hxxps://youareanidiot[.]cc/

Analysis

max time kernel
363s
max time network
402s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
12/03/2024, 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youareanidiot.cc/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
4472	msedge.exe
4472	msedge.exe
412	identity_helper.exe
412	identity_helper.exe
4984	msedge.exe
4984	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3432	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3432	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 1668	4472	msedge.exe	80
PID 4472 wrote to memory of 1668	4472	msedge.exe	80
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 1592	4472	msedge.exe	81
PID 4472 wrote to memory of 3728	4472	msedge.exe	82
PID 4472 wrote to memory of 3728	4472	msedge.exe	82
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83
PID 4472 wrote to memory of 4144	4472	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youareanidiot.cc/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff83543cb8,0x7fff83543cc8,0x7fff83543cd8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,155991164169051219,13328647218390266671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004A8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a91469041c09ba8e6c92487f02ca8040

SHA1
7207eded6577ec8dc3962cd5c3b093d194317ea1

SHA256
0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

SHA512
b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
601fbcb77ed9464402ad83ed36803fd1

SHA1
9a34f45553356ec48b03c4d2b2aa089b44c6532d

SHA256
09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

SHA512
c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
e51f49ed8a94cefa79d93abaa0758a0a

SHA1
d3b2135fbf38ff79a214a22484209a4b4e64cba2

SHA256
a2040684325397d09bf4fadc5c74dc4c59a58fd709a028bb5c857d9127f1b65a

SHA512
ca2965c5da8cad01ade994883fff83286138203f9b6351f0b13ac8b6e4ecebe491c76578ab38d4d8f9308d4786935279d639a1313fc5770c62b32bf720f11b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
200524ba98badc0d74b0744f23eb15c2

SHA1
9e72194c659217cabc66eacfe761e2e54df43e88

SHA256
ba2ba238dbf5e398ea6db522c643b1161a1599225c71993d150871f25af0017e

SHA512
8df980bb60118d9d9dec3e57dc1c36b90d6db521eb0c8d11fc40fffee707a4323b4719750fed22993083b2aea40b4ebeb8b691a8613719039de9305e4c7354e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6f3e0bda61a2ef8d951a53ed85db34d5

SHA1
116c854c7e3149c2a15a2f86c225a0791961b179

SHA256
35fa4a7a146ac65dcf9d6c902dac67feaa37a121fbf215f977c2fad2c518e381

SHA512
4d5a9b96b87007e6ec80c8e8d880e75314a9a5c08584e7c71671e3100cf9b37da7c5960d4266bf1aa3143f6f51aa35e6c198ac7f92669d8a6de4ae61b338e6a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aa5789df1fee252e43a4ac78ce73c976

SHA1
b217322a2ebd5036230e3105ae31c59361aff121

SHA256
66ae8fe9ce6dadee40f7b49a2ef56f6e5912bfa35098a56345626ea8355e6dbf

SHA512
def621909f4080c8f9b702a339a86c254353f538ee9fdea4e41961b4126784a1d990888a13491510205f2fd87af03e9959f86ccd823ce3fc4b57206902f81b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
37806410ad8927aff2caf3178bf399fc

SHA1
ac780241783f7a58c9916eaa200a42129b5a0ad7

SHA256
91a3bbc5f3aebc64fac01dfcc6f9592e6b33369a0359420f9fcc8885b4b7de3e

SHA512
be4472bdbc3b557e4ad69dec0ae51d76a0b8fbff9f4a925219b488e0e2c6b2afd197bbaac23be3d4367ef40cc51105202a3cd0e6af0a8315f46307613f8c2ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
144b6d1002b3548f9bbfbc6b7635488d

SHA1
93452ab7da058fa8ec1fd5b0ead1650ec5e85a4f

SHA256
cac5f57c0ecb59b74121f183d3fe73654f1081ac5c0b868a46cd1fec8a9810fb

SHA512
9a66d42f5fb84d397ee1aaced452417faacc75097f40772d6d9f45547c7a105dfc06af8e11abc364a99434c775afa945fb0d272194eda50e613afcb974cf628a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7848db13b276e5604be8ecaea95e8150

SHA1
ce024ca4c30dd232d02dc9cba81537fa911bbe05

SHA256
a5c893772edf71c8a64c78f827c101663d039c8c7d5be67e91ce050d195a8e90

SHA512
4bd15986c8649df8e040c114fd5755df7424c232f3ae7812ea38371a9c164614f9bc7ac32d4533686b49c3849d79b7944a61b278570879e0a4a1d5acdb7b1c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f84844d23556c3f26438aef2479c3e03

SHA1
92c201dfea4d798f55e5b761146561fc27cd7dd5

SHA256
21081bd71ae4cedc2e58f8657a9947ccb62537c25265855fb83473e55fcf817f

SHA512
874765a5d1591508d3e1340f473118a34d1f0b9d0e878b516a210a064b9e13609bb1fe076232405ded55bde2a2ad589432013c8920f587ab197737ca3694fc59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
048409c59246db3be9d7d7593864442e

SHA1
6cd9b415dca82d1c16182cca8b1ed96c2272395b

SHA256
b836481e43df19b0a347c5d31018182d2698f6c1f482c9b6e7341d34dc9a49ca

SHA512
4576fb9b728c1ad7266b7e2a785c6b14b696af1d5feb3c75f410bfb8127ab07aa5b21d0a5cd7225a01ddf6486bf7cb9fe9f374822edec1bf952c1b1ef1eabb09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3472c875-ec51-4954-84b2-0e47df056b72\index-dir\temp-index

Filesize
2KB

MD5
8db1bfcdb4c788678e1a53eec083e13b

SHA1
0720ffb2b179b2abf36c3d590a0458d7cbad5a1d

SHA256
00f3ea4325ced08a6e27777ffa68107859a1dfba6e793e794fa33bf68d677720

SHA512
dc5b183bad3fd844e11f175964e35b2adbc3145c1912356e8feb954388e76d6388e9dc04bac72132df97ffe73ec7210272a5ed47108ec9ce9b0e29d47663dbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3472c875-ec51-4954-84b2-0e47df056b72\index-dir\the-real-index~RFe589ecb.TMP

Filesize
48B

MD5
15381588c799901dd4ed6e3cbe06fb59

SHA1
da2d6715fcd9dc36881218df91123a096e89e911

SHA256
906d28f4e12682d78fd7c76ca9a4db941d134e40df5a0920350fd4d020318df2

SHA512
5c80a3cb3047bc335395294b53b347e24e9139b762b54a4e8ac1cf7dc8f5a21e0e1ebd4ecd3cf9014cdc991a333b42ea3d6a19077fc7ff0158887079d033f4ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
632edca12f1c62fcb05aff52c5002b59

SHA1
b22207830636192681e67ab6fd2e7173aa6954d0

SHA256
a0bc14acdbc9fe51547fe304a2cb3117feff9ac339e6bdc4a4d43370ad5fa7ed

SHA512
793f66babd3d5ed87ef780fe042f103953d1d8993d2b8fd40cc5e52379cc25d15539eab7a1ab27589a8d4a4d8eb6352ef70b9940d6cc6ffc6603c172d1e5f6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
f4b9023774922c2d015f2cba6dfc1673

SHA1
894ebabbc4ac6f6e691d0af6de8ea40317db87ff

SHA256
1a01069d14e06f6c9d18457c2a7be2c436bfb9556f3d036263fd1ea12a244500

SHA512
763dbd8814eef652d00827a438d25b794bfd36657a91dbe0f4b47bdf6d8e26d1e0bee51da6b81a2d952d054366705ff0c3977aea5942fbfcbc15b7e4d907c3b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
dd19a1bf3060550409d10b960f6fe945

SHA1
8a4b589d7da2a38dc921013840b5611c9101a444

SHA256
5b21148775c5cf49527167498aa547f9dd5935ab8b2972a5161029013c25fce1

SHA512
a233538f17a779cfa4ffcfaba573c9e018f8cddc040bd3801c42e815aaf8ae5eff84a032d5fc1d58e29cd39f58dccc07e7a8d2adf8b418c0981399549e3a841e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f637d06f890ebe42c95cbed1739126e6

SHA1
bad4f6e2b7369a44fc5e9a51c42f0f02b86a0afd

SHA256
169653432c43e9328227dbfa3df9c238197ea0bb960fb42938a887f6f1e66ef7

SHA512
073779da118e2a5cd19731f1cc928181244fe5134addb8360dfd86a4ad8ecc8db7ee896e321352e2824b4d99e8cf8297ec7ed59080eba86dc7e2e465e6564367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
09f40ac818c7701c73e00423f16f71a9

SHA1
a9bb3b3dad10ad226f0eed72fd5db8c86a3c2650

SHA256
66ca34fd2a39b06d396b6da54edb51872b3f86f88c7eb13436b5048252e95cba

SHA512
66eb98c3e2b3c6d11601683450e5d7cc5bdea76652a72fdd1b204a05bce01198786cf9b1390bb6cd0131606543592cead5709f919f443b014bb34cefb133fefe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58817f.TMP

Filesize
48B

MD5
3f82f8f7ec0f083dfff1b60a8309be74

SHA1
d335fd7b2605e2a6ecc907cf51fb4010a4197168

SHA256
36dba2bf0eef3772e429b9061e3012dc1f46bcbd4969100030e6d958a7e0bc9a

SHA512
3e36287657583b5429f6e29c713f22486dd98f3b3313234ae127c11a0036b6236b216f44319ebea09fa1247388167cec8b850ce8bbb26111e9f76f7b66174ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
866B

MD5
8fdff1ff393c5eed2d0b644752c7831c

SHA1
1ff838328a364ba0a47aefefdbf3dfb168b943ec

SHA256
418abf6d29039e5e5eeda6a61cc892d919fed55435102f675acdcc21ac545b2e

SHA512
f70c1c76a11b38752ccac973c456b7b714a28ab3e0451bc9e90984cbe060437392102c5627bf8f0ff2a86c50b71efa018e54a85b66af04c026d080b7a75b5631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586e36.TMP

Filesize
695B

MD5
a0f4e207b5fbd701d3796b360e39a915

SHA1
1abaa1fe9d8181e42bcbbd42956b311dcc76675f

SHA256
ed528da8c15c2393d186fc81ea0faf3b76dfc9644f89fa60b1dfd07d61ef6e78

SHA512
e47f1140292362e064ebea5c328a6b7465cb744b3f01ff90e09b7a12ec6dc802326a83e688a8499b0699db594d4645e6ea8eae8384fc62c66eb0c4a6ae9be35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa016fbffa2cc92eba35dffd8268b3e3

SHA1
5df9306590acf15636f2d114b29f04b89a14b86a

SHA256
40bf9727f34729c91828a49628cfa212d00edf1d36db69d3a448f156317aacc6

SHA512
d00b211ee63621d0d32e85242f7a96fcacc813e27e9b958754c824c89685171cd2dfadad6c26a29cb6503186dc7f3a39df2da4bc294545936d33df0fa436b149

Download Submit