hxxps://www[.]instagram[.]com/accounts/emailsignup/

Analysis

max time kernel
1680s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 20:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.instagram.com/accounts/emailsignup/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
3448	msedge.exe
3448	msedge.exe
4304	identity_helper.exe
4304	identity_helper.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 5080	3448	msedge.exe	85
PID 3448 wrote to memory of 5080	3448	msedge.exe	85
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 1112	3448	msedge.exe	86
PID 3448 wrote to memory of 4488	3448	msedge.exe	87
PID 3448 wrote to memory of 4488	3448	msedge.exe	87
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88
PID 3448 wrote to memory of 4380	3448	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.instagram.com/accounts/emailsignup/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf33446f8,0x7ffcf3344708,0x7ffcf3344718
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14139895986746890090,6591181326324332422,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
13176d0396f498ffe3fab95594c620c1

SHA1
fcaee122848f82e77226ad09dd5de2a9e41a02fb

SHA256
58cb87c8b5a03fb1be3213f5c5d90b394d99224f82ac142f1a11bef17324357f

SHA512
805644b4d58d1ffdeeed32eb00773db32080efd28e29e3e65a0039c6f38affee4cdf1b7ea24574c3e6f8900d5ff7b49a5cbdf02dda9556f05cb869a72c790462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
340B

MD5
c32f166681915b30f1b1d518bbdbba25

SHA1
aa5c4573ef1cb73c22c79d341eae6bb1384312e1

SHA256
2ec2a8444c50ccc54454d9216d6bc20259eded16f17bc789b8a12c7f1538fa61

SHA512
762a5d9776a4e7f08356eff9ca74ebfd2b3499438766c58fe9f9c85fa77a6159c81e96164590c608b71b7f694a93dadb844adf8ebd7eacbde1c44fd0b2383b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cee9280c9fd2436688e63a886f10752a

SHA1
0fa499914813beeb36740f06055680d6c98c4c61

SHA256
bc1e848792b4085187a32edff5c4bb9ba834ef54f8385e95b169279df3ba5292

SHA512
8208aed4c9f631e9f710aa056ec579081c13be38b88d510223dd4d2a13ae8da02cde082e2a9aaab74cf1abe4b791e53bf211e9f11861cb799ebd557a0002e71b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67335675ca925173417918e638031fe0

SHA1
b50b528678b920bba0d6b40999732e7a9cca30ca

SHA256
c13c3fbf8a1e07550c37ddd3a31bbf0123156b05ee1699e21f77a6c1723fb399

SHA512
d1b79e947962e9345dcc75d5d55f79048be13fa8a75a8f9ebbecc5fef6e9c7bbb0b51da62828fa23b21a2dd081a84b8959dbd7566eba8e635895d10720f0a4cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
8ecd1c14dfae4b1b6bd2377fc535557d

SHA1
052bac4b548df7a5b23914c30ea916396855558f

SHA256
f8995472771b34188fb112522391f17905e2236234993848c6e6b7ee937317c4

SHA512
a7b02b372db7b96274c621b7dac6e7f68d1e2fac0aae5adced86acf5d1f9b0eec42313007b560b9e95c2dda18b75dd18b8660be37fdbfe8b1f29e5e640e48416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
1a78e4cfa4853a6a7179e8513a72583d

SHA1
df823b84cddb4d8ff1a6aeffe59dda189e8964e3

SHA256
56c1c28283e46cb81284b46b470fffd388a6f6da25cc55007bfd6aa813b33a62

SHA512
a5a36b7156af0ebcef3ddb0d38129fe36aeacdd8b5d2b905cb6246eaae8d8b08645f5ef6d408f8f06d0132de30a1c35af0e750273aaafa44fe9427cfe6b60664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f339fdcc18211810fa0f2a521900d040

SHA1
f57bdcdfed1107b2482c6837cb981d1496677589

SHA256
5c082973280501829f9b0067fc9b496fbaf8b38a31f4fecb45129a1bcefed164

SHA512
27a8ba6721d032904780b549b53a11f067327a85284a35d0cacd97df33e8ed9c54016cc0a9def2c3c57e2768bf07aaf300400018e29aa0f67d4afed826aa0a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
5035a10847a01a4a593b09a66a436fa8

SHA1
a12f887197980b58e99dd7c39fd63c723c8b4b2f

SHA256
3be52d8f1798e50abde75a774dc7759eaa9a74b5d05bac02c629d5d64ddec6f2

SHA512
0e5905db02c42522585783588aa6cebde49917e90e978ec617fcb44eed1c8ba73129026e47f965dc6e388d831ea0e89e3585d233033bfb9486ed76ea85b5666b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
8824fc4cc92a08cea31da8b5e992ac2f

SHA1
a43c08b33b4ff8bdf26060b27b2ffb6d5c9c6b77

SHA256
9f3275494e02ec2ce4e501f8d7d5c75fe0bbe2ab681f88f2ebd24444a6605821

SHA512
6c57ab4f1f559923ddd17a836e5698f8a10cb1c5d64b5481a2f82f024903d4c5d9e1f026ddd680511e0abfb490a6bb89011bd1087770b4555a022bc402166d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
8f26033c9aaf1073931283d171ac37ba

SHA1
94405f7a1c103f708ce2c8a276dcc90d8549e40b

SHA256
0b496c0591f8501d30bc585c1749f0158fcfdde537554b8450eb2f4705788ec2

SHA512
813d92a342157cad8a663372df00efe789f4586a24fa2256a66478f050a04e50e2b17d4baf3bc259ae100581403abc6f6aa43c2f44136b98a994cc43263b714d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
7d615f6d13c6d4c0851e2997b062eb22

SHA1
136e1ca79e9bf67c359b8287e9b802c5d231b8db

SHA256
082ff008d2c4b80b4a13cd887905a2467cc557815b70ca71e5c74b911d73b5ab

SHA512
8ece990a2dc5327aeacadf3125d3abd35b171b27be571c044b488a0ae64629e2731cadac821af286d394fd658f35584bf4e6fe108ad2372173512f39680635d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585b69.TMP

Filesize
371B

MD5
78e5d099144907ff468c064ae17031a2

SHA1
7b25d2afbc106bc8ff1d5b4ebc64e7ed04601edb

SHA256
107be49ff5784b0c301dca49fa75bd32843317b762944b852dc21e13451661e6

SHA512
0f8d70dca33c80d585cffff22ffe45896c333e26ce65e99987720f9289d94b68644333b905badd52ef318d04edbebef874e9edac8481fc0333a53cfb42d56a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
199153ed1ad91adc9172d14b4b374c71

SHA1
5e584ee3b824635f30365c54f2306acae084ff1c

SHA256
5b3da069b26e660e86b5802bdc68dd208c1bbf0b982219df21573f220a220254

SHA512
f265f1cd6169689d78cd1feee21cfad53ab9831bbd2129d1b4a0cab42fb035dd2d6da4df2e05ebcfe2371da5e824474fc84eea9ca230d4390cace9536f76f72c

Download Submit