hxxps://www[.]mediafire[.]com/file/8lnjkl7b52xer0w/UndetectedCheatEngine[.]rar/file

Analysis

max time kernel
1680s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/8lnjkl7b52xer0w/UndetectedCheatEngine.rar/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
2172	msedge.exe
2172	msedge.exe
3964	identity_helper.exe
3964	identity_helper.exe
3244	msedge.exe
3244	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6140	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1864	2172	msedge.exe	83
PID 2172 wrote to memory of 1864	2172	msedge.exe	83
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4724	2172	msedge.exe	84
PID 2172 wrote to memory of 4984	2172	msedge.exe	85
PID 2172 wrote to memory of 4984	2172	msedge.exe	85
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86
PID 2172 wrote to memory of 3076	2172	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/8lnjkl7b52xer0w/UndetectedCheatEngine.rar/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b75546f8,0x7ff9b7554708,0x7ff9b7554718
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7548 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15457460287950939016,16135035636744948071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
1KB

MD5
c6150925cfea5941ddc7ff2a0a506692

SHA1
9e99a48a9960b14926bb7f3b02e22da2b0ab7280

SHA256
28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

SHA512
b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
276B

MD5
165ff9bacb87106b616ea038ff6720ce

SHA1
50009e213ced0ff1463826376798363467d869bc

SHA256
66fd351509950668352337dbd670973015b52928e8dcb38e5005d0100a5f7ab6

SHA512
b336858bf77bd3c07d59d94fedd9b57b5b4da0fcf6020bb2b3809f40b1cde251369cc9792c6f962fb9224e6ca503f3359e380af62937e3b65fae1ee1cd90c25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3ea5d71f-8c13-4651-8c2b-ae75ed5d1d06.tmp

Filesize
10KB

MD5
e125feb143d5bed0a67f24b0419394b9

SHA1
8d6da6b3eccda3c04d3ef2aa0a2c4cf8588d3ad2

SHA256
8294b369bb33dfc04a684adaf6d09caa61d91a3d636e580d528b86e7f7bbabff

SHA512
e1f854ff1acd01a03195090c32995c07c22c55cb6be9def4c4084d66112bf3f4fd619c045894612e508c6fe8c9b0d350bf70103cd44c7cc3b7bdac761428cb9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\149987e2-492c-48c9-af59-3a79e62ae34a.tmp

Filesize
9KB

MD5
6c836f9b68f860343a23e1afcee5becf

SHA1
85df78c809998342cc76a4fb770ece059604295a

SHA256
223ad84d959a1ab7793441776b780af5ead86ba988e5b0c430cc8a7a720d0d34

SHA512
436584740ea26d0d6c4d6add0c794ad46c3e7773a28b8750c517f989949fa465b4566570ae9379b14408b267e80987cf074c0f2d3230c976f877ee6ae1435c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\34cb3643d6540e4d_0

Filesize
335KB

MD5
c1ea5f7d637f7c6ab6171db07c384930

SHA1
e8bcfdfde8568283ae2c5ce9a7e60991314fc57b

SHA256
67eefbcc12feb10b2d6676f491dd42ebed4f8e50fbba41b0ecd1e7e2ca8d5d22

SHA512
970fe9ce0c1db41aad19d742557e0506b638cec06a175ad73847d98b405c2e66ab0b3602bcbe815efc828bba90d4ee25b860193a9ebc03f3ed5a6327ebcaca5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\41de50aba1fedf1b_0

Filesize
144KB

MD5
0cadc29f024be08c1a787de2622cce4c

SHA1
bf53fbc5c7bec3365c27cb5449d72463090f4b52

SHA256
bf4bd09272e4f8ee35988646bfccaf1303ce8704a4607ee094954a0b9854d5ae

SHA512
f3e1250ce251482bd999d869846a73c7ba0a27e1a6d2d59f25f2e3d32247acb4aa3d3b4c1d8180d33f629c3744736bdc770dc55de532cb38e6ea8570b65eb471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
bf1b10552e6efb68c639fb6c9abafa72

SHA1
fe03bbffe81fc24a9a10e8db6542892bc21db925

SHA256
31070edd9229aaa56a0d89a413e7dd17f29fd66c1b90074853d419a2991754fb

SHA512
db247b6cfc96e959f528c9ad15be6cc82fe765c0134a6cb758a823b67b8bd615c1a40dae7322b12570f4460b1dbd5f414c65ad199ec69e9647a907be309346d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
54KB

MD5
07501a022b53d16d962a5ddb6160f658

SHA1
6d83fb0aa653704221c337e15acb07cf77e7ec64

SHA256
4b13741483b6a0d81ddc55d3218105af69215c9deec10cfcc1833639d90a38be

SHA512
d5e7fbb46a2b5e515d359da6256023d924f791afab1cba1081a31de2f18195336319a85c8da4ee4f498ad22d1b1c4637b87b776df3fae0e93c8557faeb6cdff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
21KB

MD5
53244b9210e197d33f91d40fba5e0c0a

SHA1
81e64d676768f94d3f7100ba7d3cac08316970e5

SHA256
c5d8294037267ff56f839feaddfa50136a58d74f45d02381bcc7d8209ee44b0d

SHA512
6696b356dc2d4f794c22816ad881486c1dfb8d724f74e9c0b46779bdd2dd93ecc66b12895b54a70e581465c2516c03619437850ffc63274c32c4310719f136fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
b64d0ae09124da78f92e208e9bc3053b

SHA1
76653a47794e273e39095b6ce7913bbb6a4e55db

SHA256
b427c640372de175d134328169b927dd0a7d19f7827f4938ce09d05ee584576b

SHA512
267f4dab7b8dfeb4697746fe7c0b3a7385b0f6cc2d4265e145213cd2c474b36e7bb959588c9848b0151e476001ae2646e9c48a3e2c42768d4e07b2dd8875b45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
14KB

MD5
37316e168189b81442f33339e7726bc0

SHA1
ae7eec4b5a54f89c5340792871f518d7e649401f

SHA256
ee7467bde9eb79896c7fffc81785d644c9d6be78024cfd8f6f26fcc91b69c027

SHA512
53e8738b90c855ab76e4a7e8826f486cb55df617ba5efa4490bea0c7d86ede583f5bedb4512a9078e8bfc687f3a5dbb957d6ecb6848d159b153aa1ced54e5243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2f20666faa9c45c6152d8683af7a6f12

SHA1
0eb1d083fc385bf8c54b8d363c8d6ecf5e3946f5

SHA256
28baf0791f7a1c82ed69de630e972e0932f858989b182c2fad35ad5416fd833e

SHA512
751b8ac69c7e2408dfeeae6b3383e9b07f39404666ddc963fae8136a26a085331e070a1ce965fdc892beb1644d94af972bfe868de780533f729fea5c82974876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
52f63d17cb135a1d7e0574db7309f95c

SHA1
e68486d221f5cabf4388456367596ea2249b0e98

SHA256
45f5cd5c0da29e5093d0ae88d8e915d709cc5eadf3d2b172d97328ca5cf6d9b0

SHA512
f2638af95a1974306af089918849191e1deb8dd4bc87085f126d10b286cc22631acd76d0ce419a328e99f86e7d59534a4d61da0048e003967168b6b7eb7a2c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
af9325d9e08760b4bc81232dcea3bd2d

SHA1
4dcb673459f9ced8d2ed2cdac805476d3d96c83c

SHA256
0dd134191eb869e9411a7632268b00be3ba376031ce4096b011c1efb603c0150

SHA512
ae2ec77636e1bae06a52814a71fa2a0f9c50d52cf27a2b7ee091fc4959bc0aa98962725cf8314bdb8a03c198e9374fbce14032661d25e94b8f4ea7c2bcbaefef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eff08de600217aba4d9b8afbd8caf7e6

SHA1
6c965435f50035710c5dcf78d612e481da25c45c

SHA256
0e36c9ef3167a26874daaff7a442ebdda9528540a4f31bd8b7b50f4bcafa5530

SHA512
46464ab19c7d35cf81f3cae22039474522016e7c2ae58a995cfb15e8cef1a1697d01c34114f661a191c4bc59684938a15514dabd977697e8fcbc8ca2364dd685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b9988fa15ef45b6f45cae42fc30fce7a

SHA1
ea52c938992034b4b1610c3f6e5c72843ce9ef71

SHA256
02011d11459f623fd44ae1092d752d74c7e5e648523ab5efd6307be9ccfb223e

SHA512
471c5945c505f82d9724242283328f8b87f45aa75986a0d9095a57245c199748000a2b0f2fd15962d7d924da00bc9f30ed812f310dec58b5002c6ae1c4ac19bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
924e888f0457429c343c9ef75f910a55

SHA1
4dd5a7c890a1ef24fdfda919a5f3c73b11416c6f

SHA256
28b4da7d36dbd3b5ac5391bf681bfdf5636e1782f0b514ab6905ac48cbafcd39

SHA512
5473f0afcdef7447e82781f674dfcc80e80aa0cd015c0e609fb613e8004e7ec9589791f9e005bcdf8c5e00b10f54816f24c9518a1d00b2a65f8b943f8e02a5f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b8987e375bcd17cd05adf2b2e718c76f

SHA1
92bc4a4af81cb383ce0daa9c75beb76ff3cb34a0

SHA256
b0280fd23e0cef3c96a07f79fa7f32c40917a4af54f7651bca5396e9c19dc7a0

SHA512
b8697cf9b68ef38f4583f66d1ef9b8cc463b79fb4f5f8df1eedd4dfd508c76cf5da528ad7579f7cd66615abb27a953662cb2cf9221f730b3d0275666be8efd3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
c99378381ecfc46c70bc97953f93b83f

SHA1
cc6f6bdd4bbc4078b278b80dedac17ede25547ea

SHA256
a489f9a84f99e92cfd81a840993285904c1a0c988a80a266d5661745239be04e

SHA512
13b3a1936bc24d1ff211d4854ba010e293faef1b1e57b6ad1567818f2cd62ad366510cd9746c4d8906cf137b7014e7f81d73bc5e432dbc9e56a7bfcca03b17e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
ba96d9291a92d6696ffaa7f036719057

SHA1
a2d055191238762c1a04a540722702edf018bc57

SHA256
d1c477a3032e57d93cb9588b045dbe48c1978a2fc0f9a23f52bd90bb55897ef0

SHA512
5f7bae645b3f909d37a1e1920d83f045f3fed2e224616cefb6e612658dc7fba85e92604607df5230c9830810b8ac689eabe08eb5d6557bdc0801a561ccdbd830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69175e96dbc2595cb28a77f8811edd23

SHA1
06396b754f31a7a9df0ea6f4ef427dfed6bed1cc

SHA256
d2dcc8039f91306678f604694073bd6def633d23bebac4613eb9c5e1dba0673d

SHA512
7bb225832e0ff08c51700a580f55e1ae16291324c7154d6a3bcb058eb05b5d512b9b921f2b01f6e64737afd81e9f1f4367b2b8ec99d4c6ddd4c6966e5792d82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a53f957b418a4ccdaa9d39f83553377d

SHA1
f4a2f00f244cfc0896fb22dcd99c71d74208c58a

SHA256
8327c7bb01141f379bc4bbf9078ec0d05f7059fcf98736a2714402c81b1d09ad

SHA512
4cd5b1e7ed6508c48afdeec5de6e7856d82f2021756db4fe0cf4294830743b0d60dcbdf9b26f8eae1e5ed026bf9d5bf0cfd4ca65f240dfa45281f6508d2ef98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7b76a1ba593c08b86ebac193450feae7

SHA1
8fc644c95a9386496f57ab10e940f17ad1921147

SHA256
9bc673a0cd7f8c56a40b934df8c3af5e738fb35066bc124ff3b54da17dcee197

SHA512
658af87e3792afd96a771360585c3bb87b49012e4b596dea8961ba7863cae6309c0132153ebb2f8d699e48972a611ebfb1fcacf1d07fc2a0f6691c73aa9f5f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a4ea701e25d9e7fdfa88092ee72cbca8

SHA1
06fe6c92b475f009586e0424006e2d0314abb6f3

SHA256
bf74acd460408047512e5a7fbb5ee4603e26f4503c335a3f7a44b4e9a84670a0

SHA512
2b63c49df775c6f0c525c50d63673f0f9d0dd9ffa7f09277838cab0171b0ec2eb823f254cd866ca009999a26f4a7a9f2b59b36cd890b08d10cf588675c2e3acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9bdf83928b0d34da8b53bb933c43a128

SHA1
e193b78de465c483ab95537a417d460cf9008cb3

SHA256
0de4b4417af1939943b49b813fe480a53d9b625c468a0e60e4dfc74aefbdf468

SHA512
08155d82042de66de3d406d022e6d4ab523bff4b47384d7a1bf98caa091c2c4a5fbaae4e8458f7822cf1607f89bed4987f6cc2c69fcf695237c4dcd15bd28638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6d28305554a174b287185e018c648b88

SHA1
4be00c82b2c5cc42a66b39de8d1117a35cde3d73

SHA256
3bde238ba9bdda8bf510266e87e759df692468c4e6252ce48d374425d8eb817e

SHA512
dc027a1247b3e747c16735fb2794c232bcd816e38a0de1e5b8025925cb0f904ff9770cf38c0234ff337460dd3d8d824ced056de282738bd0f72e0458b4cf8654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5d6ffc541e77339d595b7c535216c635

SHA1
78f2c39ac270dacc6b81678399e43ac16d1b7dd3

SHA256
dde20b97954da91f29724dcb73e7a731e22bb293798a7205cca588e4db53d186

SHA512
acb5cc33c70e577c49942e825952c59421a3b5f460cdb70a6fab3bca1a6542dd9bc80126c76c068429a54a8f85d1c855b14d431648be5a979cb3233c86d421d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a527af89a96120abdc7900f2627a3e5d

SHA1
21cd1e247486fe1bc65b163371d21e8ecd364da8

SHA256
a003164223a347951fdbb6e50935b5afe55442e02229fcb5cb41fce3c0ef791d

SHA512
a00e264aa8d8a4f3b0968794cc53b8550ea68db7f2dc9598e3cc0551d271ee686fcd7712f1c57ddf292c17add4771afa9224258eb9d23f199e1331a45d8189f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fbc6534af0bffcfe09c67e128a02136a

SHA1
8e07dbcb481a52db6fcb8a72071dc3f5fc80f665

SHA256
bd6584dcc9e1846b92e18c4750ce5ca0c652aa2608c47032de2f52e0dc5eeaf8

SHA512
74feb886d328570bc5ee2f6750d62041a72154e78e391cab5dbebbd7dc70aad07d1b0a530dfee9198f2359400196d93ca9c5d824a21002fafaf2174817ee686b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
73a28bd131f9efd355690782cf3692d9

SHA1
e31496f1f8ca65e44030be39eafe2f8cdb7885ee

SHA256
5807b59066f9e8b9c64a0be9fc5bd1064f92adb50272e7bc5643db547e96d670

SHA512
b49cf303f4c20b5f4d619200a9b46af1e06cdb73a9f8745c271270f9f936748afcb473bdc3979a93b6664a706c1ea15e2ff10b110f72e6e825b9089a9765f451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e2585bb5873590fe62668709f93d234a

SHA1
cd554f65485fb5ca611165f5f697e4cb8780bfed

SHA256
0aaed152bd708123b78216a00ae2544f304eaf9f725f77aca3190fca3dc668d0

SHA512
5a34859212c2c6bfb2e70b3bcf99d62f9d35fa04a20ee73765fcf8ac551ab38d5a8c25068628f128ad4cd1409423c89ec9fa2be76ec741bad4e72df3c16aab5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f25346ce330464f55805e5274515a9c4

SHA1
2d5f4ea2956f9a39a6dc58f6660710c8cfe56812

SHA256
d8ae7f934416bfd99e30a0b6eeb08d887c731195a53b269d9b5de886d3b50ddf

SHA512
3656725e1367ed79466eaf1943b1399af9f91a17d19a699f1c8cae306ef7d0d66e755358f549db3f90508df6278ef6be46d6db0f42e1d70e68434ce6148a47f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d1891c724058f88572dff09d9f33ba52

SHA1
a3a40973a34172e2788003d4fd7dadec3e836e29

SHA256
195a244eb4592c043e4faf6dd94eef420a1d74fd987c03cd3fe5688268a68d6d

SHA512
d272dfdfe0663a917fecb77f03a88d0d45eeb02f9e8f5b019338798bcc14e115ef3b5e465ea5a73f3c792346209093fc7059b3d9061e849313b45011076641f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e985.TMP

Filesize
1KB

MD5
6e5b4f39b2b8a7aeaba4b779d4c46371

SHA1
ad34a93a78e01cd9d317cd586e29391bc7cb936e

SHA256
a1906ccddf3f3fa44cc4134c6f490d9733b3e508dcdbed9972ab61401fba3690

SHA512
738c93cd249004ddedf6a7e202924c209b99f837bf617caab071737709783adb81ab47434b1cc7f61b41702408fc9fcb8b41cf4e5dc8188cdeeb31382526e785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
56c93a67ca8f00e717a9ea5c8e7cb654

SHA1
b07ef3221ddee823918fd8084e089ff24f85366c

SHA256
ae49d641270e87ebfd69846fde3cb28b0b7ecadfef2a2f4a02e09da3121e6f28

SHA512
9ea7a958324354bd3cb0a2c0df92af0f8348b465f87d76a348bb293fc9ee2cb489862ccdd29e2c63afa27d4dfb921d140c63b61331d46fd01716b0bcd4cab03e

Download Submit