hxxp://instagram[.]com

Resubmissions

06/03/2024, 19:17

240306-xznkjafg73 1

06/03/2024, 19:12

06/03/2024, 19:12

06/03/2024, 18:58

06/03/2024, 18:50

06/03/2024, 18:25

06/03/2024, 18:07

Analysis

max time kernel
1794s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://instagram.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2392	msedge.exe
2392	msedge.exe
3936	msedge.exe
3936	msedge.exe
2124	identity_helper.exe
2124	identity_helper.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 2564	3936	msedge.exe	87
PID 3936 wrote to memory of 2564	3936	msedge.exe	87
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 1820	3936	msedge.exe	88
PID 3936 wrote to memory of 2392	3936	msedge.exe	89
PID 3936 wrote to memory of 2392	3936	msedge.exe	89
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90
PID 3936 wrote to memory of 4432	3936	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://instagram.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc233646f8,0x7ffc23364708,0x7ffc23364718
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,2883299446698185181,16973204642709503230,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
f382ee7423efb8182546f1d3b1a125d0

SHA1
065915818f1a9d68130dfb0945bbfa16297f066a

SHA256
d9caf365d605000734e8687fabbd1ae84759ce75614c8b6f447e8813e1aba158

SHA512
9270f423b8c89c752a2c1062f92c892649f404c4621a74dfd3e95bb2635fc96c25763afba8d8422bc3634aa4795a4f94de30ec36b8a157130f84730d99b616d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
336B

MD5
2efc7c9859ed712ff8518bdd5dad9a7d

SHA1
f98c0c14f000802746f110ed38150ba8f8718f44

SHA256
5d9bf8fbf394251d921eedb4336f2b2a8db0b075df63c00232e363c7294edd23

SHA512
1afdf673d08e4e0fa45d309efdacfdf2a08e397d92538d458eb02edbf68c30ee5443b7fd69c7889727b13b6ed24e305884ce92c3c5775315442457c667d759d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1021196d81671b10eedd1db62259e2b4

SHA1
47878c46178fb38f9090a0e36eb1881453448851

SHA256
29dcf6fd4b8af10806eb3993c1f43b392996b7452416f8962f085b7d9853fdd7

SHA512
57974d5c84175c397f602059f20f65784ca6690060615eca1c2af3ffaa8a7b93d801280025ab649eec97b3b77e43cf09259f2eda6a731d28b9466975c0005c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
482bf45cf012b092c0484857fac8074e

SHA1
79139f61aab95592c0a4620e5e066e8bfe92bef3

SHA256
c0f48e64afa6f0ae2b262df24619c5cfb022b28ef923b312c34d43d66f77b055

SHA512
388d7137f4aa86a824bb9ac38fc50d3ed8987a67651e2ed03a5ac07b26cce265519fc40dbd8db923ed6708d05228dc33506a78dd62c95b3e090b66e3417e0d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
28c40d1b316b8d6d6ad433309f267f9e

SHA1
575953c2cba5aeb1d63772187fba6849092aab5b

SHA256
d2988af0fb128e25732f735a2fddf724a8a344df81f33ff6856632ceae72489b

SHA512
a539f30cd7756962e80c0d4dfe4b6213fb3ec1c8f18d7f81cf5383f0a93414804c30b4321f936e1c0352670232daddee269091e19175938663a9e3f26478c36e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
81bcf7241578ffccabdc4c1d1f79655a

SHA1
38585e6263995723d918a361d0f03379d575934d

SHA256
8480fc306b8fea060463e71606d241284fae3f0d505ce9a4f99b5e47bbfe05d6

SHA512
84cb739a3f20fff8e46dadad260f690d340050f28a4e78ec11e1bc16d015089ae3ec26535f9f46f421aa4a01fc37637ff93876321373c106a6c5a8a99364f273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
fb9b108a3ecece93592f1e563227145b

SHA1
547a2260852c440140f6477315f186a0b86b6b47

SHA256
87f466e8df1681ab1f53ec2d259325f597c52d5fa60ba14e8258c90e0bd18a04

SHA512
a627b14d8baf2af2285ed19279fb5e7c4c2cac139e41e242b7aff6189c116d796489f6142211fea3246856b036d482755426731c31fab978a8354940087ced0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
0c74ca93fd2c026ce4db9d6f31c72ecc

SHA1
bf92e29df1c2810dd0317890334787022a6b4fd6

SHA256
7f0964989b34da5009a6bbd375fba00c715d62062316815f4ae0ca6aff002286

SHA512
cd827df07afe13cfd74bc662e0808bdc90de2fa5055cf4380c52a80a66b0256838c5309b77a2d8e410150fcd0a41e6177ee7de1ef0a6c9ae1d2d3ea572c1ce48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b841c156c2be032bdc184b3e1365e720

SHA1
1267c62c6c0fb87e5231e1a573e80cd9c49ba080

SHA256
20f5eb8d111b3b2bd57a39a5cb3172a063cf9afb837889c8477a781a5836c222

SHA512
89cbad7b32fdb4b0201935981b37250d38ce766897e7fafec8a95625d7b06905e3a9c3f87e2ee0d3fe578a242c1144da3f14bfc51292d700833cc167bdce9ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
07bacbfde6819311391a2e59fa57fb37

SHA1
2fc5c75b0cc8f9cf90ae90cfaa4e318f4f6595a1

SHA256
76179ccb83225a7b792a31363e64dc7ac0d20b7bc4c0b7d8a2617106e2c09eb3

SHA512
d9e15a674d30009823fdf70c14e270580d639d709d0be5b2d00970842830034b2469069835cbf49c771c1de71d527b8389d69a6143bc9461dac800306eb69157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd9e.TMP

Filesize
705B

MD5
150d132e557642a0972c4029228cc498

SHA1
3b4d0f651a7fe164ade6970ab4e1d67a9eaaa934

SHA256
01ee7204c402e2342daa99003782019cd687c77c03baa4a09244e7f92667bbba

SHA512
0b0cf85bc8677987b14113aadb2f60f66961df622e70d5c34cc247b396f5899ca4c6e294bdaa80ee1ab8294d84486ee09454d03483b9385fb9c80d926b772ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a8231a11-8072-4d3f-84bc-5df6c004edc5.tmp

Filesize
705B

MD5
834c53091b667ec2b64c3bcb2ccd5e87

SHA1
eda8a7384ec99eb32b3e8b03af49ecb91b390b27

SHA256
be3f19ca2b647bc898062b4e93dea75999d982e1732af17dce2ac7e6d92cb930

SHA512
61a6ee5fc2946cf2fafb319fc7500d2f61753d5b34be4a49fc1e3c74bf0708f8d3c5c107b526745fb8c315ef6df3314e8d1f6bafd5b6fb93958df55e5b02d956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f8d598915796ae08855cacf80de56699

SHA1
c0bad7661e91adbeab5a0324bcc6a210abfff556

SHA256
dbc4feab2f192ef8087e8fd19b808494094c091e1eea94ffcfd10fec4e7348b9

SHA512
24ecd84a0fea55083129e7ade8444da79e3c6921432bcf5a750fc28468e0d669d006eb9f5fe91cd293ae2f684eae1d85036e6a70e58b2d40240c15ec316eb611

Download Submit