hxxp://instagram[.]com

max time kernel
622s
max time network
631s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://instagram.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
4408	msedge.exe
4408	msedge.exe
968	identity_helper.exe
968	identity_helper.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 4404	4408	msedge.exe	86
PID 4408 wrote to memory of 4404	4408	msedge.exe	86
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3656	4408	msedge.exe	87
PID 4408 wrote to memory of 3000	4408	msedge.exe	88
PID 4408 wrote to memory of 3000	4408	msedge.exe	88
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89
PID 4408 wrote to memory of 3492	4408	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://instagram.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8fa846f8,0x7fff8fa84708,0x7fff8fa84718
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,16126766958984019887,16560775913230397998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d94406b964753cc5222ab1343f54bb1

SHA1
a5e7de0781fa1fabb3cd89564f2e5693cb4dee16

SHA256
fd9923a217cd8d2c44a63dbfe52ec262e7c80b1f1e50c6e0f21f8379c90e7762

SHA512
1ad2c144e7bbd809f400f8782586d3768fc82bcef39db986f766897c344efec77ab2c0b6d9c5ee2019ef5cf9ad0c46bdd25392cbc9dbf9ea80e800577f0fc598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
49dde89f025a1cce8848473379f7c28f

SHA1
b405956b33146b2890530e818b6aa74bba3afb88

SHA256
d6d125ba686b825bb22ab967a346051780cab1f55fc68a2f3efdf3fb5598f96b

SHA512
53050344674d8886db66e25f42d97bf46b26229972631f857286c2a303897cda58d85ee8ca768bbfb1fc07e52567315ea85d57e39b5b382916700ec389946506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
74KB

MD5
0abeef2e28e4de26930e2298e5b30a4f

SHA1
fb535b24cbc0c27e01c2464fa60fda7f79d5283e

SHA256
f5fa03c6363f68b043a3386ab781e16e39cf01302c078cb6233bcd9a3d51b1ed

SHA512
0b687e229a988ba6283c62dc6eaa2f4b81c85fdb1f640d2383d4660cd32307995016a0fc92df6dccea155b4e662b3e052ee7c511113dbb2d784339ed5629d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ded0086f8ef17f5d3ba29c458227663c

SHA1
7c90e25c933bdd039483858dc10b60e40726b249

SHA256
39bef1efa8065fe66f03dda7d2cf4b0c096202a447162edefa33d9a88562ad17

SHA512
43fe8dcc4d8dbc4920fb5a5b6613986f0c510257b02b9115765dd6cb904a3490abc790e6db96dd28634194fbf948793f16ac4a560ca12b79c182be338cd7c398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
3815ebc6b2d22a16c11b602fa6693ae5

SHA1
d9c03556d0f96b9df66f57cc5206cab194cf45b2

SHA256
ddcb3c99881c1a9b0d5936db7eee636221eab0f31d886c40c70b5644bb247954

SHA512
90f7eb0d0f5ac4ca103bf503e46f19c209ea3d91030f34093a9c371ac7380493d006a5d78e0c0b5243b77d0539645f867f0df60e67109e648f3d7263c33dfbbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.instagram.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
15b21f975e7fc5a252eb5492b8484a9d

SHA1
d857134983f3108b86b74f49188051cc1716a803

SHA256
daec4f02782c46c91e6a7e1234d70da3938af52619a537ed3814e3369d1daabf

SHA512
ab892287e1e61015d1afd5352b05a888daff81c1b49e83aafa6e657f12207f725abea630249fbe38b9509c46d4513af5308891e8f480095a689b0c2413c4047a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ea948dabf57127b05908140944888ef7

SHA1
31d3a8ce037c5bc73cfb602fea3c7b8f0d31f7b5

SHA256
1afca7e3c2db3adca77ff834c8f057c273583fe935354bef70a813fc67dcf1b1

SHA512
d72dce97a843a96bec932a5cb7f76fb2628f5afff00ec07f3870c94a6b52113269a0726c865e77a22f8ed3cda86c350e9f507eec4ea448ac903405d75e38482b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
415B

MD5
2f22c0b1f57cf5c5de48511d91a869bb

SHA1
c83afdaac18ecc41071ec99698ed8ca18e32cca3

SHA256
036f35db164f82c3915100a649c1e36fc4a9df31c5dd619076456b4ae74fcca3

SHA512
463f290da53a53e0f4b03f75550cfae3270acf5f3916f7488ad23b75d870359004697486fd74beb2ec914470dd220772e6cf6b4460ecc4418ed272d49082100b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de9d079e9e70eb74e0a92f57fd7b76d0

SHA1
c395173814c28f459cbf2a900f670c37123b0bd3

SHA256
7fd45c967b976e1ff0261d0bb9beb43d174fa97ade653d0abf030d568b841e5d

SHA512
7c94c04452a8838a4ca0234a8d0258575af2bc4a11a3ec887e1cd82a7c2ac415719febfdac79f7e3aa4715dfc929ee1634984420f4c08b3a08773444e8361274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec63068eac592388746dbb87af54444f

SHA1
654302ac76d02ddd545b00e09a958eaa54083dba

SHA256
add72c5ea2e01f1f2a9149235685a1ad74c73b6b17d5009e80b1407ff079412f

SHA512
aeee95ee41686fe2da3d91b9ae99703203dc577b33c533e535686478e0c251dbdd144cd322cc1567a6c7ccc77e32893764c4650e2c64b2405a4c1e4dd7636493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd5274ef677cacdbd9274f2420baae54

SHA1
073d647a95d53a47a9d79bd6294278f1efbf9e49

SHA256
51003084373e49878e62e6e4f1cedfaf0b0f3f354bf2d3a86ec66a3b844a4269

SHA512
772f202da14e641204b9c8ad5806712e837f14bc6dc09fa2692b8635af47625200ab48bc82c631648020c3fa27050b9313ad78757142ff49078aa4221cbf79b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01b0eee38f0e15cb0463936c21494a1c

SHA1
97b5160654c888019eef27fbf150d4e9ba534659

SHA256
45cbe7c467a887cfa912ad6912baaa41c20a2c075363d7f2012d032245c81c7f

SHA512
7721ec75143c5a7724aee5934c9ed2ec309e0b0245157b326ca061536c3da439272411bc64d7ccd91853baed31d980844b26d88391e7df04e6b427b82345c0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7c43199d1e5acf5a31e1cbef990fbc47

SHA1
df7bd524b9b3175325c0aff3469ea7f2211d3061

SHA256
52a6fd2a2fff53c738c77a6385e7e1677f8990781699f78c63d5a4b0fe566d22

SHA512
aae886642b40ffb0676534fd85abe43ab588526b8e952b12a1bcafc73cb05103c76aee4fa32cc18c74af6c59aa1dc84bcda09ebccb7d11adc79fee3bfc93e2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\247ae147-b9de-4659-b70a-8a5d01cc8808\index-dir\the-real-index

Filesize
72B

MD5
4e9e1b936446cc1ab4ddd197c71e5cfc

SHA1
2730882077f510887525d5b320a247d20f031d94

SHA256
d0bd76ca32ad7f1d255d63f94404c256b203b42d60a0f0130f8763c512acba52

SHA512
10695ccb44bcd6314ff3fb650c5f9258e6061576a3afc0a6813935f60f73601797143edd3ffeff7392f485b77fdb20a2e7419b1e801f3cda50f2aea2359d7b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\247ae147-b9de-4659-b70a-8a5d01cc8808\index-dir\the-real-index~RFe594fcc.TMP

Filesize
48B

MD5
f883c348e12027e37671075cbf9f3804

SHA1
dc681fb8fb769fd7243abdb580aebd4b50392645

SHA256
bb514ebbde41a77094239decd2c69b8cb900212b344b66c2c5055a46e266bcc2

SHA512
372d25a2e8b84b3f2837ae0cb27c734593745928fcb976c6e155557d891c4d361fec597e62e57b522073b56618a11bf7ad23b110efaffc35c12b71e96f420dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\5008d118-4b24-4444-8717-82beace30b0a\index-dir\the-real-index

Filesize
48B

MD5
e0d8b57264996156353cfea537a95bb4

SHA1
0c367ee31822d1dc672ac10396d8c397d342c382

SHA256
01c75374a2b143d19df6fa4c731d6b4ea9c073de8e57c1d910416d6c4755770f

SHA512
49900b82f05068d6edeba56dca23bee5241b6a21251d62a7fcf677492cc3f2cb5988d6e8255d5687ac9adffd793ed28f1cbb905b2acd01ca7cf768aeb9a43acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\5008d118-4b24-4444-8717-82beace30b0a\index-dir\the-real-index

Filesize
72B

MD5
285038bc953df9b534dd9b5106a393a2

SHA1
bc7e91c03453a599584cd6e9b50426453d27130a

SHA256
56c111944e0291b3e2e7cfb7ad121e10752aaf678b74794c331b7337ef459fc4

SHA512
33df7d8d7950b096c21c1fd9650205542ebb0faaf8353c0846c5b562bcc0f93a4ea9550a0f4f90f79e4c3a95f92fcc089316a1dc0eca0c28bcaa078e93cc3ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\9d605cf9-8f6b-414b-8e8b-97a409273cd2\index-dir\the-real-index

Filesize
72B

MD5
33a99d56cc878457e526b2a24fd46579

SHA1
7b3d7ce3da8cb91426de71079b8b8c948fba78ba

SHA256
ac890a0f5921845af7143d20e8200a83af25108bea9bf62aa31110e19d9c1ebd

SHA512
adc5ca7e7cd9432764522b6e5af5929621749c6ca101ae5ac845d08d0d6dc6d8adc3e0644533ed281ce52bdaed6daa73bfc2360f183f7bc9a00d690622972309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
167B

MD5
26227f17d6b988e4f64e8e1310362cdd

SHA1
40729c4cae9d0c43f86cb596c4973e6004798c9c

SHA256
56d278999906ab2a1b55575c8881b14bd277f6b1f4023fc78330cf98f082e3e6

SHA512
8defdd28a4808e096c537388d031ea91e9732df064266e0b467517b17f0e8ad9339fcdac2e8b4af7fac0ed55beeddd2290ee25cb77945ed9827f1216d84c6334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
217B

MD5
4cd3e9d6734bc88a8bd144a5d78506a4

SHA1
e32eb186d75bdd78342f3231881fe29ef3af994d

SHA256
8a646ddcd7bbe2c68ede561f5c72bcd057f21222e6bd3c3c81403d8996c9052d

SHA512
32c9e6c273bb90c280785a19d7191aad32331066841455abc54d623c4a860babffc73a1bb29b38525be1aa1147be0a935a22d9459381c095f278d9b7367322dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
211B

MD5
a1abd33c7072ebef19863bc2147238d5

SHA1
4da4f72ec5b44d0ff4002ba0e7b97df31be65e96

SHA256
061373b17b480fc1dd2663f0d0967881f01eda0059384b6c4536e6c89c09e27f

SHA512
8dfaa4cddc46e6533dc69fedd26ad569382b3718f9e85c1d5c7d69a32829f2a13ece0a9cdb6f66fd0640d4cbeb52656ed651bc8046432265123b2392017432f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt~RFe58feed.TMP

Filesize
95B

MD5
1fcce22f387e49d9708a4c86ef0da659

SHA1
37945afae9dfda13b0f371ba359e8a2d19f99cb5

SHA256
cfe0d911f751d088d843eecb3d3d620b8e5b2d3ae0fd800af12c219f54aa26f6

SHA512
cf6d4f506d8e2ef4f0f85edc9103f074be3768950b0e726e20f82e9bbfc4113d5a7227190ddb232a04029dbbf206883c4fc5f307030429bb121d936daf55d46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e8badd3fabb157acb4dfc6dd0f0a21c9

SHA1
c7a8133c9846c87650d8f72dd0b10ef60f8c72b8

SHA256
e4895a9ee70e169752ea3c005067c742ce3219aa003efba82d19d64860094015

SHA512
57f6161fb8f9e9e5e18515a25740a51f816a8bf57c1b667fee8ba5da5acaf518d72e72698c7b5b31e49b230d09eaa5c9ea89d016daea048c47dae205f29ab71d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe594fcc.TMP

Filesize
48B

MD5
7020dfd711ab1b8b851e6dc3257e65d3

SHA1
901d91b1f498e540a522cdf5346aad4e97f09ddb

SHA256
e47536a4d4690b95ec060417993c9cad80241664c820defe8b7f7c015d7a555e

SHA512
3ce0f0b0da06ac4431c01920c2cb0f854f4151c6450f07be13f10a96bc6e9868495f01b6315fc8cb85f8242b88297d8ecd1ec6ea1f87296e7f67d28e0be0018c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
136275e6746205d25ad7cfda6cf05714

SHA1
75631ab4dd6602e9949611445288c2667753527f

SHA256
6f2591ebb03deac783fef33cbf80b295c112657e85b298c54db99fac60a4bb5b

SHA512
6dd41cae7da1f1f0bf5d90c41a5ea0ac2d5af7b8f2a1291af74ba52f69b643ead44274f7c6cfde6ee11b81368dfa8dceb705266e310d2b55a35dae59dfd783a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
205e9d1c63fda53350529f9ce3f6a34c

SHA1
5e4319e12d1771f6fc0fee6c6c816a095fe40f0e

SHA256
0d1c49a561ccec0a2d1c4f3398496465731947b16246613788b106b7a714685e

SHA512
a7ae22b7ba812ae759394831997541c03f961ca03637c69522603191a780f603068b039879e38b9cd9fbc931c678fecbc87d4235b93824d35f1301369c266395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c1e1dcd96ddd70ea01b5e9e5ccfa8d1

SHA1
904c738602a3285a1077f4313ecf7fff6b673a8a

SHA256
baa4ae1e7da00cbc9350dc41bb4f1a2cc6b6174fff01f3bd9cd7d54bb2fad489

SHA512
6070fbd489a8cadba36671eb95f94e28b11b8e02d7fdb29b315fb72becbbc04e0893f333dd587f51bb2ebb111ea416e3972ed41a0e816b97f5ac1e523b737551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b89a797131ce42ad87843bbd4dada79

SHA1
22be024e63b260c4db4f558e68892550cf26337d

SHA256
417a9ab53b2e628da30cfdebff64bebbc4b61fde829555565d6a90bfd521a63d

SHA512
32f10a66263006f6c6f92aee610d19706488b7b930d344dc2206e44978ad6955ffe96cf373e37abe1d972a527c0b6bad41528bac7d0748da538d96967695363c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8ff571d2757a6775505f9d1d3030b35e

SHA1
6821aab015750ffa1ab8b39f1942064e7f6b0dc8

SHA256
18811c52a357ee82ca7d5f89dd765f80836da8c1cc5e22dbb1cd9fe6d36631ed

SHA512
dc03a87a394a5fe01a0a35f4ca0e42793e951f630a0ba35337d18bab24195cffdc86a001cbae69fc94491b34c832501336e3a1f2ced3e866e432ede8b0c4b09b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ecaa0c0e9c943ce6e394188bcd3adcb

SHA1
6707cde77516cd47974326113e229fcf2e8374f4

SHA256
b61c769757c3884973e24c0498d4c8b12f4ef10ce61d88f23856d189d157bc9a

SHA512
4fd6f3637ab5d185c34a531bae7f8b86ee690c97c632782cd7e17df31de533dfda27763e087672ded648a9099a520bdd68ac004a4e3ada65829268b0eee0ba4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2042b8c182c2d29dea15709b0d7a273

SHA1
c92e34c15e32164018fe8afa6c906c584bd693c8

SHA256
24eea613d0ccc28413eef205660358e42a455aa7671b9541c23b33f661b6cd1b

SHA512
f0a985c254df3de89bc2e96bbe2ca22b3df10463ae663324e7d2f3df7157283236c776cab42050637c04099460d988cf29fcae016809a59f3be8efbbcb55ff68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f13089969d98d1b5ceedccc507fbfe97

SHA1
ab9d9c10d5e418461edba261d6f93437aecd4562

SHA256
72d21cc77915592f0bc8b08b61f17cd85587840f480b9c3dbab36890f5ca9ff0

SHA512
cac38f0f0d5f332a929f7579b3e0867e893e047a05510dadc1bb01bafa0a5ce7efac3faba79ba752ee6047de4a53676907fdc0042f59c7110ddc7879775eaad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587644.TMP

Filesize
705B

MD5
e95768e058697411df9e0a2cccf3a8aa

SHA1
9c62864c7b985568395d98a28f534b1ec7f1423b

SHA256
1cf40e5ee1165023299dd0037f3ac7d3a4002a67b5971777a9b17840a0088873

SHA512
1b4a1341087b70ed82109d50d7edf8516568c0fa4cd62fa2975d4f7c121f0c237552caa1f385b46d68f1ec3b852b238c39e4b257613ca8fab323a38b95a32d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a4055c0ef8f06bb3b2bf6a65e2cc0256

SHA1
139c71902c15b5678ce3ce11b18690482ad4f3a9

SHA256
c786ef93dd81c95bc739f7d35ed449c3a2a48087de62c3318cf9f0914264e67c

SHA512
0b7cef3154904d49510252c1949a39cbc5031d7d1bc11a9d27af7971ad5dba8f79f444a87c37f1dc5d428dab6284525a8b204cbb1d45c9509a52ffa6146f809c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit