Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 15:50

General

  • Target

    https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqa21wUzVBaHF0V1J2ak1LS19yeTVjZ003WEUtQXxBQ3Jtc0tuTmh5Ny1PQzZkTm52LW9YVU83RWlVX0NyYjF0OWF6a0NMS2ROT29yb0QzejlrOFZ5VlMxOUhidUNTZEVSQ2tseVFsTnA1ODlvSkN3YkhYbXY1YmpxbFprbWVXUFZRaDJTZU9lNjVqZ21QSmFOZkt2Zw&q=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fa1fgw4fuh0tjb4f%2FRoPro_Rex%252528Open_Source%252529.zip%2Ffile

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqa21wUzVBaHF0V1J2ak1LS19yeTVjZ003WEUtQXxBQ3Jtc0tuTmh5Ny1PQzZkTm52LW9YVU83RWlVX0NyYjF0OWF6a0NMS2ROT29yb0QzejlrOFZ5VlMxOUhidUNTZEVSQ2tseVFsTnA1ODlvSkN3YkhYbXY1YmpxbFprbWVXUFZRaDJTZU9lNjVqZ21QSmFOZkt2Zw&q=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fa1fgw4fuh0tjb4f%2FRoPro_Rex%252528Open_Source%252529.zip%2Ffile
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:548
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff9303d46f8,0x7ff9303d4708,0x7ff9303d4718
      2⤵
        PID:4472
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:1936
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1944
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
          2⤵
            PID:4020
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
            2⤵
              PID:1488
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
              2⤵
                PID:3564
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
                2⤵
                  PID:2208
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4460
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
                  2⤵
                    PID:1580
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                    2⤵
                      PID:3788
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                      2⤵
                        PID:3208
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
                        2⤵
                          PID:2484
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
                          2⤵
                            PID:5028
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5816 /prefetch:8
                            2⤵
                              PID:2696
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
                              2⤵
                                PID:4616
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
                                2⤵
                                  PID:4240
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
                                  2⤵
                                    PID:3320
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4692
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
                                    2⤵
                                      PID:4292
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
                                      2⤵
                                        PID:3360
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
                                        2⤵
                                          PID:4804
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
                                          2⤵
                                            PID:5308
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
                                            2⤵
                                              PID:5380
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
                                              2⤵
                                                PID:5676
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
                                                2⤵
                                                  PID:5788
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1
                                                  2⤵
                                                    PID:5916
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
                                                    2⤵
                                                      PID:5928
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
                                                      2⤵
                                                        PID:6092
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
                                                        2⤵
                                                          PID:4044
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
                                                          2⤵
                                                            PID:3416
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
                                                            2⤵
                                                              PID:2768
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
                                                              2⤵
                                                                PID:1948
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
                                                                2⤵
                                                                  PID:5684
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
                                                                  2⤵
                                                                    PID:2656
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
                                                                    2⤵
                                                                      PID:4124
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
                                                                      2⤵
                                                                        PID:2988
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
                                                                        2⤵
                                                                          PID:6268
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:1
                                                                          2⤵
                                                                            PID:6280
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9260 /prefetch:1
                                                                            2⤵
                                                                              PID:6416
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9524 /prefetch:1
                                                                              2⤵
                                                                                PID:6528
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9676 /prefetch:1
                                                                                2⤵
                                                                                  PID:6736
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1
                                                                                  2⤵
                                                                                    PID:6808
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9980 /prefetch:1
                                                                                    2⤵
                                                                                      PID:6880
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9864 /prefetch:1
                                                                                      2⤵
                                                                                        PID:6500
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9664 /prefetch:1
                                                                                        2⤵
                                                                                          PID:6508
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10304 /prefetch:1
                                                                                          2⤵
                                                                                            PID:6524
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
                                                                                            2⤵
                                                                                              PID:6660
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10496 /prefetch:1
                                                                                              2⤵
                                                                                                PID:6668
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10468 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:6676
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:1640
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:7052
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:6740
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:4600
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:5908
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:6832
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:3880
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:5876
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:5872
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:7100
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:6868
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9712 /prefetch:8
                                                                                                                        2⤵
                                                                                                                        • Modifies registry class
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:5048
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6968 /prefetch:2
                                                                                                                        2⤵
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        PID:804
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
                                                                                                                        2⤵
                                                                                                                        • Modifies registry class
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:5704
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
                                                                                                                        2⤵
                                                                                                                        • Modifies registry class
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:6796
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8
                                                                                                                        2⤵
                                                                                                                        • Modifies registry class
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:2252
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2100,15011642449181420619,7237313857069085291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7184 /prefetch:8
                                                                                                                        2⤵
                                                                                                                        • Modifies registry class
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:4088
                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                      1⤵
                                                                                                                        PID:4720
                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:3508
                                                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                          1⤵
                                                                                                                            PID:4636
                                                                                                                          • C:\Windows\System32\Notepad.exe
                                                                                                                            "C:\Windows\System32\Notepad.exe" C:\Users\Admin\Downloads\RoPro Rex(Open Source)\RoPro Rex(Copy)\background.js
                                                                                                                            1⤵
                                                                                                                              PID:6244

                                                                                                                            Network

                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\82409a70-92db-4738-b896-4e606fd8f443.tmp

                                                                                                                                    Filesize

                                                                                                                                    11KB

                                                                                                                                    MD5

                                                                                                                                    98b462dabe97d1bd6ed6baa0d69f9e77

                                                                                                                                    SHA1

                                                                                                                                    5596b0c00dd2964143aeca14817b3feb52d2efbe

                                                                                                                                    SHA256

                                                                                                                                    9cfb04b4087d22d891444ed83e98b496322596a29935c2ae84473aff1e249119

                                                                                                                                    SHA512

                                                                                                                                    986d259499ae1a68ff15d5da8a17c00e8da05f486384e898142223e78266dd12dd91f3b2772b3865d97a7bfadd89828a1b441d3ea15ca224780c49d82a748233

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                    Filesize

                                                                                                                                    152B

                                                                                                                                    MD5

                                                                                                                                    537815e7cc5c694912ac0308147852e4

                                                                                                                                    SHA1

                                                                                                                                    2ccdd9d9dc637db5462fe8119c0df261146c363c

                                                                                                                                    SHA256

                                                                                                                                    b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

                                                                                                                                    SHA512

                                                                                                                                    63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                    Filesize

                                                                                                                                    152B

                                                                                                                                    MD5

                                                                                                                                    8b167567021ccb1a9fdf073fa9112ef0

                                                                                                                                    SHA1

                                                                                                                                    3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

                                                                                                                                    SHA256

                                                                                                                                    26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

                                                                                                                                    SHA512

                                                                                                                                    726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    ba1d64d180d60c594b5f23f6a9ec5dcf

                                                                                                                                    SHA1

                                                                                                                                    9cfe4368bcef7a3848df31e47c1a004c429d50c4

                                                                                                                                    SHA256

                                                                                                                                    f1bcd7a3c72017b30b6b0d480f37ca5e8b9ffed025c8d42f56d9e3cd91fb1241

                                                                                                                                    SHA512

                                                                                                                                    8abec1d56bfa9c2062421bfb1c7181ff3f6021460e1073c5e195943b3f15fdd9d80427a6b27623f6cc19a1bec1e8d5c9b9602ffda80de779b86f653caafe2674

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                    Filesize

                                                                                                                                    11KB

                                                                                                                                    MD5

                                                                                                                                    154df9bc13d3e05b71b835066d1aaed0

                                                                                                                                    SHA1

                                                                                                                                    40f659e6728b630e69bdec1882d80f36069ffdd7

                                                                                                                                    SHA256

                                                                                                                                    9356bc99a8ab447a092758b9ea264b5e3ba8a652adc879dc0c41d6eae0027343

                                                                                                                                    SHA512

                                                                                                                                    23aa32175dca9c060a8050ec2e041507c7351320a044dec9c7ee0710800f9e44039d75041571e788cccdc4935f618f60551fe528b17d45bc6eff15f39b7f1c6e

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                    Filesize

                                                                                                                                    17KB

                                                                                                                                    MD5

                                                                                                                                    ca98595f0aa5794eb8815df3fed32902

                                                                                                                                    SHA1

                                                                                                                                    a7ba59fdf3d0d5790533a97784e81982ec79bf16

                                                                                                                                    SHA256

                                                                                                                                    1f3f4722d7c17206202633b9fc248e140f960350d4551599971e85a15f12ca90

                                                                                                                                    SHA512

                                                                                                                                    c4f947601fb692ba91f6c597775278f4273000a8220fdd988a5259ee61034efd83159ce8d1669eb27113f1fc984e1dd1730b3c16e687b180dc82cca2e20ecfb0

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    b586bfd05d431f755382fefd4920c968

                                                                                                                                    SHA1

                                                                                                                                    2ab9cad4c5ea270e3ec6d31f7f8ef63cb06f5584

                                                                                                                                    SHA256

                                                                                                                                    076893b1bb718e69c73f77ea88ee480ed59aca0a7cd0e09f7c7cdcd8e8446760

                                                                                                                                    SHA512

                                                                                                                                    fac5dc3bf756f7eab45dae5079f8052042710998966de1ea4ab3ea54e3db5aa53cbabbf49bcc4c48cfe93d26375c798ed860e088fe524f5b0b3a180c70962d56

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                    Filesize

                                                                                                                                    9KB

                                                                                                                                    MD5

                                                                                                                                    717a167e5e4796ecf64be220eb43fdcb

                                                                                                                                    SHA1

                                                                                                                                    900290b6641dd340a43354ee233972bcb1f46d52

                                                                                                                                    SHA256

                                                                                                                                    438fb3ab5841b68848a98518fcea3e48ccc7afa1d77c9c6f402e6beeebd21ae3

                                                                                                                                    SHA512

                                                                                                                                    4bef02cd3e1f66c03d847ea6f7b5f83268fabb4efc15f85438a7672b9d81809c5a8bdf73bd7305be5dd039e7ec4256e3830e764e2c12068827cfaec0d9c1910c

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    MD5

                                                                                                                                    661f854fd8c241a4d38fe1f227199b49

                                                                                                                                    SHA1

                                                                                                                                    0d7303df3bba2b9c0f1d4f8dfe957cefbe9b017e

                                                                                                                                    SHA256

                                                                                                                                    08ee882df44772b68355d6342e542b6d1a86b5409904a7cc3ab57eb0528c3391

                                                                                                                                    SHA512

                                                                                                                                    00431b4808b2cb5bd1bad04e600804528e9385593ec21ea2276a1c7cab79161ed6b00c1b84db8f335ce6efb6ba3ef91016ec4a4ba539480841d1f98dc660cf90

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    MD5

                                                                                                                                    bcd31770646b0a8305e3d559cebf29d8

                                                                                                                                    SHA1

                                                                                                                                    0e702fef7ae1b627475370c94869c2e518387ecc

                                                                                                                                    SHA256

                                                                                                                                    1152985f42c1530a438a1fed0bde1ec2b04e38488873654f98592bcea6f14c52

                                                                                                                                    SHA512

                                                                                                                                    a9e02bd9ae249e234da8daf206bf0095794f7c1643a05a637a166dc03c96e0e0f08c8ce9cc440d6f8f4452cb90d5dfdc77ea1cca0c7e63d6a026ba5f357b67f9

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    MD5

                                                                                                                                    9ee7649d4d48def095220b4820e50e45

                                                                                                                                    SHA1

                                                                                                                                    23f53319694b22124a31b103c6b5ec0054c168d8

                                                                                                                                    SHA256

                                                                                                                                    8bdc5548466a3718ea19db0387c4b4ecc46ec15f0cbc1a19d13414ab02544052

                                                                                                                                    SHA512

                                                                                                                                    84dba433bc0541900ed41f993add6432470e1d6c4775b2c21f871f8029ac881925f924df1bc8651137e27149a2ceb6ecf0115195bb33569e5d344ea4473d3481

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579bd2.TMP

                                                                                                                                    Filesize

                                                                                                                                    873B

                                                                                                                                    MD5

                                                                                                                                    7f958ed8a6dc1020501520fe0c9ffb6e

                                                                                                                                    SHA1

                                                                                                                                    c09628743f21b014ec679b5ebf9a278895591fd3

                                                                                                                                    SHA256

                                                                                                                                    75ca9577ef31f24e0da86fa87fde8963cb8a634dba99812267f26ef5c2207593

                                                                                                                                    SHA512

                                                                                                                                    a442fff8dfde0f4665a1d3c855ab843275cc633f7f32f46be0b9c5c248489a49d1a6f160a7317543b082739d3135351306205c378a9b393353317609f5482f3f

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                    Filesize

                                                                                                                                    16B

                                                                                                                                    MD5

                                                                                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                                                                                    SHA1

                                                                                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                    SHA256

                                                                                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                    SHA512

                                                                                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                    Filesize

                                                                                                                                    11KB

                                                                                                                                    MD5

                                                                                                                                    df9ae58e8fa4adef28e4bd36e8e11853

                                                                                                                                    SHA1

                                                                                                                                    719452dd1b2f9e4d42816dc668d0d428876d79c4

                                                                                                                                    SHA256

                                                                                                                                    faa5d480565aa4ba8c4cdd5426687f98ad6758a0d812b386cac5fa6fe4ed9d4e

                                                                                                                                    SHA512

                                                                                                                                    f6ef669e3565d6746a1e2051b64d04f8caa733ca3d11342b5b62b32ef20cddd441d1b2c34afe5c8bb3e0bed21b201dcb2221bab9537881221cce7ee998554662

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                    Filesize

                                                                                                                                    10KB

                                                                                                                                    MD5

                                                                                                                                    ea2111d0989417b79bbdafc43abd2192

                                                                                                                                    SHA1

                                                                                                                                    247cb5d2e023eea4fa25f62c70a3fba786a553f5

                                                                                                                                    SHA256

                                                                                                                                    6768cd78819fb8697e66e648abb600e9a4a2ecbb1b960d2dd5489eafbcd63872

                                                                                                                                    SHA512

                                                                                                                                    3253ad3b05d2759627517147a5abd19f743b825dc96b78c4c95b73257e031c6c8e931a622c2ae4edf172fc867106b0c49e4396753a717210291303dfbcad33d0

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                    Filesize

                                                                                                                                    10KB

                                                                                                                                    MD5

                                                                                                                                    d756d39663199087eda4a44e6e3405e1

                                                                                                                                    SHA1

                                                                                                                                    c3c681a0d38f171a39c47034823017b2d3d19315

                                                                                                                                    SHA256

                                                                                                                                    a1ea344b15bfa6971c4360db481e637a82a42d166917aeb547487cfb1591c782

                                                                                                                                    SHA512

                                                                                                                                    92c080d245ea6254da3a9b95e4c3cc43d625c0c50aa45f7e43a68d7fcdef99ae788c79e9a0cdd771c4c744e481dfcafb454642c27499a76e005ff021e0b1433d