hxxps://www[.]skyvpn[.]net/vpn-download

Resubmissions

13-11-2024 17:35

241113-v51e6szkar 8

13-11-2024 17:21

241113-vw6wlavqgx 10

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.skyvpn.net/vpn-download

Score

8^/10

discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: 67C716D751E567F70A490D4C@AdobeOrg
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{23504F89-E6F7-441E-B1BC-2DD60139619F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2636	msedge.exe
2636	msedge.exe
1244	msedge.exe
1244	msedge.exe
4800	identity_helper.exe
4800	identity_helper.exe
5696	msedge.exe
5696	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 532	1244	msedge.exe	83
PID 1244 wrote to memory of 532	1244	msedge.exe	83
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 3484	1244	msedge.exe	84
PID 1244 wrote to memory of 2636	1244	msedge.exe	85
PID 1244 wrote to memory of 2636	1244	msedge.exe	85
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86
PID 1244 wrote to memory of 4044	1244	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.skyvpn.net/vpn-download
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92e0746f8,0x7ff92e074708,0x7ff92e074718
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6524 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8008 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8765043931161931452,12275058356568042839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4804

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2ec
1⤵
PID:4584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
2227a244ca78dc817e80e78e42e231d7

SHA1
56caeba318e983c74838795fb3c4d9ac0fb4b336

SHA256
e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24

SHA512
624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
47KB

MD5
55a93dd8c17e1019c87980a74c65cb1b

SHA1
4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d

SHA256
4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009

SHA512
f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
70KB

MD5
807dda2eb77b3df60f0d790fb1e4365e

SHA1
e313de651b857963c9ab70154b0074edb0335ef4

SHA256
75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc

SHA512
36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
25KB

MD5
cd74fa4f0944963c0908611fed565d9b

SHA1
c18033d8679d742e2aab1d6c88c28bd8f8a9e10d

SHA256
e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804

SHA512
b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
36KB

MD5
62fd1704573f0a1ae4c7db83f9f5b470

SHA1
09d03a37492cfd0580ed3b819386bbc4ff64d960

SHA256
3b14ad4d4df0e681fd5aba556473e39e52b31ab98f51dc3db4937bb641a6d667

SHA512
c8108393f8bb91c018ee06ad51d746a33e24ad9041d5cd84792e4c59fb55639b8042ed5c1a424b47263652182ceafe516d0b6adab147e33bbf261d6aee1d3f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
42c2dcf40c79d9a428636d62f476f89c

SHA1
1886ce4b588901b7346ca7a652fed092801badb3

SHA256
40d7684e24219cda7494075b3c9013eeb15824ca1baf2c0086ed2411a2d919a6

SHA512
95dc99c0f5a7667be6501385ecf84d72501f9c90736eabed7c70793f41fbb595aba6c37d39545edfcc3ff2c4fc2bdd9d01525bea09d97effc5ac39ff3ea3cfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ccf13e4dc01a565090ef1dbcaa1ecce1

SHA1
becb2ccfa4551166e40304fc7283c35c978cfb3f

SHA256
08196e0d0c967dd6ef3e56d685e7c065537c677844d1217d93d28829f9a033c3

SHA512
bf8f97b5e12283aa1c4f8e7af3e7f193e88377329540cfff3e3cc01a099d9e44dcb95b33e8f6e2da549e41276fed377b23554de06dded0e20b030d7140bed738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_buy.norton.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_uk.norton.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3ed44cdcafd4c44b6530431384588359

SHA1
a3d4e7a04e30c762bae15da03ac7fd152f57174d

SHA256
941ca86c080fcf34b9a3b4c7b50afdd17a6fe2238faf25b653658fa4280c8849

SHA512
5b9b6cdd689da76dcfc7c53260511da9b63fd6de745857f6a5746d2c20120e4622b1dbcc7c0f946424dab94e8b2e02e54510c9e69415a8303322b1a2525c0fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35dba349fe2f0945a55b9039dced17af

SHA1
de7cceb53e3cbc1ecae43935ac7c4ceb55a4e576

SHA256
6cc6d9a0afb7345df20021f1e5cc7109993e9ada6ca206ffea6b98137aca7f64

SHA512
2edf39fbd0996abd44a0f0dafcca398575e8828d58da3d117403ea5b0d7e6d0882cee0df47402e02baee4a946eed907a27d6c3213a59c1d35db93482135a4802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4278cdd5debc1094b51b35a72934113

SHA1
adc41b6974c6025058af4fc8173f2c4cf3eac723

SHA256
7de2f979b0f115c5e657a5a23ff2e23b58cf6156e8cdd13d04177c5f0d36a655

SHA512
73d21bfe506bdd8781e49313d298918219eac554af0200a2862aa32b396caa6c663c5f5f21f66a538b34d094a2659a7deb13783f366d86978f833a870066c371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dee305e3c1fbf3064193fae602377f2b

SHA1
6298a92708a19cf14b335aeb74878ab7043dc5d5

SHA256
cbb0f0b6c8fc63d131bdf254f33d64983e46eb6c457aef1d554fd35a8811ee94

SHA512
f78fe3a073d6e00889b16802de581c75963f131828efdb49d384743e9811fd1a2d782b56f10dc4019d334c06239f9989880fb63a8e663a7e0640097f8308f9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2aff7499effc9a35bf01490e617b305f

SHA1
7d1c0cab1e9c714535db0209d9c09b023d235092

SHA256
a6548ac46e1ed1cd0f88038fe07b73aa14e6aa0e7a27630a0dcd09e0afd0afaa

SHA512
bff299870b3344534345896f2ced320b417b6f5c26736b23db0634e2c05f955b8f7c73cbaccc2a7aa08787f0d9f19ff9c2ebf038a2aad93edde1c0a19b98615c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9b914e6d9713d2adbf9c2579dbc2447b

SHA1
29661c390aa9257788bcce22127fc5c8cea29294

SHA256
dbb8fda69ffb2202a95a1315225e2e4e464b0efb60f10c68b043c072f5f9bd88

SHA512
7c75e407f3e97f7117ed13b98d91a73d3aa4eb816608e1d31d1e403a19b70e06865bca869a409990fed427d4e6242cfdf6d21586661bd966ead33f2a6c1e46eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
beabf2d6d18c1f9f75320f53ebc731da

SHA1
bf71a548b1b1b0706daddb8b2ff151459159c03d

SHA256
17466ae17c74ec8be8840391227627f3fc0defe509128039c455071757ec0fd9

SHA512
2a0ed2753f57f9264f78be8cf74f91eeb9e1c1cada2491eebc97f26809e9fe84985bf162a20efe59055b2360267aa39dce9144ca748fb2d4c891c1897fe45943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19c6e1733aad66993c64512c11f93cf5

SHA1
6a2d74ee6240750e4af2dd508a8db91ca563ef71

SHA256
744ba7f48f40c7a4363da4afceaae6b72eaf1580267cc6c79eae9d4484d55638

SHA512
6ea6ad5ac465357bfe18386b102da0fd77e23d9d8e2c96b844ec5f0d55be643fa217ebdd280c9cd43b7b2ed40f113c49091a094a9f4b8808c19ad3315ee3cd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6667d32365122a6055911cbb4ba8ae3a

SHA1
32f08a0f352695d4c12f792c76f813578974a94a

SHA256
ae0567d3d8d4f058405d0e942d09e9e76e317f82e7b5bcc7e0ca13945e47aeef

SHA512
b35773ac17922cef48e2ee0cea4504f108a370137970b54d3c614e9c059d25c765a0a813f31d7c60f135358512bcaf13938da30a7dc2d894ee3f7904e9aaa823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59307c.TMP

Filesize
48B

MD5
9cf7c30c15f06682233aad3bf27111b1

SHA1
55c2f2068094bdfd314c891237541a49246e930b

SHA256
a6906a8e465e00ba8110ae6eb44c30d2be5ae9e68b68bda41d39c7ed0eeb7597

SHA512
f8c6d1eb530dd9c52b0f451b65bccae6923c364eb6aa2f9379151d9c92dae6f1f19eeb27b675e138f6372bd6bd15195bcd976a6113b2844152e68301c8d8ec9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
981792831b8907e5b532dc8e21a3ae82

SHA1
354813b6931b74b36127f87c856837f92cc7b14d

SHA256
5554eaefb059098b16f23d226de34109061cad005044db9d6a3adb658f7d31a7

SHA512
cde99e947216b5dda70d91d42e875d480c3c194a5b97b1c3e325782dab0aade31e9e43debc59ec6fc533c97f432c65d7dbb565d05e10ff292e6e31fbf83199bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
041c0ee0e11e2df4c640c376b2696036

SHA1
5ea568bb8290c0b9ce8d2457f285276998359643

SHA256
2457ec346f4d03837f156356c550df2c779bb749bb82baf082edb0f69456d35c

SHA512
fa3791b35369655ad54482fe7b18747b8665a1a0b02c34bf128421a56f9c9e69a806c64de4fbcc53ecbdd9b28e9c2b253e9c96ae74bf7370db8aa9a6e4835d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
503eb14f8add40f9d6fbc4793690a074

SHA1
c4d8640c4dd49fc3e30af49408437800ee0c743c

SHA256
bebd45765c9aca6035e52f265e6a5cd039180d065fba2ed5296d994281f17a38

SHA512
e34058aa7ffdbe8c1c97812b9d36e5b63cc8fa2eed333096c094e97c82e532153629594b300456a9e05b76f8714e9b367e56b6ab939b2352a488b5ee0e98c39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c7adf72874a25def2c27b0d74b7f7732

SHA1
d404e29bbf3bca537fc45933b7d7a356faa2625b

SHA256
7aca2303dcb5df24a342e0c030e000474aa9d02c46b43d21f1c9fba292a1472e

SHA512
ca030b08f82574015119baeba20facfd9965be3c744d35b031c40c95a770640ee0c792b5d4f7c3a94647072a8326719aa45663af4e185cf97fe87646063beeda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f12ed807d5b2104d096816807e68b2a8

SHA1
03847b1d3cdf51b4a4e37b84343bd8241820d777

SHA256
a3953d49db4a55ca4ed4d2c9c83f6268e4f1f8f4f10f1fdd428e194005081b7a

SHA512
d88d5cea60652e5a71eee58a3251cd9d3200dcf276b9bf9f8f608b8c818092a9fdfaf6cad0d1e5776263266f75608936dda30932bd296c7c3750ac81f68bcef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9e287de3b5396c735c8a183aa10f7e2f

SHA1
d4ddf3c726806abc1f7ed58566da0db9066b280c

SHA256
b6ea3ee049f296efe4f0cf1fba0d3124215c7afcc7c65384ab10837ee2b5ef2d

SHA512
97f8927aa7a0e132cdf2f335c7d9b6b271a9035651c4a828dd5ba3e1ca35427ecbf0a163b87b74099dd85b4d168c393dc4918ab23d6b79806861ddc1913f2a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb8d.TMP

Filesize
1KB

MD5
13c5565f2afd5fe5ed95e2e87ad9ef42

SHA1
dd5a695697d6b5397944a24bd6e5680fc0b2909c

SHA256
c88e9a4b9e802f88c1ec0c1eda8fbb32b055d00b2d7d551f162eb27b9194cc9a

SHA512
c5a315d1bd3de65f7f41f2a4c3bc036d7882e7abd383f908805ea872aced91d5db88c5fb82b0de176d6d2ea848ec79bd525c36af0150b03ad074a9b58da77849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8c7935342e4dfed6cf775af0e6de9c0c

SHA1
70aa8abecbfe94e74f54cdb3fb32c141462e735f

SHA256
a92269ff9456af2c72b58ea6cf9de9002294e16bcedd863ac42733c3921c1281

SHA512
31654ea7e52ce460844a518837d0140bbecdd167f41ee76e537459effbe869b1530090f72f39bd29c406b958beab6d4e2966bd277231aeb17fdfd758c3f1fc09

Download Submit