hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa01hMDlrdUdaamctM1BRVlhjWDFnLXlfZzdoZ3xBQ3Jtc0tuQ1J2WDJhMjVYcnE3ckszQmVBRm45WDdsdWNIS0t5Q282ZDFYeF8zZ01kRWhRaTFmMXVtN09mc2hZNHk4ZkE3bXlvSU1wTzlTYnAyX2V3YmlVbG1rTFhjQVhIdjB6ZG01MjdjZGlNTVdaYmJ4c1JDWQ&q=https%3A%2F%2Fwww[.]cheatengine[.]org%2Fdownloads[.]php&v=yHRdJsVzViA

Resubmissions

25/08/2024, 04:23

240825-ez3qcawcrn 3

25/08/2024, 04:20

25/08/2024, 04:17

25/08/2024, 04:14

25/08/2024, 04:10

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa01hMDlrdUdaamctM1BRVlhjWDFnLXlfZzdoZ3xBQ3Jtc0tuQ1J2WDJhMjVYcnE3ckszQmVBRm45WDdsdWNIS0t5Q282ZDFYeF8zZ01kRWhRaTFmMXVtN09mc2hZNHk4ZkE3bXlvSU1wTzlTYnAyX2V3YmlVbG1rTFhjQVhIdjB6ZG01MjdjZGlNTVdaYmJ4c1JDWQ&q=https%3A%2F%2Fwww.cheatengine.org%2Fdownloads.php&v=yHRdJsVzViA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
5000	msedge.exe
5000	msedge.exe
4276	identity_helper.exe
4276	identity_helper.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 1244	5000	msedge.exe	84
PID 5000 wrote to memory of 1244	5000	msedge.exe	84
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 4184	5000	msedge.exe	85
PID 5000 wrote to memory of 3044	5000	msedge.exe	86
PID 5000 wrote to memory of 3044	5000	msedge.exe	86
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87
PID 5000 wrote to memory of 2464	5000	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa01hMDlrdUdaamctM1BRVlhjWDFnLXlfZzdoZ3xBQ3Jtc0tuQ1J2WDJhMjVYcnE3ckszQmVBRm45WDdsdWNIS0t5Q282ZDFYeF8zZ01kRWhRaTFmMXVtN09mc2hZNHk4ZkE3bXlvSU1wTzlTYnAyX2V3YmlVbG1rTFhjQVhIdjB6ZG01MjdjZGlNTVdaYmJ4c1JDWQ&q=https%3A%2F%2Fwww.cheatengine.org%2Fdownloads.php&v=yHRdJsVzViA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd171146f8,0x7ffd17114708,0x7ffd17114718
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1676 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2372 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1806984313005336783,1511578007254339839,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
50KB

MD5
35bfeeefadbbbe12cc216b996131a79c

SHA1
55460042ee865f8c2242b9facfc3cec183bc7d36

SHA256
ebe1a315d6725c8824a61b7ff622274ee923b5d5362f875e5c4b6758f8ee741d

SHA512
70044b0ec4708ee3cd529c5ed294afdd5bd719c01c5cb09b33990ecda644f1c9f8e0a96b6d1214705b9f8172ab5f1bfff8ece84d2493caf45a525fbe8ce897b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
103KB

MD5
7af64e177579ef6db12f5fbfdc8a919a

SHA1
ce91ec5e6a5b319e96374860e6dcdcc7c45f22b4

SHA256
cdd2a7e7ceaf76257f2bdc94060f36b0a7918a70687a86da309417184597f23e

SHA512
a2e16be4e97ba22a0a4aba9953e2950c41c4f3fdeede664a8fd8574492a49a41c3dd8af5b8242a474dbc25ab87242111bbfd44fd19ce90e1b603f7c6cd79619a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
65KB

MD5
cd9aeeb4c3c8323cba74708d925180d5

SHA1
ff8f18f879516620d7a6e86278ef8f3a76d08b16

SHA256
cb47a45735a7684ef60c7dd292e75ef64dfc00f0540e808a2c6a59f7c85e91d8

SHA512
0d8664fb64232ce345e92a5d0a469dd22dc974a3486b8b160a70ec5f30f187d7a85e020e7a2f65725e046b8575bc7f7c144e273ffc549bed78721bdb7f2ae1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
141KB

MD5
f7905e6e6ed86d0ad0d07cc941f1796a

SHA1
0c588e8bfc49b5cfe9672ba64829b5c34e69e400

SHA256
a06f947830bfb9a53580ec7a73dda96c3b65404d590b3c84dddf16d97a239ca0

SHA512
66c88a87a073602e74fd55251a2e972343544341e7b3a9481b2f2a72d3b6f7ec4a32105713024e799f40dd121be0509e3dd3394dd4232ac55122336be427ab27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
97KB

MD5
7286b9a3d3489e7258b7e4faaa03aedc

SHA1
62aa61d73f4cfc62604ec0bf51a806a3bcf9132e

SHA256
96f59642480d24de53a5eb04c1cf2619ec046578fac12fe3240cc0fa3353c0e4

SHA512
077efd94d2f2702ef7f6196fe02763d20ee3d34833641266e5f8ecc7fdf4065379752da29d737390051751996ee6998cfab3e46cf6f5e94b7a215b657a9da95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
32KB

MD5
3358db6a3157a3396942c2d0ba141395

SHA1
bf73b2e57948f8e9ec296ce0c745967231e64b19

SHA256
b5f30f93ffaeb0203cb18491f66e7b2e5aee2c66fbc23f1e34b5a4e2ce30af71

SHA512
acaf8be145601dcd005de392c3e00a7591f0ef789bbca486bf7b0d0c7ee240720944fb180b00496da81b2fb9345142705d70e162be34445b7a5c4fdbbc3738c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
63KB

MD5
e4cc1ece2f2425b10ae2ccc212c1dafc

SHA1
92609e6d0093693110baa23758382889bcb30da6

SHA256
92e9415d8bc8529e2a3f335258ef7ff159cce2965ce3b2b7c15f73720efee809

SHA512
2848dee3a6da891b7044518bc97aeafd340705cebe846350b9a7f314b52450f1eb977b8b492638965ce4674ebaa341e4f832438199c3cad2fb0a0793ef83a619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
9708e5224c10eb91f435950128a72070

SHA1
cc66f87dad487f1db80dc78942a7016d26725ae9

SHA256
834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d

SHA512
8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
8266eb9d769b0040c61f9107b9233d0d

SHA1
7d84098b0f5a6b1fb73333838e071558086938da

SHA256
389603813af8808ae7ec8ca4f2bc326b15e4c2ad5d86eeabfb271ac4d170b923

SHA512
82854e09e38363bf682d1426cd72d2efe770a58531f8b006c80c32718229cd9699c6db6ae4afe0a5ba64504a08b16568e53ec8fdf2702b5abc41ef7711f011b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
a60ce691784ade23e1f0f20d477528f9

SHA1
613b7807e8d20c5de27210be25bb45f7e8b24c56

SHA256
b0a17a84058865b080495251a98854ddb9cdf9b2ceb1c19551fb1af34618bcbe

SHA512
bebcd6ecc1dce3737df8e832349e17db1899459dedc0e9163d937f2b3257f4a9abf3cd2aa7a797b322137dac8bf00971774c2b741a575310f20150376785b9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
30KB

MD5
7fc4052cd860d6392c6c219966ae3d6f

SHA1
e08dcd144138183c8dc96162169830b5a8eb56fb

SHA256
b633d52d577214ad2d7aab92b1bc94a3817f717ec0579557078c1daecf45e0d5

SHA512
a40b27724304021cd8bae97a478981f8fa4bd17e16bacd377a81aa034ed2c5f185b206c950c0ff96ee35af5cdbb3f5bae64ba61f99f3d988e52a5a193a7c92b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
26KB

MD5
df28dcb873eb738b541879d540c100c3

SHA1
10169e9a7162b7d13a065f2e3cfba407841fb01b

SHA256
0c76b8ae1c1677aa969cbf9551c32257023b7e6ae2077eefd3119c498b978d23

SHA512
7005641cfed488c194bf24452a3c9f52ecd0ed1b8b6784b27c21a1e06d47b36076913252510a3f5e886b44fd5d65952f775dc1de9fa8ada0a6246f572f3cc83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
25KB

MD5
17ddc750dd57883d3faf7b75cd41c157

SHA1
b0c89f4dec8eb75256ca7168fe102c55b0c0f67a

SHA256
a0afa8178767a4e9906103cd6d9843853ab1654599c840fe8fffcd459d0e52ac

SHA512
94548fc52f8b932a8e2e6b814122a3f4b9081042aadfc534a13afd3090aa9cf5eb1689296c2c3b1d24047d42d205cb8272919681b5c0f00fbea14a58a30f9a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63cad5f4ee91cafe_0

Filesize
3KB

MD5
4bca958731392c6ecbf2882a21994135

SHA1
399c1a3f0de32c24774c53ba598566b185ad3640

SHA256
3584244ac7a5235a00a53cf5248a4eddf915bae3d0007cc075585907b29d17bf

SHA512
ab9e3d867710161639c1e27745a8fc5a3eccaea6257336f5a62fe0a9c3dcb8e01fcbbc66fca875f36c2ff2010d627ed817331367773f7613cc469285aab83b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0dbd3c717c7f711_0

Filesize
32KB

MD5
faca953318d0a43cd76ba9613b68b533

SHA1
0800eca22a5dc4a34af12030e708053ab6e7bebf

SHA256
59f9157f09396b02c2d05100700d8fa1a40d218fba7a2bf504db5d70ef4b88c0

SHA512
6f1980b0117bbdf79104a40e2d9ae43c2b6437f9288de77de88a12457c80adbaa52aa8995de887cd42ceace866c3f936151573301683e89bae6f08b0d1b34f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
202c76b2fe0e9a3545bcd2b853a8e3b1

SHA1
08b38691fefc730854a9fc1328a6c8bb4cbbc2c0

SHA256
11daf892df73266d88b0da01098237ed239d5574dcde372d3bd1cb556fd66c33

SHA512
2101097ca763b14ef1998a1068f3b5ac8a8adfa6aad377a656d30158c84b6e32020f0a0335127094a98db34579856ef0fa276eb4dc47fc5d50628bec0c1c9388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bb65fd25edff068e030a162824247474

SHA1
3af9123309c149e52dfd81243bbdabd3a55e3c76

SHA256
4eb07b38392bf8f6853b68dc8826d08b35fb03de3ea66a32fb7f87ad0c435c65

SHA512
524b9a2220be91d7ff9bfcbd0a29c8618a10d7a83a5e21e46063a7fbd3435a440371e9ca3a63d21fb860edaeecbd13664b5bd631cf9c8f0240927eb076308462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
784047f349b24b5767408f82598bcd22

SHA1
cff3dcac45c3550f72aa9342357d53e57b5051b8

SHA256
668e7eb82b2d351ce1867f2e1577ff4ffe6d2d4f932cd7e8f091f5f813806985

SHA512
39afedb5122c9a8e9f9eb7bda54fde206ef178e06b839c8115fa07a0abd877c52555cd0fce17a52a9b1105318f16886ff08be550f6f036aee8bc1ae0391a9ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
30d2bd938a55cdfbf5c70aa7cc35ab68

SHA1
7219f105bdbb032d9a568e38835ab9cd7859a907

SHA256
f8914958006d6b8bc581f3bbc12b998ea5a7a2ff50c32ffbd4b39fae41f48c04

SHA512
4eb49866e2be198c28d4a1ee8942c5fbfe157ff6695f7898379227174a49d260926a86c951a31e454b644bbbf27d5467ea90d3d343513322396ea65f8e2d9ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
17d019cbe7bc789c0d5d0f106a0393af

SHA1
8f371c246dfcfd962a5aafbc13b7c2c6e72ba562

SHA256
9f9a8c09989f708b859ba2af1eaf811c6f03ef7d411295154c9d8fc85c28e439

SHA512
eccce09c0c646e35f061441159277bfc479620f5a8292820d1333d06dc851d04878353a3a3780fa36c9aee149938b4dbb9167edcba64bae46a350e25cd2bcbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
026de9d2e99bb8522472f51c1b202511

SHA1
dec075d6b8b9aff77fc684e2b089389fdaecf888

SHA256
77fe1c85419940e4717f8117a88785a4bbdc635c04702d0120ce188eb6e5f1a2

SHA512
990be52585b4805ec9747ad24812b250e60f26792bee9a31da5b7ddaedfba6ba7c480f6aa095e90b74789ff579109ea8a330667864dc4d585ea5b952e368a0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5792387a9e2086f121c4602a78b96312

SHA1
d4405c5672a6e408719110638087534751a9344a

SHA256
daa8cb93e471ba9febd1515f347fe116c3498847774b91a47834fcd2c1008aeb

SHA512
b9cc95bd0e71c8ff8f22acc7ef9936b594b53431eada8fa5f3aa3612607fa22af69a558dd594c5c840cd5fc69612fca1fba73f412c8d70583a6437c3120af1bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
83d4265595b42399d698bb13d938efe6

SHA1
e3281bc10acc78ff8497c479a2ed2ca75612c3ae

SHA256
71db326b3b7a704a8407641546d9c0c76a672385d622499f7d6cd419f445af06

SHA512
58765d7a38d64fa9462208dab43a1711de0bd816272a0c8dac9b41363ba780e064f23041dff486d280e97b1f961dde2da72b3fb1fa0e277a2f143ba436a1dd23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
eaa1c5935a2849f5436c48eefaf077c6

SHA1
52a7201d9ecb5c482604915d1db20f6596708ee6

SHA256
b1c06959b073ff51f478912d380bd133cf6fd1b43202f96ca8f1fed8c3bfd751

SHA512
63e66f1a2b113e996ccc6b2f0061e5e773d5c0881f4bfd27619ca9b1acd8f9077ea0cba72ddfe687602b0ea21375290f15697933981e024a6b9c0ff4fbbb5b33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
838c12263f8da733db71b1618512d3c3

SHA1
d13402363f80f5deaa1c2b5d62782a6f0a8d39b0

SHA256
0e1505abd13604d2e2fac2301509c8ab042e3e348b6fd1ca8615caaa5e19b428

SHA512
ee43293045df74e550f600cd39621b808c65cd74c24e283ce23e87bf4ab4147173a3b33c2e1fd1be3c3c7737dd5bd7a24678910f9b7d5ef5b266d37e50293efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2138f0f59f7761cab6e6ea8747d5c595

SHA1
910b7792951d99b9069e832c0d618aabacf851be

SHA256
4df4a646d6e84f9293959d2cde3beaf4bc6fee8b579d7f96856c79af106aaa6e

SHA512
3c7b064a52fda09e90b80b5b3776f3ef3d62753e2f855b3909cac2ebc4454f89c8a56783fbe79a41b783311cb10db30c3693525dd9ff4e97960615208e08e01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
33ad7aa64c75fe39ab976e60d40243ec

SHA1
afff086162eba1287fd02031f38d2f4895f94b0f

SHA256
7d5b8ada374f20c77f42738f15fbfba50633ab09141e1f0a8bf87ac14f1597c6

SHA512
8b5e9f97f6ead4a53dc4fe132a849d74daab3ee2460cded492c3414501ec7e95a99662c2e1a6db39ec0d6a2b47f3243cacd35807120b6e74fd112ddc81070f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
316dbfc3348d8990a640bedace7dad91

SHA1
7ec904477f76e8af431521248b295289b7fd821f

SHA256
083acd2d04be88628920f4e44a3bc87ccc4032e195f4d819c0d4156697a76da9

SHA512
289008276e5ee84bd66aa8f174290488aef9e1ceeeb35f805c98e160098df929b1d0ce70bbe5ccb45cd58c000b2e3f4a1b78b985721296639ea8255341e53b9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
040cd246ee4f917770f70e3c3aa1b819

SHA1
c5214944f4fd7061063f2178b568e26ed31b92f8

SHA256
d86ff640df37261b54da576c38b87133b2d61610a6480c792a1d9928a52b1fac

SHA512
0d5aa88bb4fbd11e3c8da07d26ed040f121ed536bf32a5cf57fefb545025475b9985e3bb02f5b96a90f7e422fc19de1caf3733e7e3c584b5614f4bb55b7f538a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
86e34014553dedce78f9dfb23cc00ee6

SHA1
41eb77c3744b418bd07a9adb199af5b3ffac324d

SHA256
d88c8789b6127d47fedb222206d38fb37fd05e8c7649e6e35389d7e3da23612a

SHA512
a5892dc42f691f605193bca9b89eacbcac14d3438d0f682a795e24f13ed28bc78d9d0f3c4d4a2651c15fba742d8cab3feff4d0517770741650daf57b3d3ccd59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
36a06fcea7bde7dceb69b8bfcd2fc3cc

SHA1
2a605b65ab36d0b5d93f730c8699768040a6ce4d

SHA256
c565ecb67496f026f4e3f9ee5483b751bb40180fb3ee60fc8859d9cee2917f17

SHA512
1546dcf8ad66ebd0f3c6159f5c0d32dff9b9505b3388b8b7f91fdcbf7ae726348f5e39efe2f07af6bbda0996d3e53a59962f40dcdfb6897ed2b1b9555bf7a27d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57becc.TMP

Filesize
1KB

MD5
b41a3977b2efdb200128e2fd471f5e78

SHA1
2d094c11b56cc057225ff0efcd343519b90ba013

SHA256
26e9b6652dc2bc3c469b716955198ea41661c1d23bc3cc94e27f873c9f11655d

SHA512
ce920a4fdd000f936f0ae9d9f2f3de1b39d24343203711463dbcd7dc050a2c1bda78fb51866207d0f4962c72c9589ae00fa2ed38c733ef394521b46de6159549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
09145caf16b1c1defd2f44d6bbf8edef

SHA1
c4f25a2f915cc63f02fafc03fd217f974a5c957e

SHA256
93db3c21d28c195eab8d23b928d2c4b4c6aedf687779832bdd3f2f613ba74d6e

SHA512
1c0dd612f78c4acd37881e15bc7b4cde09f792ad82850741a121d91a4262e784ffaac69fbedf48a1033bfcb66b97038d2ca1b675ed272eed5e4e61b7a332d2ee

Download Submit