hxxps://cheater[.]fun/red-dead-redemption-2-hacks/

Resubmissions

12/02/2024, 21:25

240212-z9z3esea97 1

12/02/2024, 21:22

240212-z8dg2aea72 1

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cheater.fun/red-dead-redemption-2-hacks/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
4060	msedge.exe
4060	msedge.exe
2076	identity_helper.exe
2076	identity_helper.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 5016	4060	msedge.exe	84
PID 4060 wrote to memory of 5016	4060	msedge.exe	84
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 4360	4060	msedge.exe	85
PID 4060 wrote to memory of 1108	4060	msedge.exe	86
PID 4060 wrote to memory of 1108	4060	msedge.exe	86
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87
PID 4060 wrote to memory of 3440	4060	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cheater.fun/red-dead-redemption-2-hacks/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6a8b46f8,0x7ffe6a8b4708,0x7ffe6a8b4718
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,3777194228391938921,6010193378049913100,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6928 /prefetch:8
  2⤵
  PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\468c9d15-7cac-41bb-8d17-e8107f6e0736.tmp

Filesize
539B

MD5
d30073b27027dffc3d946b7080c36c5e

SHA1
ab021a188f317ca5c486b67e1ec470b500efa1e4

SHA256
243a3f837a6030a5674488d05950bddcd277e1195bf06915c42852db9431412c

SHA512
115c6510757b2dc39ee9565cdad7f56fe59fdd04296e02d8a0a59ae281088f1a2c964abaa7260e7884bf057138d5d974c04de0ef028b5fc196ed3fb5a68439d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
24KB

MD5
8772c36b48e49eb1d7ccca701d0e7304

SHA1
04fbee5acb30a430886d64affef575093339f3d6

SHA256
7044a94f3b661bb26fd999df3672f59bcca890cf538e69e511d32b7ec6fed0e0

SHA512
b8c5326bc119451e86e30482f3a782b26702c1ccb318b4e1786fac879a017ed6c964774f151769f6d51d8c824084ae6d98955821e124c3030559f5892cbcb110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
5be7639700ec33490e7646aa1c321ab3

SHA1
9f312641d94dfb21a7d056c30d48142d2a1ea2be

SHA256
cfc9660e7a97aaa2af02ac8901a3a174ea9a6bb32aef4b81faa6fb4b14411a7a

SHA512
8dee61287fcab8429db00063be1b790d594b7f92ed19cbae5929789003ac1d99b37572ad1a09cefa9b40a878689043a2a813b85e5d9a397f8e4078cfda25a501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
85KB

MD5
7ab727c4db1409ed474a84979ae148e3

SHA1
b6153de09ce880461a9181da6fb5975ab323ee2b

SHA256
798d7b2f1cee71809daffa19faba3a99feda5a8fbd31a7a555dc40ed42d9bdb5

SHA512
ab81f872a32f426af0f255a631df794ef546643a81d170167811a77482ad3d007fdfe41a8cc3828da73778c76a936fc390d0e8f7e174e31cad49d2412c87b2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
424KB

MD5
d321a4a917ef61dec7d069aacf784508

SHA1
cf90f76a3b2cfb7b40eb1df39dc336200a933160

SHA256
ff20cc0f57e817f0c931520df40b0f321b08ee08a70527de144aad7a9b9dcd98

SHA512
891117d13904e778a03d6a7ec5cbe1179f85fc84cb006c76a19999cbbd4b95d427cc3c5b27503621f65bc582c6930c5c56c3d1159a57c9e7d6609fb6e060c96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
09461f3315a1e80738d064060089be58

SHA1
fb4bc92bfd24fe31f143cbfe4f8dacdf360897ac

SHA256
a3c242ada7eed5e8fedd3c22ca29050ce3fff488c0ad27c7476c5b656ced61d5

SHA512
5d8c3aaf368e8aa347c1592c2150c19c190e47102a21a00916f9eb87987c40ac02b30e24fcb61318765f903f7935e843c636de6df729d6bcbe211bb323e27d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
149446e3ea40238ca62b800b2645c0b7

SHA1
9a0032c4166f1ee6034aa2d17d065de9100934b4

SHA256
c0b3f7a21c2e371ddc207a48f1c0efa44c30b4469c6c0d6b74ebd34ebc08eaf1

SHA512
22cada5a45e5bc86f6c43dce2f5d27b3b771b19c657022f0b9a50b9cf7a75fd276ceeb7b6698ab32ef8f9b7041d43d850ca4d7ace36cae7e489edf586b230805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e9c27b14a962d959d63eb22face7aaad

SHA1
e3824098edfa53e435c039376d230a27ece59f79

SHA256
b76892e6628a0503e5f2ba54c4f452abc95b444b3fc9a2e8987d6d506e8ddad9

SHA512
e85c33323f33c12b965ac066510ac2080b526dd27effe304bb5a985784f0fb2d0a5efd87cf29b3025f3a3b37d94de3a136d76f11fd932161f5a3ae4a44218eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
321d7bd820a6cf23c9a0bb8a1dfb8ae0

SHA1
bcaf272b5d4f7cfe89be1021a6e1465b1cb258c2

SHA256
f572017ea2dfbc6ce137e8cbc7ffa6086a12bbcee4e60e86ee6e81fa19fe2a57

SHA512
be20f549a8191cdb37fff5e5f228d83630652ad170e0b72958dc568375dcaf24a08d8ef09874d3841fbd0a9d95e9169ae4d3c3288efcda4e912c962608e651e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f90fd7882a0c0110174a67323f811f4

SHA1
1a0182d225cad6e55cd1712de262c6dc189c656d

SHA256
102dd8d737a1ae02374180e837db4e5350d84fa9d3be4dce59cd8039968db098

SHA512
efd3faac512d1c48cdd314f59d48f5145de9d37e4f0f69def5343756d960087954a7dc3195fe7a2644bdbbe5dae96c2252bb4f4cef791e5e4554942ea7c8bb90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ec95f0018098955390cd0f0afbe3dbab

SHA1
e5eebdd5c25e4e18d17f445cbc4bceeb46640659

SHA256
9643b15e1dba310599d9602976b68a0739a729f7c0345eabd20e60a59cfcfe0c

SHA512
f9a072852b58ac03efe1f61297eca9b93c5a1b1cdbde151af0b48467f3f242a221ecbd4f761c3ca5cde86242309be6a85a9adc5157660eb91a2f3c8820bc32c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15fd0527b4060b624cf4267b4be34058

SHA1
83083f9604893ed15b11ae50225677303dd30935

SHA256
c7d20c47880662db308a9d4199476852b099b11b23b8784f55e82877097fba99

SHA512
f6c41b5181947e8a9c93fbeb8637a727520d5bbb734e98ad87171e4f5c93c431c617217c5027fb01c73db5f6ed1f7c3c970cfa9a64d5d675ec4d265b5c8c9e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b841ee67a1ab3026798e1f5a1598e008

SHA1
818081452c0f09195d50dd419b59e20bdac9d4c2

SHA256
055c94db1183a2f4e18023cfded233df1804596cfe40bf09503c27669f8aa148

SHA512
cae9b09d214511302f6b09d6f5657e5f1f07694bd30fb4251eac863aa28c1818b7f69db168bd1336e4c357ca0087090cc42c063bb3173df3cd8e53ea1baf4491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
82c0c6732bb16619ee95fe2b56910443

SHA1
effc1f8459efea4177f40ace1a524e69fdaa7084

SHA256
021369105b6efcab88fe422eb42fb21d8ea8283f42e7ba394bbf42b64e11be6e

SHA512
a3a492b8e62c4f972c6cc29ef13bd9ab9a78751ba9de739927114feb36e11223bcd2a28883f13675dba36ef22c830ca6a7285abe4bc2257f23652ebc29f77414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
0f4ac18eeac5896146c665bb6b27380b

SHA1
759c6738ccb2e1503cbea6fca9f1424ef43f74e2

SHA256
ab15d2866729689ff25ff7727ad8c2b100cca47b820d37d610714d03015b3dc5

SHA512
3866bab65bc549fdc5ca9e8b5cefbf93b1db4200fcac993d481623225e879513d324651e7d48ba9ab3ce76be86bbc57a939a7dba28cdc049aa92ed43e3804e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
62b86a1194d256b31fae26d4a7f668a3

SHA1
9e96d1cdf16ac1ea84cd72e8460b5e20c7392866

SHA256
34bd0fb0ac69e9ec068ccf2341cc6227729d5dae89d2a67a5cb9af06b4df78e7

SHA512
cd56a34389d9cf90e3fb802da4f3b3d50a74067801b57f572c0eec07c0cfb151a2a9089b7712760dc6dd3f9282ca6c42b2752516ba36c04d2a78c8ad8fc39fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
672560045feaba80dcaea35ba1713de7

SHA1
a948b1f04623ae1a0679340674fbf8f5e635d11f

SHA256
59bb512e4959ada25681bf9a4f46ac41a1ae45c0864e657f7ce94bd018644211

SHA512
d5a70c1098f643b49515fbfd46b31e8bf48d4266f752dc6990cef5e8a15f5b64b0ac480d28a72f87c5550c58d658d5dbb4003b9fc6eaa1b91ff7850480e22fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584b9a.TMP

Filesize
539B

MD5
8f6624d7092901e1ea32278fb9c3488f

SHA1
7e5874d6e4c96b6d79b36d110e38cb5f410e06c7

SHA256
9c352cf6494c0ba4833168a6c64c92961d5fd5d732e4632fbf6593332630926c

SHA512
616af9b2c18c7873d89c260425a2c7672a8d8b9a08052ba9a3166318c814ee7ab090d71393cfa56d7278ab75cd7e541c9283df01e90d72b7a1794db96b6121d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d0ebf973b49d44a14dbcf197e52ea7ec

SHA1
c69985b81200a16f07805d9f7a3f329ad46e47a7

SHA256
77ce026b53b962037279c783c51d0891b31f3e029685e733ad569559368eb0f6

SHA512
075d52d5b5aded9c085c5125e80ab9ef0166d97e5a99f6d0cb9ac22c0b3d7a5c452a21f11e532cf1613bc1bb6233277404d897e27649c76e23fdf6e6afc16e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
70ede078dbe45621b20fc49f3c0a4d98

SHA1
24ad29985db033a35196b1e17f6a85751ef5a85d

SHA256
025c2e87b3847e93e9450aec0688fde63c7a0c72845a4ba8c841f627416f76f2

SHA512
b559e838553439874ad160a582366eee8e524f78438a119539f42c0211fe9e12ae991998eff944a4d98444c90616f8169e427bea44b3807c6aa4aa8b31f154e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit