hxxp://youareanidiot[.]cc

Resubmissions

24/08/2024, 22:59

240824-2yqeyswdnn 3

24/08/2024, 22:51

24/08/2024, 22:48

24/08/2024, 22:44

24/08/2024, 22:43

24/08/2024, 22:41

24/08/2024, 22:38

Analysis

max time kernel
115s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youareanidiot.cc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
712	msedge.exe
712	msedge.exe
2300	msedge.exe
2300	msedge.exe
1120	identity_helper.exe
1120	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: 33	3276	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3276	AUDIODG.EXE
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe
Token: 33	3744	msedge.exe
Token: SeIncBasePriorityPrivilege	3744	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 3108	2300	msedge.exe	85
PID 2300 wrote to memory of 3108	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 1772	2300	msedge.exe	86
PID 2300 wrote to memory of 712	2300	msedge.exe	87
PID 2300 wrote to memory of 712	2300	msedge.exe	87
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88
PID 2300 wrote to memory of 4244	2300	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareanidiot.cc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3ef46f8,0x7ffba3ef4708,0x7ffba3ef4718
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13791535611867492411,13071567456490949556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6356 /prefetch:2
  2⤵
  PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x384 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4803cf777c353d3a3dea7d136a3b7e9d

SHA1
692b3ede7cbb3de092877ff1df5b27059916c23f

SHA256
79c2d33a66170a5c3f406f8c7ab80fae8f3211d0e128bb06d8a97a0ac8c859ae

SHA512
2646a0e1c4b85b7b8562055c99e1b1d2fe638aae5684416f83eafce017f41022bcf6da1d17519f19851af1bcb484dd2a8dd065312c7fc00e85cf57632c2061a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
254B

MD5
e25f3be4822e7c599b8c9cfdbe88f67b

SHA1
33e43afcf5b5f65e05e0b7a7e3dcb7ed913bfd0c

SHA256
e0a712fadf2ee3cbe754fc4f5a6a55a3250d2b84b8760d5c904f54db9b64ef43

SHA512
d8b2562492a4789457a0a619e3c739fdcbb166f9651226b79173854b8e490cbdc725d266d40d8039bed0b4d817abbd9d65d51aa8de297ec85b8f40059d580807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
254B

MD5
44b3aac8d07584d94eb8b956e1d39520

SHA1
9e2b58719d188cd871ab26ee3238ae52363639c9

SHA256
7ecb2d03317eab0a05529400cc41bbe6e31ac5e47d8bd8b239c38edde12d9c3b

SHA512
63aab4f4e6456528dd5989498f6a9a72ffc2d421c67971891219945eb94041504b330b675190ebb68afb313d75e6b5cc54845d9b620fb30c5b92c15261c19e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a19f31420a190f4acd5b11d95e822109

SHA1
6801c6d5bdb0f55db626a5c771a96f9a684491ba

SHA256
a2626517bff801a5d50e991322246a11512ec70e022204dac22b8312a4289484

SHA512
647104d1844d49b7881712ba4fe9072ebb6638c14961c7c937fa988dd34a21b0d91b8849ee58ce490101c2664af4c843bd098f131525fc144260ad29773a9a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c70265096347589b93a226b6b1b68ba

SHA1
9a0c79504c5e4254448047e706abb4a650f4bf1f

SHA256
24d145e7e70bc8acf78cf0bd12f44acf13bf06c7dcc592e9568bb462be864d71

SHA512
8b21df4b5cea687fa3ebc46967905132ba77dc6ba5b7bd3f8a706b1f4d1d813a5f6fd4f80224b82be223f14a1661edfed78f2db2c0db7b405f26f0b3022100a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8730e6cc32346ad4cf333c45657c9fc

SHA1
fd68e06766783f9cc246bf2201a3072ce861b2a0

SHA256
2314bda6be13cb842b1140a3a9369c6e8238a5330ab913fcd2e47569aeb633e9

SHA512
e2dc0f432704467d15d5d0ca51b5cc780c6d39c54b21a78dbaea52bbc4fc230193acc184dc55aa8f27ee61898bf108a0e3987c2906287a94f4d92f3dcd107a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bba51f1b16cbd41e41fb7fe727da949d

SHA1
5b319a2c0c04c45d922cc2868ec8a4fba74bc66c

SHA256
5472e2c5fe17011d81387fe13a55decea7be7b0e95f556fad7c47a405eed5469

SHA512
cdd5fb4049aa891cb7514d1d90ba9ce02b01ffc8e2a46bff93f2da2714bb3450af55759c42fe7bc8a0c797f068d0ad0052dca56444ae27d17c98affbfdf0c87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
569ea7d10cfba6bb09a3998dbc96880c

SHA1
5b44249e630709038a7b1f3c0fb13dd4f5b7fb4c

SHA256
5caab7edbc48258f5e62753753b2abec2851cdbd0b698a73fbad7446926cbaa4

SHA512
f416228d392da71d118f4e15e15c86a7c2f0b4dbc949f175ec609b6fddc855917880695d883cc0ccecaf8fa6178fc33ebe75cbf6528352c06b65d2730f7c262a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a412aa1015057280055d931c92862156

SHA1
05aa67cdeb572d3e670c24ee44f4e27334941ecb

SHA256
0d188c8e47fb8740cd39d5743b4e6bb9cb839e386d0a1c5da60d36e9885043b0

SHA512
e4e9262e93e6f25ee34344eed0ffb675076072d43d39699e499f8f4ad1753bd4e53c77cc413b3d58a8380f369a81267f48fb23fa292aebe3cb5dfc3d28a0d02a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1572c9ce4f4b29e5bd9972bfb807e021

SHA1
ba43fa9cbd587f5e94f047f4cdbabf8c49598557

SHA256
9d6c0ac3977fe10daebe76de29f8b569f42235d4f2ad2601a5cbff6dc529ce77

SHA512
51ff65c24f3ad1d3ded41b6546edcc6f7d34a5ae14626cefdcc4803a4dd564f917fda4b1199c7789a10ec0855d169f114b1d28c5030be7c59a8f15a685dfcc53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ce4ca6a9ab1a2cc27d3b0466db0815b

SHA1
30d63b9c6ef8e42aeb6a616e3e90adbfc97b628f

SHA256
f0bccf4161e92e7fa33175fa3ef50724134c3665928457554913bc45840f7b7e

SHA512
72732c98a5416a5e982c5c9a1c6e403d707b0efcd136b7de1518e79e8cebd3954de4f320e2e89871dfb2baa56cf4992da7634d89244d3b9ac76c16e4652e55fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
807fb9b5b49de53cea8df2a1922e8b0f

SHA1
b34c7e88868ce193f525f1ec96bebbcda573a11f

SHA256
8a2961dd9aabac62270339b0123396781150253a647c04a663b97f8233b4007a

SHA512
da0cda73c1d87dc0158e80c061864981d40cd34bf65189d24a8dc8c8811f9d03549e2f7f5215fd9abd0507d9d105ba8d78ebff3659de178799b59bd3a2cb40d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6555c4042ba548c6cafd9a6150d50155

SHA1
39f567af99c5926bc84c73b2f872d5ef8c513646

SHA256
4402048cea332f3a9d736959270c0a9c11ce217008068af6a16a1d1d745cfe1a

SHA512
cca4f9f83a142cc029aa03f4ef87218134487c6013a56831f23a5d2022f1a8866ef95c1fe1c50611bbfa06055d168dcee8fc09168338f268c629d16dd2231618

Download Submit