hxxp://instagram[.]com

max time kernel
1049s
max time network
1055s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://instagram.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 28 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000daae8661cd8cda0127356671da8cda01e75b1fe16290da0114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2104	msedge.exe
2104	msedge.exe
1404	msedge.exe
1404	msedge.exe
2480	identity_helper.exe
2480	identity_helper.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
4732	msedge.exe
4732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4732	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 344	1404	msedge.exe	84
PID 1404 wrote to memory of 344	1404	msedge.exe	84
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 1824	1404	msedge.exe	85
PID 1404 wrote to memory of 2104	1404	msedge.exe	86
PID 1404 wrote to memory of 2104	1404	msedge.exe	86
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87
PID 1404 wrote to memory of 1116	1404	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://instagram.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa57d646f8,0x7ffa57d64708,0x7ffa57d64718
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2224,14473231110796569524,17547355258639710583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b1931878d6b8b22142fd7fd614add5c

SHA1
0e20ec0bec5a9fe3b6666c3009626f0420415bc7

SHA256
d78e49cf9c940d8a407fca2338e30b754e4579c64e88932c46c3871f62c15904

SHA512
1e7a63ff7340719736560277601ff43f30937dbd4a1fbacbcb0d72fa708216692a4bb4ba658edf227b767975b430fc94e7c4f0b5dab29bef9483bfcfb38e1cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70ae4bf8f75c69610c1d00131c1ec28c

SHA1
eab92c184a3b655377f375b1b25ef85fb06c7130

SHA256
9f46453862eb083e85697631455185c0ead19ec86c1ae3d15274c06c9a38731b

SHA512
29299dbc0114f01525bff67ec421a28056905e8f5d21f00502554f446883b6086f8b9a2c27a591f364077da17c21438910b8dbf163a59f6f80272eb7d5f05c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
74KB

MD5
0abeef2e28e4de26930e2298e5b30a4f

SHA1
fb535b24cbc0c27e01c2464fa60fda7f79d5283e

SHA256
f5fa03c6363f68b043a3386ab781e16e39cf01302c078cb6233bcd9a3d51b1ed

SHA512
0b687e229a988ba6283c62dc6eaa2f4b81c85fdb1f640d2383d4660cd32307995016a0fc92df6dccea155b4e662b3e052ee7c511113dbb2d784339ed5629d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cc0ff2733ff7d07575b2360632a7ea5f

SHA1
f542f53985c5bedfc9eee89ee3b6e73abae50422

SHA256
6022ca0d8146dc4574d0e4ceb5ba7c4382b8973464f0710683fa2b553debef6a

SHA512
9cbb3bc7e03498537af27ff63650a8cbc4a2bf2ad700dcdb459327b47fcaae69e3e40307b34a06cd95acbc7e8967714fba1d10b8115e27c467a0bc721fd938bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9e56749eadedc50eccec09e69586fc41

SHA1
b12a389ca76c42217be0bd9adfc7b413ab895f71

SHA256
cce5ffb4249e8ed083b2f2ff1ed0eb00f4c2124fd27bd37446293d98fcf91b21

SHA512
f397c3d2d066c82e61c5f401a7445e50a3820cde6024fcb5dd4538df2e0934ee599324c1717791de4d48738662bbefa835bc51660faec3c2d4c4e3c988905ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
090baba6e8a8fd8ef70bb3a0a9ea2f9b

SHA1
4f7568935f0e169fe58d2bd68fa56e77e0ed89f2

SHA256
1d6ba2fd2f297eee8f7457deb92bc4de799e797b47f76e8168ef6159bc4ae9f4

SHA512
ad56292f7ddcb63dde5bb4de52c5d2c2c91802d4c010a2d0784a9fa556ee98017d554c5368bcc0075d5b79103a78aabe7d6abe5434ece363602264a829029b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1ba8e3f065fe4c947a713f09abd5b015

SHA1
d3677ff669131fb429bd7b15b389cbeae0a6525b

SHA256
b90762908f50c167d7e31f8d1a84b37f20ccff6078f63e73f36f5a8b3930c6be

SHA512
71c8f624e0eda7740a0a2b70efad680d308efa193d37c44c5167855dc690940851d22b6e61272e71572c115c7f31f70d7e8508ce4cfe1c3a6b5b50021238603d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
489eeb9210befc9a918cee528caa9286

SHA1
a5ac013c72f33fbc3dce153af882ce8dc9e6c6ba

SHA256
fd2c2406a19afc73b7edcbcb6bfeeea9cd7158465726be0cf03e22b59267df43

SHA512
e27a77cba91812ed17ec130e381a5ad865c7ac0652b5d8d2b78c01b2e85bbbe174b60cb287973cf61a0c14ae50e644b266da6b333237905cc79b399fc9d56500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9fd0531780bbdcd39db2f88b43800b17

SHA1
fe6bec3ff2deeb8f1cdb198d82339a42a130c1b0

SHA256
33d20e007d78cefba831951c335593f7f95af5c351a55acb6304e31d2fca978a

SHA512
944679b6b4835920248fbce6970be0d490703cf3d32625a91092bb0ac965822e3a5581e69e4b574517d78cf6c79e64c1413167cba39728e2dd090936511bd812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f7f631cbb699d9cd136bfe5632033de1

SHA1
8e7f9f27f76a35248d02ddbdd557fa883b587ecf

SHA256
a261e3e618cc6d5cfaf8bd0518a0540fb5ca2f346a4b1d5fb87605e22b078279

SHA512
8455c0108c6b7ca9e0b1261fcd3881e86e79b2f908a95841790f4273dde2978963ae68aa8825a9f0ee1e0502163e3719e034a2f518af7990b798de037413c160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e477a1102ea96b3514d0dfcce946ffb6

SHA1
fbdfe6a0425d2511b88a0c8b0f6c703719e371e5

SHA256
29f29496e1feae61de1de5ef1e6bead7e0b197fccef81c2bf9f895c16524b051

SHA512
c6abbcfc92592a752a59ac04b846521c774c3499e7bfd6c610092be440e214d812f48a6b1b1fe957fe6675db582db57db4d0bcf439592344d7d75ac521dfc1cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7ffdde997904627e1efe02425d65559b

SHA1
b0554b7c558e49e055898cfd108222c59e49d7a4

SHA256
b9bbc97a9ea7e2969aa1c6e7dc7d1af2c0babff89d1a55cdb9734cf26fda24ee

SHA512
9e6a3f2bb3ccb43be6ef52eb0d8e066e10b990ecb1eb0d441941dfcb1a789b6a0056b9d0ce303955d1396a6c957febbc13babd504d60092651b36bb873ccd45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cf274edb108404925eb25864b0c054d9

SHA1
c54b21d1a27b4f8f54326cf701afb30b60471c4f

SHA256
7b8c577046310543d7fc964e6ef4f6fd59dfaa3a127e10c5c3e8cc16ede691da

SHA512
e97f91a47c98a04bd471c5dbd3967345d6b5e519b12fa4bc8d4827fbd779cd377d783e5c3242527f226e81ca64c8f66c19bbd6d7b80dc532e3498a4605af45ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc2ab8579a27a7feeee2e76a1222f7d4

SHA1
0c3ba8fdcc42d192c6725205043e8a3f30c9e8a7

SHA256
8cecaa31a2a2a768263d45c4319dc1f7b2e368bb841f47ce4de020830f219828

SHA512
ec569236b061f06ecd9580566f0aaa898149db11f4c6d1270e38c369a6c279f0b654fddecdce3d01f2419457cbaefa6a62e384a2192293e3ac144b1a3c18b296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef179f9ba81d6af5905231fe57acfb22

SHA1
759577f6f1d562666783bf74d57d5d753a399ab0

SHA256
179582e0f4f1f84e3042463cb029f2857780ed354e38f96941431886d479b487

SHA512
667e2931188aecefb95130afd7976c81586006bd2a501ea130c4123a8d4ea9e9b5ce9b65391e2dfb82de05780edec1d74bab33204072098e8e5399da724b831f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bbe1b7c453a4a5734ef242ea5388abc

SHA1
afb3f8275ffc2618de2f9c4e169e46e29633978f

SHA256
3e959f6d5253777ba58c1c64cd57ace140d43d7922dc1e90bfa361b8212a3ea6

SHA512
dda8c24bf6cdf79de437db3d49f3d6e26a51dccf8e4ed8ad7e4541b865c304d7ae4353fc60da7630ade22a184735602b62b745a986f5833339fba7113c634dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\c05656bc-4e27-40a0-b6cf-d7c75a1ab0b4\index-dir\the-real-index

Filesize
72B

MD5
50ceaffb35079c622843e0837bde634f

SHA1
ec34013b220056fcf28f61516b9ba687a9ec30d4

SHA256
0d92f29b46ef03cc89fc8c2e81b095a69d9e3a71ec43cedba42240e2a5e78169

SHA512
cd5b96cfef8e5fd22792cbe9c9a956da52ceec411852931a9700389b73ea14ac72432d15f6b4e8f4d8cd2c1c8aa9dca27852beeaa6a187d4b6fa1fce43decec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\c329ce50-ce4d-4072-be99-c06d884e1c20\index-dir\the-real-index

Filesize
48B

MD5
3fe2107f98045c2180440a81211d6a81

SHA1
c312a86378c5d715ad392431bd37c43d40de564e

SHA256
54ac054598cacdc0cfa0eea11814b87aac83f862ff23d7e4c5f015db932f4d4d

SHA512
6f2022356b2a855d5fd72e50822ff8b5c0657600dc7c8a40e00dbaa5f4b3a47aed2d86d816f0256a1f3e1eb5697e4d8818c3bc543153ea8673c5713c6b82baed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\c329ce50-ce4d-4072-be99-c06d884e1c20\index-dir\the-real-index

Filesize
72B

MD5
f7544d9f12477372c7d2087429ac21d7

SHA1
e5f3be3084f9f69ce39f9eefbd1a4272ae96c2cc

SHA256
72907ec7abb6b8941029897ec462e34799a949344a525b5df70069e4182447a6

SHA512
a2d86ae9d395f12ed06d8b6162f10ea6da330fda97bcdee1f1058d1d6f4ab42be20858804ff61c233aae89f43c6a212ddd35712535a005d743ff0d23c38140fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\cd8f33cd-9512-41d3-9607-6a0f41e30e36\index-dir\the-real-index

Filesize
72B

MD5
303522aa26f9678dcaf26f501d2f4104

SHA1
0f27ba463c76b1a2ee77f39e535cc31fef52b0b1

SHA256
a2e7e6fed0289f2fcc727c42128e3a450eaaad74ecec18fa97fcd3d9b3f2610d

SHA512
7383c326a9542626dceef83ac7aa0a1fb7f8d9ff1b847e515da4010c56a87a01925b81a9790fe4c6d96490a8f918c020ede1deaa205e86d0a80aff6bc57708eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\cd8f33cd-9512-41d3-9607-6a0f41e30e36\index-dir\the-real-index~RFe58179a.TMP

Filesize
48B

MD5
0a1275606f13d5ccb45d97f5cc6ba10a

SHA1
f9f2dc2130d550ea2cd5207bfcc54cd25d9a2cc4

SHA256
f5e838f292299c3c6d7d9ffefbdfe773d35517199ac13ec64c2617d0ec60f075

SHA512
320510e5428b67c59a6e6f15650cef67ba9c9232b97ed4e2b93b86d2f26897845baa6fc92e115da324b19ca76c2ca61a3653656aa893ef497ec42cf44e6b5c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
167B

MD5
43e953c160a2ad8fe1371c596cdcf6d5

SHA1
989e3f31ee842e5701404a171f30016182a2bd60

SHA256
7952cdf265bc36fec24e8004ca93645f6867b76accbd663605b83fe09acebf9c

SHA512
3b4521ff2a6b8dda18b8231eccd37aedc77fa4a84d4ad806b733bb5935a1a1989b73f4e6b15b2b91d3162fd81d3d6d5fc1790e12e0f8399bd9c7086fcf724d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
217B

MD5
9989dee23275ca1c3757575f1ee3afb4

SHA1
d04d243581b3e6faf8f23c30061d4bad3ef6745e

SHA256
62a1035e02e6442375c37030d3c0930741e20055990a18c289434a7b5f7f1986

SHA512
e492800c65d3423c763022c719ea302a92a3840ebd4163e3202c35811f119fb0ffcae04ffb607c808bd0c3b44cbcb4e8406933f581a0b800874b6f3c68c06e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
211B

MD5
402c7c7879eb476ead62a893e1ca8193

SHA1
258dd7c50888e34b8e5c6d45f3aafabb31924693

SHA256
cfe1f9e6f79df5b051199ada431498fac41975490e16633965d2c785dd7270bb

SHA512
f84ed0032ab7425eb23f7d23fd7f02303c8e3d46097cde0cb71434832c2112ccf900e026d7a94005943fa7ea851e575c03768e4d56a0456d4f73496621913828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt~RFe57c505.TMP

Filesize
95B

MD5
4809d48bc30559f13c2c7dd5af39d20c

SHA1
97bc2db756edecc1d2cddd14837c688f5fc3bdb5

SHA256
e2bc27c683ae3e643b54fe150fffbed85b78bceeae7f9532ddfaa206af2220cb

SHA512
715cf1798806d8e0e79d14f9cc68dd7c4cd278d4cf022e926682a5e82df8659554564c4e6dd7b839af1530bb8b48765d38d211d938ce91e83c00d781da779651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b50b5f924121cad6372cbb4aea58f57c

SHA1
29b01e059ccaef667aa8454ef63546ee9efdbed9

SHA256
9937037538ce3714f6bd025f74cf999844febacde1b7a8a45f2070a716465e44

SHA512
03bfc283999f5acbf84981f61cc03afbfb86ca2de6a5a2edca22888fb7d89caed51e2fceba6e9c6f66fb782381dfa6e9ec0f236100acab0efbcd45914d54c4cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58178a.TMP

Filesize
48B

MD5
3aa55cda6798c91cab0bb537e73e239c

SHA1
60f1ca1084812e476a12a35f13690c6b616a2f1c

SHA256
97b8dd1173aa8ea1856ae9af19a94de296324972d5fef8ccdfa9433fb32f7f3a

SHA512
97ec6f7993ff8e50cb392e6b869d861444b8e62a2f0f94a9666686d3ff6b1bcae46945b4ba56c609ee5b245e9de4ffa103b9eb65386039baf0f4920ab04508b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
912fcd8948de6803997c1363d6e3fe91

SHA1
3a6c57ef24c8a39c3e0f350fdcd54b6e9bc4f21f

SHA256
2313909757ad0aaeced49cb9a06929f0af3712ed04c1d266198ea4ddcc776aaf

SHA512
1ef1a6e40f4d22fa543d9d8c4c19355613f0d7ebc4c9e8bfbf4a68e82736b711c81eb2720c446566b2fbd07c59a5058820be65525453ecd626d4491f572e6515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a22f76e25d17a647dda57e2bf6a8b8e6

SHA1
5f986123683fa9e2eb040df1ed90566d44d32292

SHA256
1aca4c418c50c7501af18ab8297cac97a452f0fa251852839a1f2fed4b2885cc

SHA512
51a15f4a99868b9972441047f4d88d4564934801be3e6b5722e7d63affabf251daeedd9a683fe7d5faf35e4478112b8ee692c863946feec354faffa3ddd2605e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92313d6f65321ebd4e89060d24afe7b4

SHA1
96d3a0dd1fc3c3bd27c2fb0d8998245b2788a65b

SHA256
a175726e692a4f88ddd1a6e25230b4a7bdb492a78afc4d723e58aa7eae4b54e5

SHA512
50757aa34c093e1a986b452b8b5af385d63297a2906b9817e1ea889d2f9e2c975b1f8d12a01bf0aec4fd88a03568019c14ca8685a05dad5b0f76d4884ce15c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8caea5bc2961adca56a3d534db90cd7d

SHA1
c8094d17e663c0b629cab28cc93b93f0b2842be4

SHA256
1d7690817a507ca8bfc6481e6627746436ad8f33db54163959ed0f74186f2a1b

SHA512
88000390e5a32073f81cbea9949debd1c2fbb689981aa69d238c8af519bf641fe44e9827d6503e921ebfa7d69d92873cc65558f7234bd13f67f8937855f434a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8813adc8f1347a484155a9b46bd92887

SHA1
d35c111331b4af121897f0f30ed93c47ae4f74bc

SHA256
ee9bcdfade1557931fbcc8a3cd342854d681508169beedda7e0bc9b9daeb5e14

SHA512
d7b0e64c01c90c5d6c54fc888bea31b83defc8171b42bfafcc8531a1e1b5a698c16a5da1b4d1078109ac0f4d0ca5994f41ea0ddaa7df1e99a60e272716c34616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a974f85da88ca911ce4b036b60e43008

SHA1
9361137a5b38b02eabf96cb14dc4115fdfa577ab

SHA256
0701aa7c99500827a24d9a5fe1090285326a6f2d4f936e056001d3bead5f15de

SHA512
788bc60b317c54acbe25640d456d55e25390975502bd809ac455e7ce1723fada95b9ffbeae67beed56dd9dc89e383da2937b7345a845e08195e4f8644a209d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dad5ec85bf4f581619bfe14a94bce0fa

SHA1
6d40a55c3995b41e9f13bc19a22ad665ff7310e0

SHA256
7b2d7447c45f0714af0bb2a7b84c63085c34fc5cb24bf27bb321f659d906bfca

SHA512
3b22d9ed00462a32770de3a96f63a6c1f75281fa192323abe036c596d6bf49bd6f61c51d45307d050d534d454db4fa2ad5a01fa7489f55e7d5121e4d6c9dce54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f72c5e6072eafab7319285ad7c16c021

SHA1
7b1ce6fc1980d2033f2f84fc7c6f9dd88592c824

SHA256
34eeddb0f057a0e93bb67501bd0b17df93b5aafa7219bd6bf912d30cf89d2b3a

SHA512
4db6f525ffbc892d2d1479ea77a8ee186d95399ddc2c1e63a347c870e3c09a794d352ec093353402e10637a2428f06603adf77865434e44208fff965d23651aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d4f96ef4fb39043991c3fc40c03488d

SHA1
05bf35076b1850954f08a69eb5bf0a80654abc1c

SHA256
66eb34675b77d5b844b454d08c35ac71cadcfb5393117fd07d8bee9732ec6cb7

SHA512
3b0d3ede8024689685d8adc484bc89fd57fbfcedfe224191c12625eaf34ecc6b0920fcff875dc23035384b2cb04d8cc23685534cc4f6c32a2e40ebcb3257a103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b4a51bed1a282184ce02bcc3f943334

SHA1
614b244ee3ec1aac2cd376fa306f267414c11ab6

SHA256
a46b2deef11e323d67cc9d65e637577be53baca10e1e207ee4611df51002f3ee

SHA512
a785c2080db269312325c33c1e08d20c7862b3ee03443d5b49305d8530a62c62bff859e9a09ba3b596a0ae7249bfbd434d9b359c4fea900a3030dfbd8f2d713a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5296be8a32e647124c54c60e82804094

SHA1
77d1658a88ff0847cae8c1bdbe6099a2ebdd7369

SHA256
059928a09ddfda80aa701ed645ab5aa05c31ea3690a684b668e6e5bd543c4082

SHA512
46ff6390673e751c5dcaaa2560bf09ca05978fa1d7ef507e1228a7b51596b5b89b5276f307a948e2cf9ba06ded1317b61bc6a2f937155e25290e5978c3fbb1a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc802ba95f7db90722cc57f9ba9a50db

SHA1
45310dac54910ac26c92141e1874264ceddf4155

SHA256
cf34cc1d6d5fc1a5fb4b17c084d41dbdc0bd7c84242df187d215183d51012f35

SHA512
bbaaaa073fdede3579bd9b8af1b654fa3b7502aa7e5708a1a9725cabef9f67deaf4c335197356c968eb477652cab9d0d2d69052d4c86dbbab75f513fa6cad7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e504f590c9cdbad995b88eb172e867a0

SHA1
bb02cd800d701c65b1df1db08fc38f72a4c5aff7

SHA256
d25e6e32f73c519294cf439880f9602896f0fb0752886bf901d6fefe627fc2b5

SHA512
fc5f693bee148bf4477e9b4bf3a6aa66900b19e6a1364f1fe22a52e32ed0cba8b5ce2bdd2e640ae9c28ff768589c99e0a6a21f1ed371f9d9743db9ac0524d7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c2b7647b4d2318ea63c5eefa28ba23c

SHA1
95b524ce0df8b17e5727047d63db604111a8ba0d

SHA256
089c3bc9c7f5210e3751cff873a67836f5ab9a7b6646ed406f6b01bdfe5c957f

SHA512
8fcd435798c966efd6889fb97c48c5230bd80a3371f89841028a096709c3cd57cd5813a4fd82d634535b7269f46268236d2d0549bdf2fa649956aef3af336885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7b60aa511547b1873f58834d08c9cc5

SHA1
46e58092ee2b6681592e3b217ab3b75d1008f32d

SHA256
48d959de219dbc1aa5d3884c3f253bc23311f3624b4b1a2b92a8001ac4bcc3c4

SHA512
9a308dfeca2c1be62655ace125eafdf22551d6b614ccf23063972d16017b89202e47ef31af13d82973e4a605935de06a20c73f3288ce44d2cd2423b1d77c9437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2f20093c8a002f55249fb99f411f4ff

SHA1
b585c562810d289d49f1dd1daf3a7221ae29837c

SHA256
17c50b18aecb5aecac241dd56110e44925011faccf4f672eb60077f6a1f8f518

SHA512
4b2f341842412f1996998d3b9d6c059a97ea4f7bfc37c15aca4caef02067a8d2a2e73054f1c5fe4227e306502f140870624817edb0a7a8b965b9aa214f5a634c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f990b257bb798bc4852b05f0cf03ce6

SHA1
09d79b377cbbfd3e72b9f6ba0deb7093dfe39f50

SHA256
0cee2bf336e5be350ed574713876c1e46e58681afdfb6eba6f83b85115c8eaf3

SHA512
84f3bb51251d88316117d1eafbc3ac556bbaf083a936ab05d6c7613414a07f02245f13421fd6fa924927ff8dbd649058d36d6dc9c870801833bffdbe893be0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
915caa3b02516f2bc9fe550273f4e489

SHA1
cac4685432f9d0b3712c205c7d64afe9e7b1050b

SHA256
b838c487818e600ad8dbfb5951949f4737b81cb89846a8972555ca1155214105

SHA512
b5888abb339c885814177babe8db4bc93c6be525dd8f9b4119993d4e26db810a15c6d0db4f8d5f6408a51ce9b7bced88cde43764e926c5fc9b657f0aad0ceb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2b001989c1f602a935136f3a99e6e69

SHA1
9ddabd5c6cb49322b4c305f41aea22be8bc5e5e6

SHA256
8ed8bacad8ae4242557d1c1fa4669cf4484f18facbc0f0b062b54c28241e4a66

SHA512
e9f988001f886baa715966387c391e69ca4731052c02cfb6bc6e94695e33faab50cd2e4d64a35678ea018744b9f01383034bd38f64d67d2a6a6389d9f79112ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9cb06129a2e26243773a3790cc32eab

SHA1
c45d63325d067d0281dc0284383c1d1a3063fda0

SHA256
b180d8282c052f77cc9ea14e4dc4c8107fc51aed686e7d2331af49e63a3555f9

SHA512
59b33eebf2b1a59955c849e91c1e2d292fd7f1becd9e18459d402d89106778c9e42ab5c26d4795af8d85114bd5d04db737f8c2c275cd6b6aae6a7fe2ecf65817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b729f76bd7bb980ba0bef8483aad007b

SHA1
187f3b8af3dcc12e74e5a8c267355bdb8e061dbc

SHA256
045c0872fab5797de663dd81366b7a9f7b0e111a520600c64bfdfb131100dc36

SHA512
d0777307d430ae131487e652f4741626657eac0b64c4c906ec242782d2f70d7f50d1954d2fa02c64358ecedcd12de8c140104dae5cbdb4e76b555365955c8736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c363b1b4fd5e8953c377e2eb8405cd7c

SHA1
e821590bf1fb9b05fc58f70744b2b3fce8e3750c

SHA256
3978ae36fc84dfd0ec9018ef7bab8df29e29b0885a9cc39ace1a108ec2ee6e92

SHA512
a78522989ecd8c5b621c23da02f20d84e210c08dd5fb4d928436fdd7c6a800e7e01cc091360add7f485ea205c9d3017262def40b8476e86076c1a6dd25c072a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
364977fe0f03779fa150b40acba4dc58

SHA1
f594788fbc9c33ca87d0027243ddd13a59242efa

SHA256
937c42652d5d0b0a6c07152b63a12c0cb140c464d705196624d18b3eaced0890

SHA512
02360d7ce7cecf878ba33480b4fd4e88482735d9363815a5e38c76f43fe3ba02956651de6f38ff7b0128b6fcea53246fee9986677fa3ac09485f27c77c901d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f59bce48ee81263db67b6515cb291671

SHA1
f78dd3437a787be5edf64a7bec0d9f258a20ff25

SHA256
b039cd45d8e1aad5ecf5cdaae58050f59365349e7081f381ba7f6ad9f8e01484

SHA512
2a32e265876eaba298626a7c54233ec1207d99853d0e60e09c03afad4e7adba0ebbddcaa1480aa6d03286c59b406a19582474cdfd11e0c1fc0b1a6c7a01445da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24a909ab638a83203a531b76be6d9965

SHA1
655784877c3bd427c023fb46501a4d7c2517c8ab

SHA256
6ac3fd091358d88e98b52ef2126bfe44b24fabaa4738d0dc3499538747998ee2

SHA512
7c0d4b542aea7fbd7dd1a0ab46fba03da9b1648bebf0ec09284feef98cd8d61c532d061ad0cda4518fc40840b72ec15f12e4cff4aaabb421c9f5ff9c942fd8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd432a61de40c09129a54796e9fee8b9

SHA1
6efa5d5ef22fa8a448aebf15f1b6725a70730885

SHA256
35fefee61042324d6da8bd210b789299a2060cdab670af7545578af4bbce9738

SHA512
8e27e3744c191abe74197a47f49131ff72617058d0f1e72d81d57aa022bb7d78c33d3e190125b7d61430c97664af8c6dd597806301067c885f07ebb54ea03d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e2a78eac7b0c9dc068563d857d437526

SHA1
0c77a092f639c03615a14b1f729b115a7a544a64

SHA256
bc9ef7effe76aac4ae9314e72a0ed5c185e37c0a5604a798842618233fb36ea7

SHA512
9c7faeaf612cc097a92687a99b40b2658d56a52f8d1d77cfbad21eee747e3d21a85e8d419cfdfe424b6d602d2e8cae8ebb893edbc84b96576d8735537ffae386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2da13e12288b7175aa3030c09d77f7e5

SHA1
8a6ac1ebbebc7a4b8dd7cdc9bf4930d629b6a172

SHA256
6e357655b3aa3c3e2a818971be79aed38370e895d1a6a982aa0a0233f3ae8cd8

SHA512
578fcc9819b9d5a1a64adf4be337b13361e35f329041f627d11530b815ffa9f55c83074a84167b4ef09b19e3a18b11f73a74582270b327376d25b945950c8c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64f8ba883f138a8b2527e20a42b98ba3

SHA1
4fb7189de7aeb0c221a1f181c9994a8805098842

SHA256
aa865e09989690826b7a6e19678083ceefa1dc352d572d61c2a86afd1f3e1d0d

SHA512
cd53ea65eaae2c0ffd3468cac02ff3702fa310985543758c4afab3a067dfc7839616c037a75892a27d993511d5e2aa26d4c71eed5daa19228f0ffa473ec7851a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a93ee824a8e2afdfbe5490f3e94aa7c5

SHA1
673329681f1463729ab65ade3001d50cd44de611

SHA256
b9c6056d792adad50db1ec6a43a0b6a0be0d6913587216766cdbf1f3a62b7bd8

SHA512
2acfb7e5e8085175dafd07fbbd7d8a6293815a142777ab65d75a04fd59d8d6994d01d356d709df455e81aa2fdca589560d3a748b2dcbab9173b27d8dd1935cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e772.TMP

Filesize
873B

MD5
f14cf70a589d035e2dee92353e2448c7

SHA1
4c03130bb41915a6f1bb166f27163cbcd28ec80c

SHA256
60dd56c7341e02c570c392f36c5496b45dd4c7ef00444af07ad1970ab4dd3b84

SHA512
64ad05b293c10c088054bee9724c50424163122da662e195cea8e4cc75e496c147bcc62302e9243251ea00e6c90ca8f4e7aee58ff7ab2d7a2684a3d474fc1e61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d23c60b02d9bce81bf5117deb68e3c6

SHA1
2a18f84f406c2e7d8f2c953532188b31e3ae5aea

SHA256
e32c6223be8420179fe9f998887ac269a78ce6407ee0caf7c5ce939d0a05b40e

SHA512
d6f51da4f1f191548afae005de966f4a6838abd45c23af282fc744bc5a39c2f2b398a35c5c7dd0e88f13e2dfb771df901f7a4a229522704bd616ca0ceaf27297

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit