hxxp://youareanidiot[.]cc

Resubmissions

22/02/2024, 07:19

240222-h5tleaea6t 4

22/02/2024, 07:16

240222-h3323aea4z 4

22/02/2024, 07:09

240222-hzaaksdh9w 4

22/02/2024, 07:06

240222-hw7fxaee38 1

Analysis

max time kernel
134s
max time network
123s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
22/02/2024, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youareanidiot.cc

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2192	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
3808	POWERPNT.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2436	msedge.exe
2436	msedge.exe
2788	identity_helper.exe
2788	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
3036	MiniSearchHost.exe
3808	POWERPNT.EXE
3808	POWERPNT.EXE
3808	POWERPNT.EXE
3808	POWERPNT.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE
4304	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 1996	2300	msedge.exe	79
PID 2300 wrote to memory of 1996	2300	msedge.exe	79
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4892	2300	msedge.exe	80
PID 2300 wrote to memory of 4156	2300	msedge.exe	82
PID 2300 wrote to memory of 4156	2300	msedge.exe	82
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81
PID 2300 wrote to memory of 1648	2300	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareanidiot.cc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc6a493cb8,0x7ffc6a493cc8,0x7ffc6a493cd8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,16836932216272142089,4308120775417659112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3808

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4304

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2010_x64.log-MSI_vc_red.msi.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96899614360333c9904499393c6e3d75

SHA1
bbfa17cf8df01c266323965735f00f0e9e04cd34

SHA256
486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

SHA512
974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
19a8bcb40a17253313345edd2a0da1e7

SHA1
86fac74b5bbc59e910248caebd1176a48a46d72e

SHA256
b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

SHA512
9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
74ddaebba5e9e3eaac37e3718b1485bd

SHA1
ee6fd657fa3ba0891bef1dc2dd5ab20772a62bf9

SHA256
3737d59351a52d5e5a320b3237cfaf85f68396e7c1a1ccc78b66ffa9f525f48c

SHA512
e2d1a24c86b7e3499bbeef378976c381ce7a8748cd306f6d00b6dc912a125aee4078253cd0130685a37c7699e284c9a999f7617e532baa46ce6842e3f8953018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
473B

MD5
1aebe0f0c5c5c8787cd32888570eeb30

SHA1
3524c99bcd402818cc2c89249d24a0fe6b0e81bf

SHA256
3c3f2856a9faa4b23f08e101d32474bbf6d42f349267a72745cdc61724029002

SHA512
243b4c0e2da00fde26de7826c957f0e17d98ea0184017c333e1afab90d255b4c66609c5262f5015251199eb0d2261179791093f9041bfab377617a5897d892f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
933c7850ee03b9149d615ae1dda64fe0

SHA1
d137c36be352e5b54c94e2b0488b0d5f6cab77d0

SHA256
efeffaf10470cd9da1eb8e49cbf783566fa9eb215588ea00336a28c76f485f37

SHA512
13f0f70e544b48249431bbc794366629475eac9d68ac2c797359b33d2fede4b464a1f6a551ceec5c1d53d539952976ccbb36aa184caec781e49e2b6725102f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d51db88fa27ce9a78b1504f0521b1153

SHA1
34a47a157ef4d909d1acb06f54f2bd39c7ff0e60

SHA256
058c34eab9de61ba14e09e5682c85575b95fefc9fbd1087c50ce8e2c5e958c10

SHA512
47ba38ac0a1b6ff9a7a414d2c45c81245d6caf7c9955f8e05e462d32bb26eb09ddc3d6429158e6898284173421933ad04608d6e088e7e0f9540f2dad07bb846c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cecb1d92f5a95e7d39d12859cb415364

SHA1
619e6cd1dfb2f3454042a43b7e48c809a9c173d7

SHA256
952fce856f1a3484827f3b6f7e16c9206887aab9952d7000e231b94df8168412

SHA512
d91b77baf11e42ce11416194ab8cbecdcdf3de90f57d421764b932a98594e263ac4997ecd1f8d5ecd0fadaefb4c007c2a324e195212d27511523db6e15c4c2d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d6df3cdf4eb5775646abf0ad4131bad

SHA1
efc821373023260b368eec52e7447378707160d7

SHA256
06bf26a2747f1af448b78dc2d2fd42d5656531593638e00cca275e946f001f41

SHA512
90467aacbf878a86f0bdd6c65a073009c9e4a6e402ede0cdff3c6bf0f16ced6bcb04c7acc8257ec414735d7d3a26ad35e7c7fb5c47ee82f2ac8c3e2ea6f52c50

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
405fc71d90ddaa1a11a46a82f45ec8a3

SHA1
145d5254a4838d1a93869d23586b9d13362d0895

SHA256
0ea7613fb69bc81d4d2f515d22ac9b132e0a82c227785d225bb2eee0f147fc9d

SHA512
39803466888e1a00257a17dd9651c3c3b8035dda76f3c86d59a83045be87a210f88538c815d2a0076444eaac6140f9e5d5bd133a6a1150abee9907320e78e8fa

Download Submit
memory/3808-170-0x00007FFC4AE70000-0x00007FFC4AE80000-memory.dmp

Filesize
64KB

Download
memory/3808-169-0x00007FFC4AE70000-0x00007FFC4AE80000-memory.dmp

Filesize
64KB

Download
memory/3808-168-0x00007FFC4AE70000-0x00007FFC4AE80000-memory.dmp

Filesize
64KB

Download
memory/3808-171-0x00007FFC4AE70000-0x00007FFC4AE80000-memory.dmp

Filesize
64KB

Download
memory/3808-167-0x00007FFC4AE70000-0x00007FFC4AE80000-memory.dmp

Filesize
64KB

Download
memory/3808-172-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-173-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-174-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-175-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-177-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-176-0x00007FFC488D0000-0x00007FFC488E0000-memory.dmp

Filesize
64KB

Download
memory/3808-178-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-180-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-179-0x00007FFC488D0000-0x00007FFC488E0000-memory.dmp

Filesize
64KB

Download
memory/3808-181-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-182-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-183-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-184-0x00007FFC89DB0000-0x00007FFC89E6D000-memory.dmp

Filesize
756KB

Download
memory/3808-196-0x00007FFC4AE70000-0x00007FFC4AE80000-memory.dmp

Filesize
64KB

Download
memory/3808-197-0x00007FFC4AE70000-0x00007FFC4AE80000-memory.dmp

Filesize
64KB

Download
memory/3808-198-0x00007FFC4AE70000-0x00007FFC4AE80000-memory.dmp

Filesize
64KB

Download
memory/3808-199-0x00007FFC4AE70000-0x00007FFC4AE80000-memory.dmp

Filesize
64KB

Download
memory/3808-200-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/3808-201-0x00007FFC89DB0000-0x00007FFC89E6D000-memory.dmp

Filesize
756KB

Download
memory/4304-206-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-207-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-209-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-210-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-211-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-213-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-212-0x00007FFC488D0000-0x00007FFC488E0000-memory.dmp

Filesize
64KB

Download
memory/4304-214-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-215-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-217-0x00007FFC488D0000-0x00007FFC488E0000-memory.dmp

Filesize
64KB

Download
memory/4304-218-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-216-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-219-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-220-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-222-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-223-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-224-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-225-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-226-0x00007FFC89DB0000-0x00007FFC89E6D000-memory.dmp

Filesize
756KB

Download
memory/4304-246-0x00007FFC8ADE0000-0x00007FFC8AFE9000-memory.dmp

Filesize
2.0MB

Download
memory/4304-247-0x00007FFC89DB0000-0x00007FFC89E6D000-memory.dmp

Filesize
756KB

Download