457dcdb7cac3d6ec2fa298617435f1d9ee550868f1323fad

SHA512
945c0f261a5936858989454d297fa69dcb27418034688492c635d910d9e2dc5fc20a70ca786be4bd7c040e3d011147d4a2fef114ded4b844924693688946c0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
bd7d2c87823bc39862bf8de51ea6bf37

SHA1
7a8ceed95c74b3afc4934064477c0196838e9513

SHA256
a81a715fc4ae5e016bcc742542ea3c4043584204c95367bea81584756fb1f611

SHA512
bcd38bbdfc386d22ff704d810dfd1233c91fdf415d2e263cbc6e71383c739ede667d4520f197197f07c9d2c637c902cc0cc5c82d7388654f20e8d534388c094e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
5d6f0ee5ce2294465a1ac92d59d054aa

SHA1
642456ca90fe8382f22bfe2aa2f11d7fd06c99de

SHA256
f56c9117dd31c766326968ca57b165ac4ce035e0b4635a98816c26b459556c71

SHA512
755b00667b05301f9189dbae5a7a41e6982ad8d3000e7c201b52ca89a50aac709fad7134d090755f459e9afeaf1ae621e526fa6845762cb197a0e0ca730a04af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
260999230a1575b862d8ad95f018f50d

SHA1
e538a3b7ee48ae115783c236e68c9ccffc5933c6

SHA256
9e43ba54ed7c5575910e76db917ee368db2f5eaefb2aeccbac84c816f77fb1cc

SHA512
5f46e3edf859c622ae9a29fdc47d85ae3a51d992b5766a1973d0ea24711ba74027cb7cba0ca7ba4b0a6e248efa4f5d5b272ef2af07d89a5f80bf521dc19934aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
2ff951a6a641b9d0b249eded7385d9b2

SHA1
db7c535b38db933f1e76953a817da56b7ac50884

SHA256
3e0b4e6dcdf3ce0ecb79440b363d3b2bb745bd45b6828363dd858e6573664200

SHA512
a449bd3bc4abc2c437d0329627e69804dbf09688ce4d7f88537ce09578e5044b8f3fab4e13a0106e045fc990d104843ed7c0b4cc76bc6467c25bd7c4cabb11c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
985aeeb663e0d26c993cc1df7e8149c9

SHA1
4761ddc387923bacc555205e27833a06b8beedda

SHA256
80dbde085bcdf796cc36b9093858e10dd30b4f28d151df8c37b70e8a90f95d10

SHA512
3ac0f6f9469b824c2e2137ac6b5ba948e85dc5942ab48796e5c8b9dc4dae0b1b8b3796a0765407f09f1fdcc30ebd2be3680f6ca4bc3c2be67bcd730f33601f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588de3.TMP

Filesize
874B

MD5
8d78ece8a7a8efc61efa90c47ca82fc4

SHA1
0219a9b6c7bc871e9539b8ee4759f91f53f0c72d

SHA256
b5c342f21b5158f5d25717190e6324f24d72017338626fc0d3c367f348a448c4

SHA512
a6b4b5100353670ae0bc00a6621cf9bfb1cfb922e69ae906e6a5fea65fc9617aa57c4badb7cc71e665153a062a6303082c84a077ee84ae3af5fa84178ab30fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
565960ca337d6af9b72a4a55413f4663

SHA1
5b5c07c3745a2858a1ed435869f93e3ad93e12fe

SHA256
2ea4c2c76a215ab7d2d558dd2f36c01bfb58c622fce2b3e13fb19fa2dc82a874

SHA512
5aa46d8cfd1f0abb42c5b8a0a5dd562dc617759c1609db51072084de241afefd2dbcc1caa4be02939c224d915770cd25ef4cd2ac00852b285d419ba1ab025ebd

Download Submit