hxxp://youareanidiot[.]cc

Resubmissions

24/08/2024, 22:59

240824-2yqeyswdnn 3

24/08/2024, 22:51

24/08/2024, 22:48

24/08/2024, 22:44

24/08/2024, 22:43

24/08/2024, 22:41

24/08/2024, 22:38

Analysis

max time kernel
55s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youareanidiot.cc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
908	msedge.exe
908	msedge.exe
1640	identity_helper.exe
1640	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	1500	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1500	AUDIODG.EXE
Token: 33	2100	msedge.exe
Token: SeIncBasePriorityPrivilege	2100	msedge.exe
Token: 33	2100	msedge.exe
Token: SeIncBasePriorityPrivilege	2100	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 1276	908	msedge.exe	85
PID 908 wrote to memory of 1276	908	msedge.exe	85
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 3744	908	msedge.exe	86
PID 908 wrote to memory of 1876	908	msedge.exe	87
PID 908 wrote to memory of 1876	908	msedge.exe	87
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88
PID 908 wrote to memory of 344	908	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareanidiot.cc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffee2f446f8,0x7ffee2f44708,0x7ffee2f44718
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12157012260499454730,6427709965695263741,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2664 /prefetch:2
  2⤵
  PID:5356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x4bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6f339d0b787346c59a5c9d616b1ecf4b

SHA1
8e762c7a8e725bdf7c902717b91b2be55e88e2fd

SHA256
2b3f2692054a7a661ce0f65cc085a6a55fc289453d7a872579b3268a5e189754

SHA512
5425b89b0225b4b50d1f0224e7a3ec5aa673cd4cbf48de68e5a6438ea71f31f7bd748754061e910ffb198f06512c2a2c7b72f50d077e165b89d4a7171d5a9783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
b88f247eb29ab18ceefffcc93358b1df

SHA1
7695a17a01bf978f93603de7349ca8e52bec87c4

SHA256
5a36b6618062d5914e152044e662f742f99f433655d106e7e59d2b005d5702c3

SHA512
82ec3d18f129fd6d8691c7890ce7268b8211b1b21486e37dc43bb9000ceb29f79f429c0c9a933d0356a415823f53502ab08c5eb2af4fae272b337b31ec70e558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71d713dbf2a8950f5072c7d181d9dae5

SHA1
76ad8592a68ce6818b6f341ef238a1c54d63dad3

SHA256
7ab0a1d761e30413824fec642ecadc10bc45e63c9ee3e8215ea33b98d9c5b71a

SHA512
3906383c35e4a9af5d34639650c4811f2730c9035c1b49156d1cf9667e7b2936c87cb8e4483cc1699aa1d706142a5f00b2206ad9e52dec2c157ec68648ffa9b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9a904c69209a62f68b9b3e196e65db7

SHA1
24e79ddf11b3b966c5eb02aabc6c603213da80cd

SHA256
f723fa1d8ba4b18d2f37fce3dc046cd9f59a1493d5b896252f86bc02a7b0f204

SHA512
89b08c24155739c7052242cdfe5616b352e9caffe4785a82715b8b963f09c575b04f17ed8b9f4b2e53ce0fb42283f17020d3bf4f5df44df6e2dd0f7077467945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66535b9c90dbf71357cbae0bc7a0ea94

SHA1
71abe42410b0edab01b665d161acf81d2d3f4548

SHA256
df2c7f7882cb2a5f08b191574e08dc602ea786e39669f5c59efbfbf4b884cca1

SHA512
aed6b0e1b794a0f9ead0232f223a5dfa3abe085026dbfbf58af0d8d0810a4c0b4ffbf615314d3c1eeca88c543332d95ca212a5e3bf8dc175dfa42bf51736537c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c4b15b886f018eb12ae40d43ecb2ef4

SHA1
2508ed89ec97fb5a95af32ca635413d22de72b8a

SHA256
090b5809c840c8fc31158e26cfba514b6cd65de7ddbe2abb963165dc3ac172ee

SHA512
9042cb8fd9ae347c34d9e33fac4687ec53954a3df755edcd36870e9bb9178470388122451015c7b85ef8bf59f0e3496e62d161fb275f18f15d996a3d116e836e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df564820f3c6628be987941dbe4efa0b

SHA1
173d11191904c6264f6c0eaca867f3046269efe8

SHA256
df959342b5d3c7a726f100b09f024036e3e3ae0b1faae9f71eee147a3b94ad45

SHA512
e23b9b0a5f06990ea8181221856d21f544e48f10a84346ecc67e9abb76d7c41a93e5849628154f4cf7c283f24f0f84406ccf728c961296128795a8f44192c1aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b4193acfb600fd8af638222e3c221f7

SHA1
848c2a98d8cd8672752c5c8deb1ff9dd71105bf9

SHA256
9d18b279c9c06d7b9b8a81f550ed254326ff0fb3ac5ccd660602b83b51498aa3

SHA512
f4b8a2e5342fff22975c3ac1b98ff84dbd71f7face35ae47d8e05a864ddd29f6f00b6f39201dc83738b52ad38b94935975bce79f1ca43919c222043fb7f5c526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4b118a44f6487c0744a2cae86a602e9

SHA1
5aa26ac218bf08fc4724997dbf040cde48461bb9

SHA256
eafa260352eaffa211104503a518e776e0584e1239a7ffc48f4f47152c7942ad

SHA512
04bfd65aa29d9514485a6f953429ddf7fc832a49b503750986530bd8cc9526056cf5b402cd9b822711e569a7dfca5ae543baa69ff3a54f0a0bd1be3863527235

Download Submit