hxxp://youareanidiot[.]cc

Analysis

max time kernel
115s
max time network
181s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
14/05/2024, 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youareanidiot.cc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4860	msedge.exe
4860	msedge.exe
1228	msedge.exe
1228	msedge.exe
2864	identity_helper.exe
2864	identity_helper.exe
4608	msedge.exe
4608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1820	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1820	AUDIODG.EXE
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe
Token: 33	1476	msedge.exe
Token: SeIncBasePriorityPrivilege	1476	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4588	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 4036	1228	msedge.exe	77
PID 1228 wrote to memory of 4036	1228	msedge.exe	77
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4796	1228	msedge.exe	78
PID 1228 wrote to memory of 4860	1228	msedge.exe	79
PID 1228 wrote to memory of 4860	1228	msedge.exe	79
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80
PID 1228 wrote to memory of 1456	1228	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareanidiot.cc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe297d3cb8,0x7ffe297d3cc8,0x7ffe297d3cd8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,7830356528396511488,10861541598526539313,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=9268 /prefetch:2
  2⤵
  PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000488 0x000000000000048C
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1820

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e4ed4a50489e7fc6c3ce17686a7cd94

SHA1
eac4e98e46efc880605a23a632e68e2c778613e7

SHA256
fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a

SHA512
5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8ff8bdd04a2da5ef5d4b6a687da23156

SHA1
247873c114f3cc780c3adb0f844fc0bb2b440b6d

SHA256
09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae

SHA512
5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
91ae0e06358d7b0717ef9741fed5fde1

SHA1
6c9123db8dcc9c05fd55c6c6923590d1ab4c23c9

SHA256
053dd49b68b39f73ec1365ecd7b50336d43faf8a9590829fc37d0b570e278b55

SHA512
43e530f8ca090d9363b650ef3aa607d8446d8e5ac6c8c867f36d1caab84f4c820e9f6370b21417533eacf4b3eb716fc8f25150670cece2f98140f53ff8fc43fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
474B

MD5
c233102c3224e7b2235c0cb00e3f3d6f

SHA1
62d9357d759018745939e1115c8a27fc5ebf9a44

SHA256
8336f350797f8de83fba867507a06c04d2e3a5c6850c0fdfce2407f3447b8e36

SHA512
b47bc3d69d2e0e598c1fe899955df3538e33eac97e0da8fb51f79607d2ae3e6d68718add61693011ed98403fa4b06fbf7f68942635d56f3fa92f6a029316128a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
474B

MD5
b558fa1598fbaae902d16e735144e4be

SHA1
b3881af30331578ec3c24f4837844e3ec3b3ed6b

SHA256
f03543641d50daf1cc86b9bc4b5c8caf91809c19095ab01ebfc24fcc99bb437b

SHA512
e1a99d0b678e9027c35b628b249da31979b0e5cb6ba22cd15fcafe0041d0534636d7d9c4f7ffb8b2ca3cc06f796288fb08b9b8a371d015e438b72c3f983786b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
475B

MD5
ad507aa80d52440deb1934e693d703cd

SHA1
5aa730e397b98a930927f8f11ce4893631992e09

SHA256
b00523ad8ea731f235e33c207cb1cb7b3d2caae9706b75e101f9003a375921c9

SHA512
eb2718d4c7a31d64b70d02cb6cacb312bef9bcca418ba18050c69b74cc5fcfd3bd014bad20fd432ac5fbd778dc2fd2a73ab2ffecb7f16deb8c84a8798e938b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65372ed8e29f77a033e22ec9f4ad1bf0

SHA1
51f5576cc9043e73de9f8f7f31305a45c6111fcb

SHA256
2ac7b93fe1f9cf2c629ed0dff7a7f1ab4d544a459dd7a253efe7a7810a444111

SHA512
eb765eeb87c57d7e3878fe2b6d643797fe337c2b52acdbf7a368f591cbdd66a7bee608ace92554ff91ff2d4e46a38bbf207fc057db149c175ee88a278de8627c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f20e91ad0da03ff2db0cb2e599c61319

SHA1
e264b7e4502e09ba8e271f1925e4769f8a0c14aa

SHA256
c4daf266c2ce715951860e4795f91291d60be71e185e55f61b657ce8164e63ef

SHA512
9f7aceb0d2893c57aa29dde27e271134634e97c9b5048ba17ca27786ba41f2777c5e19627c681f917504ca5ce982ddba6f0740de647aede6f2f48f8980ee5de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
975de2a35776f97330b69c0e8d31f533

SHA1
4bb2f4c61a840c3184fd5c1f8f33bd853731ba40

SHA256
6bd0f55784691b6519b42bde78b43f96c233d74eb53021a0c4fb8719f9588598

SHA512
6db1ba6546536de7203e9b1eb3d9d5b5a3e96910c47abdc9ad53b334eddec3c03172b18598fe5373627e2fb4aa7a15f8dd41c7908cb3fa1a5c80710a045a61d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
453471cdff702b942c0d39b17cd7f8dd

SHA1
ed1f81fb590ef7b50562160e3e976e32d3f99721

SHA256
007bac272a283c48cde21a7d4f1ddfbcf8dad00172544fe333fad74c392de020

SHA512
b0967986d0a780261cada6f48bdf2f2b814143b547113b6c602f18aa9f8aed1f3f37764bb91f388e72e2060d4e0d0e9e3aa615de3aa44dd180579cbec12e9d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ca2c8526bd454ab125159e4e6259446

SHA1
65dd69d2bc6a6aaa6c8f99dda5c309f953134130

SHA256
11cc7d57a550e2472fb65c5a562e84f2172812f331058a5783b6cf4266705444

SHA512
95cf4da1ef3545bdcb3293cba9c37cdd417ebf3a64bae89e57d64c3354751ea63274ec88cb20fa79751af4bf0d53549eb805f8423227c3f5b80ef82f744dd88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2cd7bffd0ffa1665336cf879193d0b5d

SHA1
eeeaec3f9cb55f6dbd73bf6bb8b70f137d189d9c

SHA256
5dd7c06fd97359cbb1f27d227204ea51ee6d3992e9b4cdd796608c013bed6813

SHA512
a362f1fa75f41bf5bb52af183e2c1536a116e96a78b298c6cc28c4863839ab45683cbba9b03eeb2dc91d052dbd01d9e75e03062de78e992f5ba6eb03ad1a269d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
200e8227bf6022eb0ecf693bfba5e02f

SHA1
0b9dd24a34c4b0a4e1920b2d387fa093cbed9af3

SHA256
b586867b8da2b4a634e6da19e0429a0326193ed32be5684dfdc52b1f35ba4019

SHA512
9d75850491ab03d66dbd0c400253a143cc42e6ec257fc55f23c7676751701538fb9a4257b81ae110c84cbbab070c2d5e327f3bd9b89426442b3d69f7622d46a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d8e525fe4a9b187b8cdca3a7f9c4ad7

SHA1
d8aa9efa9cb48c92394fb502210d51e655c571c3

SHA256
e19b4c8be970a7a68993323acabfd0a880c222a0222612fb7e7eae8b6b98956e

SHA512
f2cfdd0a1baba477779d2fd7a47fac12bec78f676e21d1e535648fbaad9d802e3a0e368f72463ed59d15255516710a2f48ba8762d8d7638b87f1c9b218bbd7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
431bc391e72c0ae44e69683dd8fed0d3

SHA1
05845a9174b99cc5f84f58db8e624dac8e3769a5

SHA256
b229dcd5a762218a0cb9f6289aecb2e8aa6e5e636d4069581b208c2cd20ff851

SHA512
b71d714af0ed278bed88414a0fb1364823408363fd040aaa2c9f2ade0c97438531315f85f63a013e72ca43332346bc6c2a0252ae312d284c7237b13b60425949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
52eb730921f57a683afe4f3440817638

SHA1
691a343e1e3964f195a301877385ccf9c0a6a3c6

SHA256
05404d4dfe299b976d8519b96fc58145a39a1de548a0c68beffa672374c1656c

SHA512
0919695f5b3cc6445c91c4390b740759bbd35414bad115a57f6cf1453eb8f862bb66599d91cc479d0a1796933384cbcacc8caa014d1a7396ff8f7f0b0e7fef7a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
2f23663111658be2ba0b273463ff5e60

SHA1
c2af77369b83a0177bfdb90c11fad4c5f897a983

SHA256
eab4709a1ad32b0b87a53d307893899eb3ee26c6a59a1b34fe83062c79817513

SHA512
e0fdfe555a47709cbf14c4c22498c89c3e8fd61c5b40806b9dd06aee20fbdcd3d9c4f7861d1183df15e9c64ed25828f97c8292bc6b4a700d3d4586433bf45bd8

Download Submit