hxxp://instagram[.]com

Analysis

max time kernel
307s
max time network
322s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://instagram.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
1012	msedge.exe
1012	msedge.exe
620	identity_helper.exe
620	identity_helper.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 1564	1012	msedge.exe	80
PID 1012 wrote to memory of 1564	1012	msedge.exe	80
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 2736	1012	msedge.exe	81
PID 1012 wrote to memory of 3580	1012	msedge.exe	82
PID 1012 wrote to memory of 3580	1012	msedge.exe	82
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83
PID 1012 wrote to memory of 1052	1012	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://instagram.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b894718
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15831078553371413320,16350043824073189380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
66KB

MD5
e2e0065a7c48b961ab15902406413186

SHA1
2d8971a537e98f9c2a4a47cac5432f6445f59332

SHA256
afacecb598a92b1cc97b2f0d90a39eceeb19f199842313c478bcf5f3db223172

SHA512
651d531e4a75a582b1153d1783fd6ff21ad1c191d4cbcd92d9d95c2c7a7a4e4658e1f73bf6233b882d41dcda7291e34d5f95028c482d9b96d904ce502036c2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
29KB

MD5
0ce9a7855890bf0c9d3d5cf5e89fdc7f

SHA1
da6b7e2727eb8007d96a77d81005844f322610c2

SHA256
3dd1ec287849a086dcb9050182571fbd7fa36959af312a8363e9c0cd6a2a2cd6

SHA512
d1659a326a263cd614d581d006e3d418907bbd89684e99c802bb6f00074e24aa77710283268ff0fa90efb0a7a5611dc966033d67f9ba974daa394968ffc91338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
203e9e4d2829e617c8aafa816fd7584e

SHA1
3b86376ee38ed86b6ad4af0d23770f570f4a96f4

SHA256
6e719541256aba6c63e22d278c6ac0719c91fc9b5d94ac15e5628020c362ef5c

SHA512
572c94bf347daf7d351d629cd4c924fe7eda5aa436f3713ea0da0977665f5f85c3c48e48248cc4ceb27ae03ba1355b779cc9204ec0a2857dc0230b06e4056d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.instagram.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0f65e5c6b2a10c9bcb8d5f31f75e3062

SHA1
044f361c2c1d51673652fd1f09ec2e61f15b366b

SHA256
bc4ab27d0bd951503ab6b8bcbeb5b71e8c42ad9ea79046c21bad5a32cd9e4ca0

SHA512
4647cd3a2bc144d13116f706c878762d03571475519ffcc1b192ce3bde7f880b3049ca4b10e96eff5e8ac6ae10ee91b9fabb1263df16bc6cfd98012a267f5121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
14d8fc0a6623867f377225a7593a1ff9

SHA1
8bcd628f2481d4e66a28c80968169da3464c3f21

SHA256
ea23cb79b351ba70d73e25c44937517c9ce92941dfbb2036a7f02dc6d8fb77aa

SHA512
725202d79cac44d8955525fe53a4b3638b1b1b4e293196d1fcada7a8890a95a499fc4e73dfc7d3a530bc6d4aa9bd46ea307f9e4f061cb48a8363bf32c67c21bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
08d56a5aff38947df8634748e16bc7fc

SHA1
de57116211b94319e9c1fdd67e58656f8bc2cd27

SHA256
947bdccbb801890a3693fe13b437e5644f1e83ac5e425e4f3140ba83026ee54e

SHA512
925b62b7847e0d2ea08718895dbca32c6b6ca09daec4390672d70d6c4db4bbb91512d41ea5c816b6e9a71ffa046eda4c1f5b5dc94e9f594e8547d7c314accf4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e14e99c64f7b899147028512a77dae04

SHA1
5df5cb6e58a3743ffe506b8e6fe5ab59ade21821

SHA256
d2d48242309a0e60f2032ce4f94089f026d8343cb986a9bc046e2546403ba934

SHA512
c0ac118f40e852e2b93fa4bbce0ab0aaf31cc023193dc021f1ebb66ae349f69ce2af02aed69dd952b1c95c0c98a2e21e758f63f5ab1d75b7067849b7559e4207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c68f0a157c7a85a2423355da9044fa93

SHA1
27479b9c7c3d80edf063d87f56aea24b30f9b424

SHA256
4386b1c14267eaf2c9016aa127a637469681e6a01606afdb10bd6ca2cdbe4347

SHA512
5c513878b6407fd295e7f4ea8716644ed72bfb9b72f34314cdcafb0da30fdb5769f6a1bf87b491a7258bfc4036f1965b9076f84931b101296a7289efe60f8f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e664654a502849561d86fe78d0fb2378

SHA1
b15359cc48b105f96c8d681f4b7a587f862b936f

SHA256
4acf67e830b72025d0d7cdb04bba61bd0aebf292f58273ea8748e6ff3d7dd34b

SHA512
fbaadacc87a70cc7fd6183979ebd6634488179597a69f85ec16e20c029739eb9250ee080ee445d87b419d32fb5631ab428b5a60c1a4c8123cf89a45f1359d67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\c514c411-68ca-4d24-99d7-423a3af01f3a\index-dir\the-real-index

Filesize
72B

MD5
6025251c7573bcac80f8194ca576d07a

SHA1
c27ad1b17e47209197d60278a700f64d5fbe358b

SHA256
d23f23541217acadf99c6dd7852055cb81069766419d53e233540b7c2beb065f

SHA512
faa51c6e54d1f3460121a766684bd790433660cc954b5d0e0c9259eedec48d15b692140464cd18d42239d0971b6648a6d90dd1b3156d3f8d825acb90170b6fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\c514c411-68ca-4d24-99d7-423a3af01f3a\index-dir\the-real-index~RFe57f770.TMP

Filesize
48B

MD5
566ee803f78f6f16eabe7037feef7d29

SHA1
3a2ec3072366260cbc2fe99194dc71534decb5e0

SHA256
5b4fddab75eac0e45ea4579dc062a7e573c69b776316d146794d103fca86a8d6

SHA512
bf4387ca8667d9017113a4de59b1f75ae44d5bfd556218a2fcc5cabc4b0ccd83f959555902305eb7af06c8787954622ddd63ed478fcc6be9f2f73d2dd9e00496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\c5c99bf9-d0eb-4593-9588-c4335f890523\index-dir\the-real-index

Filesize
72B

MD5
1f862d3024ea7ea30311067d12f7ad8e

SHA1
aa74c3273138e5813360378179039fc90501b630

SHA256
70f777f1d1734d3f81d37ace76f52b96b3ca4816a087165e9fd052fc9212994b

SHA512
f897694fd933f82e2e002fdc400c1f0d863e4240ae1ed17322071dd18a4bdbc74051c7ed48094b68eaac0fd4ab21c11ccf8558d2986ec1220fa72c60b9ce3b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\c5c99bf9-d0eb-4593-9588-c4335f890523\index-dir\the-real-index~RFe57f770.TMP

Filesize
48B

MD5
c609c39cdbb3677adf420fa6b283d7a5

SHA1
56f665cf25cf95629e1e9dac92be321d72a6fd17

SHA256
3f1971a660e1d77e35bcd2d606ac1ac2cd4d73c92ed84f9396eecc58a1dd278d

SHA512
d424319f59a40c38bc742473296a139b24bdd8475af46720bb402b0cf7da7c9b9753b3aa4010532622642bc5ffdad7516872e439456177af7b0cf42af4b65e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
160B

MD5
3e816d6d1a2eecde0f407c8acb258052

SHA1
e40708a55c58376f65acdbe57b2b90de56b4d35b

SHA256
0799e0651df1134799a6651e17a48b8d7b99369b13ce7e11ec0f739c854173b0

SHA512
b071e431633a5bf660cc3178e41ebf15eff4809e465f7ae49aea8fd4bca37cc812ec4341e33a98b9183d207ed3f451e55f4d60f71c9fb81132317eb274e6c1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
155B

MD5
ece4d21331a882b8fa1fcd3734e8041d

SHA1
080b58b77f227bc0eb3dc649fc930563682a07f4

SHA256
b35b66cb1106bb1e9e5b89b1f2714970c1b37a371c72e1303157edccb65bf442

SHA512
34052f41ae400e73bfa617d5bc1cc7949cf7606815ff1c184abea643d3e157ed8744f40d50d70b150f63164655c2f875436c2e832d8f0a7d216dff7ca4f836a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt~RFe57a901.TMP

Filesize
95B

MD5
e7c1b35a1ea32faffd828f0f2955391d

SHA1
2f22496c26fbf806653fae4c732022a44e9e7ed8

SHA256
e486496dde4345841946ad093ff65c96930e60187df5a7b92e98dd572c4b602a

SHA512
b17074e1a9001ae178893c298913cf47d3469eaa1bbf6676fcfa2a3985bc5cbed14e1054cedc628e0a827c8fecb7b4cab6fa19c3272d6ef4b7363b3ba4ed2653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
019ed89696b6ab6ee33ee25e7441393b

SHA1
5bbef8dd97d53a74e403edb6db3d0916d3de71af

SHA256
2f43a90bf4197414e4851d5875825f1aae7e820c799becccb39a274449921115

SHA512
45c9146587827d823da061ed1f7df7ff427090268981d3cae7a57b6f55c7570723274ef26fb19bf3d74d7ab2ed3e2c2eac1f2ad0428f53d70d62682097893231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f9f0.TMP

Filesize
48B

MD5
3c47e2119cea4eb48c941820adfd0f82

SHA1
feb72fc54d7f3838d4499cba05fa8016437f8be4

SHA256
317d147a3cab8c4ce4467e181d9261db0d380eb43a20129a165384584ec7f561

SHA512
9cd55f5a14020ed13bdb2ddb77863c820221308c11092a06c823801a7bd9dda693bb9ee01a079c9c97444017270b8ea5851c9d2e0b624b4cde98db3279559df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7402182c4c6ec78b1cc5baa336c1e2ba

SHA1
f5190c4cb4fd4173b8da9b2383668a3fabab4a50

SHA256
412b36c4b3121dc8fadd869f6321a0d524e1e3b584ff005776608e3d34a9d2c3

SHA512
548a5af75e8e748eb46e1d678945ced987a768eb4eb3706cfb9083027bc966b88e694a61faa95a3d074597c1af7b7e335e2c22935a3bb233ff61d6655a905d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
05d81504192c95db90bf03ccb675c040

SHA1
bfa5aa14accd715efe8993e9b3a72fcd21374b45

SHA256
554d220798f3018487bdc5d5c52536486b41ba908fe23b17d262221f9a29f808

SHA512
9c94a74c8587a0119dbe74120925bae502395535b6703023c9167197293b53d7b692f7ab71eb404aabb857996db1c90bc27089928bf5316bece3bc5fb6274a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b889fe77e01ed60915e3f8bbb1bd106d

SHA1
b561dcf5f7430e66adf639a34af2ef0dc95a9794

SHA256
1d7932471638221dcf04d6ec8a6cf6cc7cdeffe908179cd709ec221189e2ee64

SHA512
68b994b54b5f499dac59bdde24f1a1a1c3eaf9c6d4ace444367e124e5df94cf9284749f3661307d8ab2ac90162da64908ec397eef934f93f5163e5e9de5e56a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
b162d86ca8908f14478ee201d8516c6a

SHA1
206e892620b7728c55a9d6e78dce50d56d715390

SHA256
c1f2927b97b7fb36bf076209c7b18d6d46740887b626de4352f78eeb58a4ed58

SHA512
3a0a17b81efe96bd113005b4a869fe02e0a9789a2446edb7097bb0aa0e577a11d0d369387dfcd76dd76083880ff05abebf71870ead45a16441a523986801e234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
147fb337c9c14ac26150d0c568905b3f

SHA1
904043aedeaa7d8c21245a98e88813c23f711d2c

SHA256
215b79b6d106e54080885a43ee1876f446a9a192bee65430a4a317fa4c88846a

SHA512
a028e13eae8737f2a43c296308fd2fbc591a4a9b3b916a86dcf3a45c5612427e3ee9f8d131f33c309fb135af7753a5465bf86d454626ca3f2ef15abbe0b2a53c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
225d8ec11fabe580bf044c254017ec25

SHA1
8d1b4a823dad1809ae448e09ea1ad71792041d78

SHA256
e8d846301cda367bf327c22e5c83ed7cbbca84400f7a27731c0abcb26159c56e

SHA512
558c142ffc6288872ed91827a2cef4792ce3309e3ed6368a21bcbf64f80ab5b195b36d69f214b15ae428b5003448a7ff3edd61bb449d8f797ebdde9f1c407c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578359.TMP

Filesize
705B

MD5
17c76ffc44ac8d50c219492021cef570

SHA1
2f387be58e83de9e6de85bb2e14420a60f574c95

SHA256
b575b0cb91b0e19e603f572d61f741340a303c8624c92541eb620260edf1ebee

SHA512
75883cd5dde36ab2a02a63c015aab5803299d6243f404ff4e6b5815b1af33b83029a7b353cb1388f5ac00106e36be03b665abe7d3bafa8a4c4f9b45ab628986f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0e626b478d3ded0c9d40cd04c5202620

SHA1
6a35b3f030f392099312dab234b227ac19c5c558

SHA256
81c43a8c90a86d70b217310d7af61c788c9bb713bc1c6955eb1b3e4311b4d119

SHA512
406840bfa976e17537718efd89371aa27a3d7954f2186e96a6f81aaeeed2374d96983b791def65ef2994fdf5366c04ae77a190e5754b25afae3288b0cbe230d8

Download Submit