hxxps://www[.]ve3rl[.]com

Resubmissions

20/01/2025, 09:06

250120-k29jka1rds 6

20/01/2025, 08:59

250120-kxsp9a1pgw 8

20/01/2025, 08:50

250120-kr1hxa1nay 3

Analysis

max time kernel
168s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/01/2025, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ve3rl.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
4676	msedge.exe
4676	msedge.exe
4620	identity_helper.exe
4620	identity_helper.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	6024	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6024	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 3948	4676	msedge.exe	82
PID 4676 wrote to memory of 3948	4676	msedge.exe	82
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 1932	4676	msedge.exe	83
PID 4676 wrote to memory of 2508	4676	msedge.exe	84
PID 4676 wrote to memory of 2508	4676	msedge.exe	84
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85
PID 4676 wrote to memory of 2124	4676	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.ve3rl.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc5d46f8,0x7ffecc5d4708,0x7ffecc5d4718
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9749366242530808807,14971944815473931719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x32c 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
242KB

MD5
ff34d91165410c4e9563ade56e6d1127

SHA1
b991817b72d2ffd931a5c1980bf749bc08b8cfdc

SHA256
006cacafac28eaec751f07c0ea67042abecb542bb6535af4e38730bb967a3dea

SHA512
50159437f6f5bc4a045aed64f0f75ee544e59e97fcfa0181b409b1f7fa0e378b5c7828a849b499abe3d569aea42f7435ee3b9e931e26c0866def87ac29975818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
20KB

MD5
c0a053d5cb8160124a684a9a1cacd12b

SHA1
8e473639f9b01ec520d54a77f43225e814f56d16

SHA256
1242cb9c4c1e9a840baa2a6d67a4fe7f6fe349b5563d56a0088822c0fb0c7e27

SHA512
1cc56db0e7adc985644b34e54b774603eb10f66aabc0853657977701a8a6387aa10d2a4f48ebee707a20127883d22e02ce22524f5e6327bb899ce3bb779d698d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
49KB

MD5
65da8d6932ad74d3b51694b5a28dd0bb

SHA1
aa6e37cdacda153f499c299299a4dacf50c93765

SHA256
309ec80a404d5ba8c9816e0932bff343c8e205fe36819908682289ed7c7ae482

SHA512
bfce7ba0e18dde7d6f833709e565f704701d7a51b14d7c11b06cdce0b057290a334219c9aa4f7ea098c097eb779a2ceca397a9ad1ede0784348f78c81fd55015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
637KB

MD5
6063256272d8ecfa4fe4421d6c6cac80

SHA1
978c24facdde195388a702cf3d25b765d0111432

SHA256
cd15681f4833ea8133eb8da4c2d45356b5f1eb426cfd3a715afccc83cbc0ed3c

SHA512
1d192b4ff84d58f03dc534f31935c569fbc39af0f6ff9e110219922c2bc2075a0b6498e81d06f83a35123f0f9ca0b63f826d62943a07be631c3ec03c8b428b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
34KB

MD5
744172b2c526ad323cd32ee244214ee3

SHA1
27434c614392c8666cded0f78eddb2b7a15c04b7

SHA256
b64ee40aac51761ba449cc3a4cab7671461514b0cbd9e05263e3a7704fffa756

SHA512
2eb1b5710b642eed3b908e398af98603de9bdda5449d89dc862e0428d6ee6f94db3895bf70aa562b00b21253a1eb9094d47a9261012fe2002fd3d586d1af2e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
34KB

MD5
d74b9d94121977b55b511eb72f20b014

SHA1
764c6faec43aa5abd0da58468bf14a22d44dba63

SHA256
aa3247aed53ac3005eb62ea8e51ab5d0e4bba6fb14f0eaade2be834b46bc2677

SHA512
1faf9e03370e7fa9787364f3fdef36a96222217a969ed815c9e37ac8d3f1d6cf7cd6816177ae3d8c9e380f99ff2b4256f43d5482860ae06bee17f21b8245d492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f4cd81bc63a7364a161a3d5751b23148

SHA1
2830f9a28c760d5bdbdfee903e86ff501ede07ff

SHA256
e1a5672ee2a3583b397271f7806bc05af25a3e7ce031cb347fbd3cde77131c7e

SHA512
99149d9657b150606d17b770d13c42e0cfeb3ff2f606f08b999cb0e86a3afdb26a3e81dec2e3624e8f578a80a5f3706c76c9f39cbc7d9be371f7078d8db733f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cd2b6b588cee541432bf6c5f3e4f5151

SHA1
bbdfce4ae8d3a6bcf4ad3cb8e8c213e59cb8bcb1

SHA256
b6473941cbfb79a9d72a7424986c898c2e547c47745915d26c07bd9c68850eef

SHA512
7d7bebe93c149d2335651f91da6432672e19905a9a6b47f68e036ada4273fa73d00bd653c18495974c048dea498be733ae85de0b6cd210ec87f011637438ee72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1535bee9da26df0f4c247706e59bede9

SHA1
3b51e82cc4c9e5b799e1f36b45722686997858b4

SHA256
95dbb360ab1e4098e46a12d0d6428734984a39edc1f63524a6cb02fba34d28bb

SHA512
975cb76c58df0fae9c2b1c0e468092ae34f6a28a31b9bacb61c070d38bf96f744c41f91ac1637100231caed42a2a7ea2723b3edfd1596ad2febaeb5b4f916734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
791d5479c7efc6da7dac26f07ca29b4e

SHA1
6beae70bc61811a03e5a98bb559925a225b76614

SHA256
8b2b44eae1f08e9132c9d5233d91a94d6da50ca7f45203732ab8ab5728916f8c

SHA512
2ef7999089c35eadd15d6750b4e2466108e284bdfb06eacd09de35b2066833248a659836bbedaf2562021fa5f39f9925f17451c47895ba35fb871517fa6e28c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
60c56ae7f51e62507980413827a39213

SHA1
6c5d5c1f86e61247dc6732db9abe72d82d6e0cce

SHA256
f1e10ffb9f56c5a503ed57bfa7d0b11eebcdf343b7dbf858d9079a747360b30a

SHA512
c583f6fa03c9c2aa78a6edf1bbaa50c1483ed877726f13e8291d05f24d0f206496b40bf42a76e711707fa60513f93b2cb5276231332f6bd5ba623214630299b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
38cebf168ac5dd18111dca91137fea2f

SHA1
3445bc8324a15c319bb424c884f5ca424e58fc6a

SHA256
bd26e3d7f05297c33df112f7be98f3d450d2858dbace2439867473c0887ffeab

SHA512
faa0de270550f92961eca409be3229f80161cd6a7fa1f10ed41a22518b6ebef9645edda9c4ef08c1cad93cc2844c83b969723b2520d337936e66358c5a4f1445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
915f6999112a1e5014cab99733f83b3d

SHA1
6e00c58bba1448af9bb1a03e9c741715a66e53a0

SHA256
54039b692a77cd40d50ca8ba9b4b19d85f970d868e7f0724f2759e431b22cfa7

SHA512
b92e5658de50e87eb0e190211818902c444a16570bf4720ed85a197fbbcdf6b187aae2b0b08c3b8261b9e81de892391a6b015317b8b4e4b68af95fd58257dfe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d18ff9224abe55a48cb445e7fdf23e28

SHA1
459f4ae376fb1f08c213aa6d0351198e652ad70e

SHA256
76afdcc34e25c6ae31ce87f4af9ae6bbe3d6c644fe18b2e00a8995c36a913615

SHA512
12f2360bf2c8d110fb37b2e428398a33bfa4cedb3f9e0377415cdf971a90e01b28b29724570d71ea0f5f64d3846af44aef4b1784d076fb6597aace453357463a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
813285b79af19e3406ab8abcaa83a4bd

SHA1
8cdba898ba6fc7f4aa990d9ecc106e336ebc2da9

SHA256
e1cec32c6344cc74410d549dc26e7d60875c8bf9c3486db5f33937f7e72a2e9b

SHA512
9c5788476947c9e73c2c7a93e99982d40ea07ceff7be3546a34ce7ed51a4345d7fc1f63e6634fd99382d3ec485bb725ccf9f0b593397b8f357ddd02445f61781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ba28bb2e7883c5da2886e6606f761117

SHA1
03ebc9f801cef51135897802638ca9f112bc60e9

SHA256
252df47a7c0a460c6a65970252fc4640ea7088c96623c6b7275c95583cbddf35

SHA512
edac6a79bdc880ac4fde57f684d1701b7fd6995baeb9e2a5e83faea0bc3b97a091f744fed7edf52565e6be1e7198a80fc27fd6101ea15b8a71d5fa0e953241e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7c649f57756fb24933ca4ab50bb75aad

SHA1
61ea126777d9c23011e714a99fdaf6a6a61b04c6

SHA256
dd853e8cea52bc681441781b140f0c4cd19ae3e05f061ea0b7c12aa5d3309211

SHA512
c3e726921659f2166f5df2f44701b40d5dab5191abb4763ffc3db2e753f3e76d940032e943c742a2bb50fa58ce01b49fdeae74cf7cba12ce5e79c1ef4c5c36cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\adc4a8d0-edae-415c-b445-38b42b81e26f\index-dir\temp-index

Filesize
3KB

MD5
bc1fdc5a0f454a03ce62703d6e0743ef

SHA1
b4ec387d1097886bc87dc7eb98b428587dabe72e

SHA256
500779b2f22ca643d2ee133bdbe8c651bad8fedad0c71bf49c21138d62b3578b

SHA512
a906d86c48d01f582e46f0cfed5d5b57da3e549ad72675fde1479ea6422d60f9e81825348234eff8e587605d8085c26be7374a6e050d301d9509a1856296b4f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\adc4a8d0-edae-415c-b445-38b42b81e26f\index-dir\the-real-index

Filesize
3KB

MD5
019deb4e8fc2376c9bad80849e931e82

SHA1
4248c89a17a685a533f72cceb63e873bde18b779

SHA256
dd37480dd230569acaedf3d379da981eaa36db7d213bd6b2cedeca7b462856ce

SHA512
0a989d234d1a2c38159f16dae29711062b9a81b48c3427510ab603d321cb16c13b884a8efe6561f58dbb0c7c7c4a8ca22fa8d6d019d5a73e24c1d36b07313651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\adc4a8d0-edae-415c-b445-38b42b81e26f\index-dir\the-real-index

Filesize
2KB

MD5
e742975aaa11925d4fd664a5e9e74962

SHA1
874890f65e3906b539d1b5dbd500c0df8c1d982c

SHA256
49a409c6dca6379b7afd0cb477eebcac173a77c55780aaf5c77b00174b511f3b

SHA512
10fc6a1c4350ba5057f472a58396d26afcfef07f8233c60fdc401104b604b60cc1159adaf45045d00106f659b394248b13172cf48c36b471b856578fabcf1153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\adc4a8d0-edae-415c-b445-38b42b81e26f\index-dir\the-real-index

Filesize
2KB

MD5
2c646612e412cba4602808e13c021497

SHA1
ddf75041a7777d5ab8284eaeb202d40b6a271825

SHA256
0412f70c6248532b68705c200adbd7957f0975445c6e04f139f243a54ab75321

SHA512
b0ca993241304d44e132841ee77f39d2a9459a31b650731d358004331d671bb00e5d914a4ebe81b5feff715066cd2eeeb5dff54aa854962958578526e54ecfa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\adc4a8d0-edae-415c-b445-38b42b81e26f\index-dir\the-real-index~RFe58249a.TMP

Filesize
48B

MD5
aaa69675ed5da2fb5e1af72a8b23cfc3

SHA1
124497722648c898e36071e80ca1b1f1fc2fd78e

SHA256
ca0994cb1ac85dece1462514c257e94aa3b7c185aafd684afb2bc1c3f32e57be

SHA512
c747a3cf390b090a956e50b734861a32b7feb858b750783df76f7f7be901b3fac8dc1140896dece64ae43c93f93f27b2fe5b734cc9023beba3b566e5b01e022c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bb817951-8e8a-4379-8f1c-9e19c9f0a070\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ce7826e0-767a-406a-af42-0f1edb609ea1\d1e51fdc10a7a66e_0

Filesize
2KB

MD5
880552310b23d5a44ac0cb3a022cd82c

SHA1
29cf97cb6509d6d9cabb11f22285b73850a316fa

SHA256
57989da0eca32dbb54c8d07a04d7e03e2a2110da2086482eb28951349de8c8eb

SHA512
98e8d3de86913e670892bf2ff03d85a81f58d42c946e070410cdc97d2aec1b39590e59cb68ff0bcfa8fe3be37e7d2708a32a096a32c9a9f8c4f0d78723d77e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ce7826e0-767a-406a-af42-0f1edb609ea1\index-dir\the-real-index

Filesize
624B

MD5
fdcf3c27aa302ef54b7ffe27adb4816b

SHA1
3da11eaf711207e260b94d738d51782d86bc29b0

SHA256
9ae9b3b507512aa68acd3806cf7b5cda829db6a3b261e26eb2755d3ab915fba5

SHA512
352dac0d030d30ef370f3f9072bd1e33b60e5e260cf916147ece5ad09cef17d9080960484ff926f6a441b7fd4c054ec5a1fed998750123d8441af61245549e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ce7826e0-767a-406a-af42-0f1edb609ea1\index-dir\the-real-index

Filesize
624B

MD5
dd5760f4d0ac6ba8fb257e8beb313583

SHA1
2430255ab219999b37dbdd2f26cf951ff09948fb

SHA256
fd94cb87de116c2b9016988dbb52120944902ea761347ef3f901a1a217adfe0f

SHA512
6ba03cc3628db33707916d7cab8c2c8b7b24c6dbe278055a96790a1a082d24bd970ab1481faa59cce4c1f7453e00d7cfca8b88d8e338b40ae936230742838d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ce7826e0-767a-406a-af42-0f1edb609ea1\index-dir\the-real-index~RFe587ea1.TMP

Filesize
48B

MD5
518f8e32fc3df40bd94c1cc2f6e13b71

SHA1
f0aa1bd27e4974721ccb0823bd8dca5df1f15dc3

SHA256
17240e8189c4839ef1f13fa229b519d8cd750972ef8ebb05191fd6735cadebde

SHA512
65c1c305e1bebca3f3e93fa252bb30dec07e563f01ba8bee63c9ca289a8a7936348ac5725ef21a3f373e81e0832f23db43ceb1e283a12b936f8a327a3f7459c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
4a56171a6b4eb76c46c0d77145d7a6e3

SHA1
380ffe63707472824c91a8823f2f9542e0ff85cb

SHA256
bcc60755a2f15723c3639665dd5baa51c531f24fc30b1b4bafd3e8a76cfd26d8

SHA512
76717d80de895d673ccbbe2935efeec0e50dc85710ec49b8d5d75e4b131728fb4c8323f37a5fa6089bca877471247c1cd3eed0316dfcde796cab444161899d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
5d64b13c257a7cd502fb74e705499b3d

SHA1
9b58326fed436497749c0e5709d708e1c480b31a

SHA256
0a8814dbb484897d2301aebf1752771439b22ece9ffdd5918529935d2d76aff6

SHA512
5ff31b1d94eb84754319ed7636707eb5183c12d42ce784b7bb9f9ce4da1187e7dceabcc5be083df7ab6f73f236dacc49b4840bd4dbe317379c11a94a1bda13be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
99c448f22dcf92d08da40737defca678

SHA1
3bc96ecc7f8c6d4070e77eb29e8af3b7317c0af3

SHA256
6036a8bc2d0de6921fd27266c1486342c3956b0b09497c801367d2d072444bb8

SHA512
a34ece57fbb800f5ada300b24815e438c44a71c154582c54e1659c72ecf2de68bddf5192f822b81879fa22a93ff4f7de114322b4fb33f53875c13e1066c7b4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
42bc2bc126fd4ac37408897f5a02ad95

SHA1
e0846d40c1773d8af8114721df22004b99169f94

SHA256
c2edc8235375a73bc46fd1378a02aa72590e033ef70d9e16f0f5dbc86170ab94

SHA512
87d644663c00cf8d45eeb8f01d9f175d34973f1524e4399bbc27ef309997f704875c82beb0b3ac56da88af8c19c10560cd4d1df79e46a5a8ced9b9aee8f2b95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
3c4417ad964e270b389c06e507a3bca7

SHA1
343d6921f8017f4e8703958fa867dd972e2592ab

SHA256
b6b1cef3eb8d29597c2d40ad19b7f0b0189c2e2fe5bd3c333c620597e16a7c84

SHA512
6919745653497464e60367f839fb4042da94938cc8359fff0e5abd54cd0bc4e92bcf96fba264ad40bc546ca9c75ca8eb3616ae7ced0bac7b5ed37eb9fa2cd936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
0049e021c2a383e7f4496d1a10d4e5bc

SHA1
edc99d60ff95ac6d5dbb389e17312111363d68c7

SHA256
e61c12eb28bca87a2d91f7a9862ed2eb12edc2aa77cabfd03c587c8c382e37fc

SHA512
42bb2c32a7f1422903a41a0061b3b40cb41f925192bfc2fb359b6dd54bc59d83687f3e488dd1362e38747f4749698824efe95c388454bae6497712099b399b33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
2f534319b7e96f728538f6ebf50d2a79

SHA1
8952e4dc6ce757f3533a2d76cde2878280a3a51b

SHA256
76ac6bd1d5c768c90825cb51deae04483f6995533b7ce0b3b11a5a471578a95f

SHA512
3f70b1e0dc8523bebadec84bcc5367d69778965a40edb1ce915229c26d1a9c220d4112840341aff3bc833ef8b5b19a2365e91a336d9e24b2adae1403718e5b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
8144361acc22eda5642a7f9ac03d4b44

SHA1
e584351d043dd281c6f8082b967b6511e0b235af

SHA256
b2bbf1515524efa905b93bb68855310da2cc3844c974ca7cf0677820718c313b

SHA512
f7eed85bae77d149225406d3e09f63ade223b059efdcd4bd44f2a97d28d26bfc7a88445cad0ae02dba84ab6bd81db52890735d3288233235ea9ce73305ec9c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
853b263f73c60514d3027db72125d000

SHA1
8216f1528b0c7282ff4d2e94265b6cffbbd6ba9b

SHA256
57260b9825d829dc503cf7c834f4d1c8708c055873cf26d094caaf5f5185f682

SHA512
860cca55829f791255725a6704ad8f368b5640466175e776161c2800e1540ca047411933d6c2dd2b17ca5898461dcc91dd5199820407e676161d435ca46f5e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
4d5639db4f8f138256f60124a8bc6369

SHA1
3b4e12fff3bf635d5f9c06ee7d108a8c1163b7c8

SHA256
b14fb3e98c64960b2a8937a48faf4296f17c162542fba9dfadd3667f84f1bbde

SHA512
23dfcb89a5a2b20ad08cace1870167addba93cc21259ae07759628d5a308b7a8f43bad630cd398701bf78c5d7cf8aaf12c1ecc66f448031e3192f316352d38b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
be61a1c22d47d4adeb2487bc43ca39d6

SHA1
4f1475d23d0d32c8ffd699454b873e914383eb5c

SHA256
2a32f063304563082bf6627f386e5b9539a14cb22c1b6ce1f4ddad4b8eb66e59

SHA512
144de09a76e92e6856247ce13cf8f044b8f05c68fc95ede71072adea75c5dc63efed293b3aff8c0b2514ad822073a5e7c6d5142a5cf3abee27e948be3fdee735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0f96e5a893f342d2f1a215bc75e2c845

SHA1
f688caad29a87e706a711cae4e2888de1187578d

SHA256
697ca96a5db4862db6b1801fb2b79cbfe74fe1ce8b6cdc6cf87c939cae9e4c66

SHA512
245c25e13c40624e7bd37fbd9ae9f5f2fcdc1cc7212bf183b4fb1c84066c1ae4f0d48a8f8df7f146cfe09728f433951e4a4854910b47a4c0b997b9b9f824b403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e594269b4db8f9953e82167a70cae52a

SHA1
573b07b93b29a121f4c890cbf53f394ec6c1e66a

SHA256
7a29c307de1232914ed03e1d18013d0e4a61d5f369e425b38bccf0d8933ffb59

SHA512
7dda66c4018dc44aa34317fb371173075dc26d60ac4017ce0782c9ac9cabba65dad4c674959637221acd974cf89976dae692600e1573449f9d7d69742aeb5fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58776d.TMP

Filesize
48B

MD5
75c4e45f9ad96c857638194972cdb75d

SHA1
aa64c1fe39877cb854189d46d58de06b77841fdf

SHA256
89ec1bbbb27e1a09bfdff67f8771dec63a0c09561f6e27340c3529942a5505cc

SHA512
dc7ead85231d2e7f354319e438332e757308cdedc8223503b87a469e130d23b6d9f32065d751c65308ccfb9ea7b2c3d7ec41f1462320d6b49cf6dc901756bfb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
edb32895fc41b469d953ca27128a897d

SHA1
47a92ec664eec8367676adb3ad58717a5391a92f

SHA256
0526b1284c45725ac2c554fb0c5c3877b794ccf8a3b2a6e14b5fffd5683ff689

SHA512
cb85505b876c16efb13bc2d89018f807948e65088d3cc9f8b161883dcffce24bc3a07911ffb9e7b8458addf5261dc240c75fed3ded682199c402c78dd7909949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a960d1e64f18f175ff0647da81d78426

SHA1
381c99c3d4f08861e09e290cd02ab2e1897acc8c

SHA256
fcc6c85a1083189050363d0f55ff4deffb6fcae59597dbe106626d087d79bf58

SHA512
8ae204481f2997101e7b675374451106bf1850854677371dae194275175bbe4d12ab9c0293011b30887bcc60cbe885e9f1a33b2cdd3d870d4d112ca0b0a7ce39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ac2b7523a7aaa5074a7d7ea0ebb1a0d

SHA1
185e3ce0f0843d722bfab1bee05dd0b0c550ee11

SHA256
1c2e20733fa85de5cbff3cc24f122b2a19ea8e5ad84f76ef18ed9b173531a02e

SHA512
4d4e0fc250a488846ed323fea5120ffc2c5fa80422e17eefa467027e13de46ae3b2e98e71097c43a0bc30dc910062009df65aef3685cffbbf538c880ae8836c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ebb30840ce824644e9f1b0c77812d81

SHA1
a3861751a1f369d7689e177322b8d2405fe4f8e9

SHA256
4e3738a7cae19e748156a9affd023607c999e51187c1ea19f982889c96e3259f

SHA512
1e69520fe266ba11bd2ecea0d9b3649972bde418f199c2b03bfb7cc01d2ae56be80b0ef085668f88d9d95c1f9dee0ddd595d0ffb1cd476195d5c28a7e96b687a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd8a260288a146b9c12c0e697de0d099

SHA1
7175123dd24a50b0753c073f901cb51119f66b34

SHA256
a37d31ad942e3ab7bb95b95b9dab39abd5f66e40b974c3b8600c1efcd48dfae5

SHA512
ebd5e8ff9217403c885e462dbe3321c48cc082ce3a1c7116cc85b8aa49710f51f66862b6e7ffca92bf7d380eeb1156521ba6ea63939b55c6e6322761a41920d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
867B

MD5
93572aa6eb2b979995db60b8aea78180

SHA1
88618088d896647dd21314ab84c5a7b068ca18ec

SHA256
1ee5fe1ac1dda77128abe53ca826513a6abcf5d6403377ec6754544f2c88c238

SHA512
e60ae1cb785d1a65fee65a614d5f8f356454e79dc355adc1dd48ea22b97d423f1e91602a82ceeac7b4c2664a0fad3a01707e9d466eecb5b53338c66f1f49aa7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5808b5.TMP

Filesize
367B

MD5
1c819a51dcd9f00a85297e5fc206a6bf

SHA1
457e3b598577b0296c28e649fbea40b0799c3d41

SHA256
94fa8ceb929550b4396b03ff75cbe5319d2edc7fef9ac35ee167c384d0cb2a68

SHA512
a8c030d9adeed98f5beda21e15642f11b10ccbe7d6b18e379077da50568c0797be0ff6bcb62bd7d6f7c67b2b94f5433e6aeb90b6ccfb736e055ff3b9f1b866e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
57cba3362255953d07ab5e3346900421

SHA1
357bc42d730d4bc5297a6c93acc2ab7581deea39

SHA256
6761436c024766af42b88435df6d749cc632addca6c774049d9b2357c1e50b28

SHA512
4f9fe67dd07b203d2ab7a6c966fd5fd0e6aca45363a5604a7971f3fdfb556439cf310b49212883163c20410938f055bafddec79ee83a5bd0f3bf28e9ffd3e100

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit