hxxp://instagram[.]com

max time kernel
960s
max time network
1040s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://instagram.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
3084	msedge.exe
3084	msedge.exe
1956	identity_helper.exe
1956	identity_helper.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 4716	3084	msedge.exe	85
PID 3084 wrote to memory of 4716	3084	msedge.exe	85
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 1528	3084	msedge.exe	86
PID 3084 wrote to memory of 2184	3084	msedge.exe	87
PID 3084 wrote to memory of 2184	3084	msedge.exe	87
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88
PID 3084 wrote to memory of 1348	3084	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://instagram.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb179846f8,0x7ffb17984708,0x7ffb17984718
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11379720381738912190,16502734525298695156,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2bb86f7b-b253-403d-b91a-7d134ed9b538.tmp

Filesize
6KB

MD5
d73145f1e83332c762a718811329c8b1

SHA1
ef23a5814aee11f8f518a7ff4f45cc2db937124e

SHA256
9492957f53445e4578979ce8c0329c06876eb8e100861c04769c07b28fb65024

SHA512
1b92770f78738d4ab373d8ea89b68e3fc21016ed2a144de7bbcf74f0a7fb692227766d6660a612747f6b77b57fed128cca44d0db6c73d0ba6f60b1277e1fd087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
74KB

MD5
0abeef2e28e4de26930e2298e5b30a4f

SHA1
fb535b24cbc0c27e01c2464fa60fda7f79d5283e

SHA256
f5fa03c6363f68b043a3386ab781e16e39cf01302c078cb6233bcd9a3d51b1ed

SHA512
0b687e229a988ba6283c62dc6eaa2f4b81c85fdb1f640d2383d4660cd32307995016a0fc92df6dccea155b4e662b3e052ee7c511113dbb2d784339ed5629d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dc644a78d6a9457ba85f4fb6f5c77317

SHA1
f7c161b3332c52d37e85995dc11c863c56024711

SHA256
67c282407811f37761405532d4197e4b0dc48ee740ec90e045a491d621b3a355

SHA512
169e456e83d11877f3ef892a2edb555b7d14a10c3cf45321a1a3b2ce77b13572358c5642336f2759112cc5f9b1bb4b9e7400508dd5a23db9782e00cb95df1e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
09819ad86c873d389d6d1345ecb70381

SHA1
5125add17e11c65b87d9e384489ba0cbe8b6d459

SHA256
b36d2f14809fb1ba9c274ba611a3ad306ac95a5803ea77fb0d8b8bbc432e989e

SHA512
73c30e579c9855d0462a9671f9e4e7605f510663e79ba110670c1d79ba89daa9f92e831c2ef91aace3e13a404a06de1a25bbf7e3d877762ecf4378cb282ba13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
24f1ffc7691835543c5bf3eceb084077

SHA1
842eb8e88dd1b3572088acc7503b01c05218696c

SHA256
bd5d620967bf55885bdfe9414e7025623d95b0552afa6e2d99fd19216ee5f44a

SHA512
8e3bf5b545ff9bd44e68476e147fd1b7d70aaece35086d572c7dcd3d3d3009e6b5c6082902f7d48156a90fcf3d852fa707747849b559be27b0f9e592c6276214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0ed17dcaf0d55ad94fb7e73f2a7c8947

SHA1
1b776760fc624d53a171289afb0da9d59546ddc5

SHA256
65682dc6e37677517992c6c64f2384cc027252283acf062b5b9d90b543bfd99a

SHA512
6287db47a59ad667bdef2f1dd799c7951f1566cc63415d6a323b590c4c2e3defa1b22e215bc3e060c8d3879f2d74a011645c64699eb812f5929face604cfdccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.instagram.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5dda97ab867ee0f1bcaa622118cfed86

SHA1
405c6fe1642427535d83586800e5a23523e94a22

SHA256
185ec9a884005f9c1acd71f360295624d22a7b72a2195aaf2d937861aaf126bc

SHA512
388c038641f6adf9b4831878c489aad20da0b6e64dfe3355967579fa9e1a0acbb69b888c14f7dd02adef0d1f5c336bd70297e1500b16ce2ee1447f75a27c8939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
919B

MD5
d31880ecf3b418365a0e1f3164b09518

SHA1
59d269fc33c8f6541b2c2ba701d93cc6454203a3

SHA256
f5dab4bd5bb44a4d652b7ff6ec7e9cc6f2ec698c180ecc7fbf90026db502810c

SHA512
5d83b57f0d76332a639e0eac76b3dbb3a851e76cec512f229c67f4b2971a8d69f5053e268a305a2d8495b23b0e34446930de6b80cc6b28abedeb368cb1a7c3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d0ed007a463a4f1813d09a05e26fe4e

SHA1
c87587f63919728d3b4ccd6f275452145df6d5df

SHA256
a0283a7f84174a6d69dc012abdd4e69b869be719ac15e5e4849364ce2b2fe23a

SHA512
89c89f54d4e797d463623463f55595fe119886aa7601a568bb6e3eb3b9db763ae16db5ebf06cf32af7e3ae68bce2f3ee1d26c1e971f2baecedc7ec37c1f2b1fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a49d016268bd239900a8cb95298ed6d

SHA1
b1ff827fbf4f955332511921c6fc2dc90de556b9

SHA256
039ccc2c96542a9ddff6ea53c11c8b2b9ba0016c1181a1f2f36f6136870f4f07

SHA512
55daee48c345ce9a838302c8d6be1b9b8be6ba1da743b7b3bd281750a64bd957f92f6ec0277bdab5568de4bd49d4406fe20e563897f4424b818b272694a54071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd553887b58537eda6963924e79b4004

SHA1
d81c9c8a5a7cc7e06eef080224bd43f7ab7477c0

SHA256
6f746f2ab339d5c2a8182ecffae17b9f6d754be331c117dc8b8e6e781f9431b5

SHA512
47cad49aa65444c4a02d37efb6bc18cc4e4cf3208023b4d42bca5bb74b9e5169a1e45fda4d55de22b144194a17b9d877b56cf186f9e46ba8e757ddeaee95fb90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\2d5a82d7-328a-4540-94d0-4aee3946eec2\index-dir\the-real-index

Filesize
72B

MD5
f977e308065af6e858f4a578628b6138

SHA1
adb337a6730760d88b841ea957e41a3da7c607d2

SHA256
365c653cbf25343c34a31db106bbae3b7a00cb9f0951952f4aa73814aee01916

SHA512
6cf11ba1c2549b05760e46d02bcdaec24e68f562b1925e3c32d597659f07128f2390d623edf154a39a0a295f0dcc408eea604aee75908450ff0afc92a991223f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\b2958505-3bd6-4ab0-80bf-a2a28b912902\index-dir\the-real-index

Filesize
48B

MD5
132e35fd30aa26d75dda04f6039c7d0b

SHA1
fdf8db5a446680e0a8d77d6b52c0879222a5e6b3

SHA256
f8be76b3aeba1552ab51c670ba494a45ed84a6a0784aa74df5aa364ecea8e539

SHA512
6fad091c9d63753376411b153f898265eb008fa8a9cac82f8bded05341297804548cbe24cca35b3405a492b5eb80d8a1bc8467c44f3bfd8358dbc500c184552a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\b2958505-3bd6-4ab0-80bf-a2a28b912902\index-dir\the-real-index

Filesize
72B

MD5
2bbfdf4c886a24e44f9acd33a01fe402

SHA1
39d269f6f7f24dea200b25f3855648519d546080

SHA256
a786023b84dcf66b931b8ae4fb0a179ca2d3d3f4e5c18c894badbb85fcd59e8c

SHA512
21db3b91918f9d47a6cb2df9f4ebf5844be4b73d9e3e9057533064e6db7d5ece09571b61c9a29bbc660bd6465a0c287781f54d21bfc892ba8b3acb00626e557f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\e5b5b186-a7e9-4a68-9dda-27b29f1d2b96\index-dir\the-real-index

Filesize
72B

MD5
902535a602b103007f956ee9c8640222

SHA1
7bbf0ccef97736c856935c6f2dfb684c76d92dcb

SHA256
9e94413ec893420a8500f814611de673773aa8dded9399c51010fdce7879203e

SHA512
4f297eeda371357e284193186a8596739ed71064b76268e793c467513debd6b21cf31826cd27f3426f3f7013f98aa9ee82e3ac2053acc4b4a4f1361cb54b9fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\e5b5b186-a7e9-4a68-9dda-27b29f1d2b96\index-dir\the-real-index~RFe57de89.TMP

Filesize
48B

MD5
4bb96105a3119353cda118e1d3632451

SHA1
6e1b36d01f10a95ee5aca701b7bdb808add2d89d

SHA256
a2ec91e1570c9411a9c8863306fbaf86ca7ac885adc86897ade53c264f7b5289

SHA512
cb083aad174d46758421e873bd6127864b7ff3726da96d7295aee505b5f840bbecf6bc2b6663ba05fade44e2c5ef0898625b10e630eaa2a5f554b4bfe8ce048f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
160B

MD5
ad74f64a5f65fba1d11a309b437538c0

SHA1
bcb03e95784d3360e01718685d01900f645283c7

SHA256
f27f30405c46bee420f10dda2ad3575861f424e5c387876b7cb4a6f7aaad8fc2

SHA512
99bd24d863879474d535ec71b52ccc371b684c313056b7501bd05d948bed460aaeeb02d829aaa3442e05287bea31a144db3ffdfae94918fd01a5db3f8fbc46ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
217B

MD5
f4ec1128d2ea777ca5bad08a36d48cec

SHA1
bf4fbdb8240e96f1ac0e2fb1e3951326c377622a

SHA256
68895eab56955d47157b7622d5227c2859c2701eef12469354d8d01e758584f2

SHA512
8382447d134f0f79069ab491b3a55aa93c4ed8037f3cb74eb1904015d9bc40b24d0c4e0b41b13a3e0d4b8eacd2ffe1a2bdeede3bc336cdc5e320e3b32666563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
211B

MD5
ceb0620c41783eae03221e733a83f5c8

SHA1
04732e7aaab3e4627fe5f1d99dfb1eb3f5ca6695

SHA256
1777a84e41c25bd41a57f51b4cb74e5e44e0bb91cc43e40667f01b8b20bd2049

SHA512
be00729e88de5285ebe6e94f9296a4b127c94b3358c091ff7304a5fd02f87b5b7dc2fc640074d95ad87f4eaf8ff76d768020fabc6baaa4b5e800ce4f0bc67ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt~RFe578174.TMP

Filesize
95B

MD5
bb96f4f911ad4aa48c7b2d490a65287d

SHA1
d1946e9355ed9f9a1283822c555a3b337ee6c34a

SHA256
d852d6a7a61086914815a7e6c8e3216a2d295284b8cbc537e07c578c0f8f250c

SHA512
2936ad190f995bdfb47e1398e5bae22259f98741522aa1d56d991cb1efd3fc3209793831c0aec1dad8a912e1c94c352b20cffc40df2b8dea5a548c2f9520b505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
96B

MD5
1d435b98d46f625ac7cd7213a71b2feb

SHA1
1772baa10bc7a40ecd421b1fbc9f33e30742e056

SHA256
7b54f27608343b16cebacea379523d1913e749e2f79e0905d43d37a4664371e6

SHA512
ca0adc511b2d26fba02e5f7892eb2233534a6de7b59805e4b084c48d6309409eadcc871bb5d032a58d882f58779166ed3822daa8564faa18a9c814253151e3df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57de89.TMP

Filesize
48B

MD5
2ca1bd6447ade56f7ac280a9caf7d239

SHA1
2d3434e815b93b075233a0ac5f80c60ebdf795a8

SHA256
835566d82f366d09788ee0e9467be3b787322824ff244abef174dd67daa48a45

SHA512
9b7ddf678a0bbd4fb8c241411464a3116bf86ea8e15306805f36cd34e1880adbbd285dfa8e62a4cd236accb7b0c360dec8bacd5772aae46b77f5cf7179e766e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c70cbd970c6c751c0e644b76738b5ae

SHA1
9c17851fab1d67f592d89273f23bd3e7cc065768

SHA256
bbfdd6c821e956bfd2ab79df867403c4a419e1ccc81cec494aefe6e81ee23a76

SHA512
ae78d8344ca189677b5fc27438261fbaecb573375db10729b3f47a8c86e2a9f36c187777221736a36244472888446f97b92de28eec29a4766bcf24535fd7b7c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eaf9cc098be598ceee3c231725c18884

SHA1
50617a30d158879ae3f64208462f35dd4ba65d06

SHA256
3dfce8fe08b0ae243fa31bf6ac30cd7c56ced7979ee0d653d57ac5aef428ca11

SHA512
4b81ab61f67b485c2f6ee9b543b2a1c56ba7cc80d517e2afe27b77f1f8f30f258e6ce9aed1ea79831e4e77cea6a77d2383a8945df8065e6aaa71b90d953bab3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40d063cd9a5854a2c66f5030f97078c1

SHA1
3c73512d3eb2200d5dfd73e96ecaf8c05316d5c4

SHA256
6e05277b00e1b840493e31e327ab66000a6d3659c4b45a90492e122479548eb1

SHA512
c5efaac20d15c1f560a506837529a03ca733ea891b91fa822cd91bda40ed3314cd5c40d54b6ea2fd084f969a799451941f10b19717467c8696bde458d92d2794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d59930f9880c291938fb1425ab47381c

SHA1
420f9b6ad415774805d3c1fcda93663633d70343

SHA256
eeae42aab7adbd3495ff906fdcc4e350c3d03ae4eede7d393a4453622d0b2d9a

SHA512
635ae8a15b4bdc02dd71823418cf243ffcdf6150c12dcca586e1ee82d4d87eba2e47c887106813935bb2c029467970a2cdad06ce44efa56b7196d7c9d3cdee07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
309378cf269356378317eea24db9dd46

SHA1
705d99bff47e8b45d8b8815cb1c49eec71bf443c

SHA256
f6fc52ea13ddb71c306b2955440e9542b9fab3fe6e17249af619f5e891450687

SHA512
6212469ce64113dd5fad8ff630aff0a0acbb89114c2cc7f20621cb100ba3ef454d935b213310218d65b4e7f0369e3b7eace37b86d68a73eb36b1b71fc770a521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9a4ef6bf656d4e6b25b825bbe692279

SHA1
e4b05e7aca84bc2a8009d6293be6e70ed8261f60

SHA256
27fd3283589d7b6d23e9209a3490eee364890dc0c386b49273b363429254e0e7

SHA512
cb85ada03f14ebe96cdefc91003b34f1a8fefae2e0156794ee4a7e63bea750e03d6d84cf2cf4dee0df44efcdb5b52cd9d07abbaeddf798defb5f5b41edda5fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
416997447fba27d878d69d50c766eabe

SHA1
f2fac6084df537517e1a3d8a31a0e5ef9517cbb3

SHA256
c6b55c591c704d68cd23e11695ef7187cff106f86dd5199ea58a473f6933a085

SHA512
c7d4c45c6bf1e98731dc31844ece539b8f3f366b44632a753bb87b83ebbe97604daeab1a52ac62c406a4ca2f3f36e1c532a11322837c797469967751cf417636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
182ec52cb46ce1656a15bce5c677db41

SHA1
942da040370c433c0b590a5f8b0d77b1660ca091

SHA256
139015bf985f7b67934da9d89e15446ad54dc0bb58c82ed681622982b11a4fc7

SHA512
30ef64ee0a75d24f32d1f5a1277ba440b014430b421068b893198da263f776d408f74394fc8da86ee5695c17e5b9e339f694f5722e86c8a662610e8ba5472f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ca82884286df5c0a6d3534c3537ba15

SHA1
3bdf2729788deb506553a2e1c47d481348554be4

SHA256
5984723c3e01da1328ec4e0f5abb852174aa2df90f58d9d0ae968cd6a5d94828

SHA512
18291a2c5c4608dbb95ffc385e27b8e037b6b73e61dd80ce70b11d3ad2cd077bea91097f5694aa1f7831b8925bcae934cd1016496aa8c0f0acf57bc147d71f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
72c3f156088ec5b96735cd285973af3b

SHA1
2dd4b56638400e52b2faf51c0ba5dc1ad18a916b

SHA256
ba890201d5f35f5218fa3180af3e393291ae5fed723a1a9833e36aac50d7ca1f

SHA512
091e5d100a20281358ddc2bf6c2c0e1c9a43b345f4f62beaf9470f95ff6e91e89f9f4b24e29bf347d986528514b439be73a496c2460a7190d0f3729c0a6f74da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70c9214f5ee70a5dd4be15ddad5c80c5

SHA1
5fa044d65d38cda443e79bcd76ba54b5139bc0c4

SHA256
17feb074e895fd58e53c5f46b11b5e4411a6dc16f49da2652b3049b95cb4cddf

SHA512
47750fa6fb1f28c1a62802f718e3f66828e2eedc2f00a563751af43cd763615ccc8010cfffb7d1cfbdc0016fb77898856aadd533772a618886304121682a9e15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
def0e4a7a416389aeaf198590a59b7a6

SHA1
fff0044475a31554dbdd00440e2d45a2aad2c818

SHA256
492ea5ded290e69621d5885ea50fafab9d3cab626a098ad73f0e6261bfb3e58a

SHA512
f060346650557c539d4103a07e2bc8f23964a7b48d379f2695e1c39716c308577e56cf58776686565aab8c326dd6e0c8d6598071004b226cf0e488766598b2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7229b6b1d933016ec5ce7d20fde4b431

SHA1
9e61c850a6611c176dabe247080f9c53f258382b

SHA256
b481435db7bed8133857158d114317749ccd7f76cd1368c2c28914597ff0213a

SHA512
b45643e7c8c08c3c839b508c1ea587f15be2468b8ca0ebf19b27cbfdd32f119bfe7b020e3365e18af54d24ce942a9f4696734cd97398d4823b56ec21aa512cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
853fbf389652feab404eb7528736d9ad

SHA1
502eaa8e0ff9843c57bb1850d4123014aeca78e2

SHA256
fb5260275d64bd1a1d8fa3dcbadf41e3a5e53956779ccb7a80d2c27cae37d7bf

SHA512
be501e815831bf8bfb0c340b95d73f9a482aedaa6218b714557a6c6cf73c54f3fb60bc7a63d426ad597e6beb6633bda95f5f58d81ce1bbb95ab7d4c2baa38608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2b0b7e017f927d9ad2401259cec1b48

SHA1
c0685dcd62883f6be28322268915a08f9d3fdb07

SHA256
c3395aa207291c4c9667626df5f3011d066946b9586fa8be14da4affdd5a9a09

SHA512
70cbe001c62f545c1f278fcc56487dc1b44c8b0fa870cb20637e184bb7683fe73f792e968f2125bda901eee7460ade809ef49a11d39d32e094c4fea313c0d7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b0116a8a80d68d195afa5d4a74d19ba

SHA1
7d8c0814a23184777628f4fc3627b755891ba6d1

SHA256
4af21b268c7e98457e29f1960c3ca3ebb06e9a25b461a128d87160cbb5d49836

SHA512
ce544b98d49b814d52ad0970b95e29bd46291c469a49a865cc3e94f6bc204c4fac223499dfc0cf813fa800d0967d05cbaea9759623be0e9eb184d2ef18236ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9bc012b0c551a6bffb499b887caa2f9d

SHA1
bf10c7d2dc4e96383ee326ab2a8e03a18202e5a6

SHA256
e32b89e41d23e4cbd826917dd1e8a2f227eb2fb62f179db7d547faa168a0fc02

SHA512
794f8d95bc69464a309765d2a26a95e1f03fbec89da67af641347d37b9bf321dc42061384325a70cd2b40ba351bc8af2f59d17b480ffb8ee5c96078875546524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a529.TMP

Filesize
873B

MD5
8bd74cb5822493a17adabe97b79df4fc

SHA1
b2a09ddbc1c03ac272da9ff3e1260f38a570df56

SHA256
d80a9a8c131204414bbc44d372c095ec3f6553c217450db7e04d8eaf7ca79b5e

SHA512
580717be8e14a0cf32ad65114c0e7020209cf9739a177ffb21fc5734af7161022adbc2217651da5ff2e94d2ab97a3de9b62368711204869888c51c81a3faf053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b15a2b2a85ba0a4220cfc79030292f4

SHA1
1e3bbf7ec34d3be01e80ab9dae3a1a8f29cdedb0

SHA256
cd726aa7cce68fc020bc7297b3299df5453d526e7faf13147f4cf59979f2f776

SHA512
606d3c5273d8b457d18167e3177a4ef6d4d64d3b2965bacfa7675e2dfffc7059a546b42088645a0dfa4f52fefe43197e6b4059f39508c501095b96fe1d70c676

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit