hxxp://instagram[.]com

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://instagram.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
3588	msedge.exe
3588	msedge.exe
4636	identity_helper.exe
4636	identity_helper.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 4628	3588	msedge.exe	83
PID 3588 wrote to memory of 4628	3588	msedge.exe	83
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3448	3588	msedge.exe	84
PID 3588 wrote to memory of 3836	3588	msedge.exe	85
PID 3588 wrote to memory of 3836	3588	msedge.exe	85
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86
PID 3588 wrote to memory of 2744	3588	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://instagram.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88c46f8,0x7ffce88c4708,0x7ffce88c4718
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,10816786594541875219,6382033142290231271,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
65KB

MD5
2841c83ed16445b929726d0efc76918c

SHA1
6671a3b643f6c9091c0db6fc80533993aa6af502

SHA256
b3fbc2ea9978a37e1e4db1ad6b6f028228633cf3c93a63b8a2832920b5d2761b

SHA512
e1cc608fc885040ce3db27d4e0f9099f0af5e0d586498baa8ba2668ad3282270d486f8a48174b793dff29f6a317b02af97e0e6f33672fab179ee9658d40114a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c71926294aa955bc571b0af5b7f6b622

SHA1
409be8092880bf074f67dd5c9582338225a058c0

SHA256
93b6efc1cdafa4baf1aa37ef4f269e6138e100e90a8620cd1266a5ea3eeeb249

SHA512
2fa60f6cd11d7bd09c2824f9441fe18ae79f987f8ca8bf85738c8a3e4f5de72ca09943b623381b7357a82281343973086397dccfd93e17ab4a9b34207af1cb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8f75e9a43b75ac534000b5f6bea7f72e

SHA1
fdfe9dff51f7b96722a785ba313369399b5a7f47

SHA256
686fe085b0234c91a015b8c4c88724c7b7f64351d3005faafc29eff1bc16193b

SHA512
6204bbe64d2e2c58ee685653b5c22f4f82015a241e585060c65e35416bcfecc1759e3e009a3a819bfbd41dc12b5c817f74eac07fef54ac29c2a004c2b5785aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
cdbd386efdcb0889a2d52fd763d61f89

SHA1
dbfa7ec2d35a5090c56a57aa6fb8343d6c136d0c

SHA256
13f00615184ec67f23ff35a67c0060291913872b49a9754d6ed41cfd03fb947c

SHA512
34d5ebd4602988f67b0c969894fb1a0147d7b0d87eea0e5784fc48b27461350cbd4c75e1497de39ea7087c1aacd5631462e11dd6d93a83ecb1aec146b0eae60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.instagram.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
911cefb4cca4dd0242a1342e1304f39d

SHA1
f9ff13e9089abf11f01633c67b46a68f9cfb810c

SHA256
d6710802cdde2d99c5bfe6d3b3a2b6a57c72dc7a1147c84509909b44a7dfa487

SHA512
5f417c0890d7e4d5c1a7ebe604b84e41ccca8b9e306156123c03165e02f68b8cab4a8df86b20aeafeaddeeeaf217a25a52b75bb7f096a1bb2d64331ade1819c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4d3c19f28801baa2ca45bdb70cbd55e

SHA1
f85966ab05f67cf8b210d447bda30b3dffc68752

SHA256
f455dbc87782e3ef20e3b0d01976ff909c36304ad79c607f021ccc12db59341d

SHA512
18eb36515c56c9ee76c55e3206ad78a8d15b5aa9c717f96828dc56811299d04e41dffbc4486687df3918e2f81cce053ba2fd82ff86a168a998181a66ef1738f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4cb30d541a6f19533c6bfa6650cae74

SHA1
061155487a1c3284e25143422f35c3b14f63a0c9

SHA256
b492870b1125071a0a0bd27992ea7be4ed7fb1b6dbe4c7f0467c7b59e1012d98

SHA512
e14603777898a58fc9e0dd8b1b302b9953a7e8fb21f7df2c26fd2f24bf94f59e646e4a363141bf609cb9dc6383c8e51bc5be297ebf6ac0c90ca5f30c5f8bb338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2d6a49354370568b9bf25c705cee441

SHA1
4b53dddcbc832b632ce05bca08eff9ccda4a07d9

SHA256
b9736cf10fd021d4c00ecafe1b514f929a76e60111b219ed085a0bf1a401d533

SHA512
d21cf55fc1773dc8a9fd4ef1d280deddb71500e0032f5004ee61b25a7a3c0e67c3b966b7f3fa290d6abb7c2cd519e1388ab39539bd5c62cc92941ce52e7a5bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\8a904bdc-f0e1-4e2e-9c47-2df2afcdfbb3\index-dir\the-real-index

Filesize
72B

MD5
7e2238742d2c6b82a76379795bf92519

SHA1
83df4d60744eb27f997e226b01b3f44a1736de4e

SHA256
6f5206945ae1c52c90dbbf1eba7e346adc3f357700d3b98b48d95a390b449049

SHA512
0bfc14e52e56c9ab93c318f09bd4f2c3515fcc8552bb8b3fadd1822e735dcc973c65a304ae8a39c4e20b2d0feb0d3203b5512af4943f5905cecc7cdb2baaee8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\8a904bdc-f0e1-4e2e-9c47-2df2afcdfbb3\index-dir\the-real-index~RFe583795.TMP

Filesize
48B

MD5
6eb047d32394bcd312415d0fcb46c038

SHA1
949d68464a1eed0df9a8cd7cd8beb35007bb7fe4

SHA256
2ece08b424985f79eabdf418406fb15b18c32c3867c88a5c120e65fb1c33e0d1

SHA512
c8abdbf7e2cda28ddbd0a881982ea5bbf032f0a3a2cbcddd9c5a279bac1c691cc599cbff5835509cdc3ac7763b81cbaf56d58ce5272c1af7a4cae770ef43f3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\c53ed852-0924-4a62-bc1a-043032834dcc\index-dir\the-real-index

Filesize
72B

MD5
7636bb4e93398d921f196fe624c9b756

SHA1
cda2a3f8be27f6ee09c2a044408b4e0d5b2915d6

SHA256
17bcf1259436821b09c40c772a84a9a577185e8d653da661ba6f494891d18e37

SHA512
3f3b63dad6df42ba8f6b22d53ad0b8b436a8ee8d8e1b55af9b7bd2e74573a11d7e1cbc9ef56c21231686b71bef32d47d0ab0866a42b7c3f836c89e9377691f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\c53ed852-0924-4a62-bc1a-043032834dcc\index-dir\the-real-index~RFe5837c4.TMP

Filesize
48B

MD5
16ee25050107bd72335aad2d0b56894f

SHA1
40e71d65a796bcd181f3c86f02d6e54060f2db56

SHA256
05c0c706eb20534fc921cfaa64c7a96bc6b8ae6de3a33973bba57c466c09e190

SHA512
08df1d9a887cf96babbf6745118cbfaaa5d70bef11ca754af43f7f940be0a3b21ed895a4d9e629f694e19a3cb2156a21401e9210c91a3ea896ab7b9954052b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
160B

MD5
6c5cff7766432b20daa51870c709cf09

SHA1
b9fde981ff1ef35566a561c7afcf8fd941057d0f

SHA256
30ff25322550e5675a169d69468947b2640389f672f36220ffb2214ada8f922d

SHA512
77098d0fde453c1631529d315cdf23f18a800eece0e795e8d93789adc6c64be8566154a473c768e4b010d690482d89f637b3550abfe5b3d2a3849b05c7718235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
155B

MD5
3deb4170289e9eb6f8613a84f1136145

SHA1
af90e48ba9be5845dc2bcf24622dc4b9612a9473

SHA256
134c9e288a96aa13f96a9af21b92e32d24be268a808a735fb644b3c33a01273a

SHA512
41684f7f96f8f8b8e8d5856917afd6e30ef6bd288ddd6f8c04cf38b8459a7309b43adc012472b6e524e1fc692194fbc98304cb466a92aef0a726dc0524ef98cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt~RFe57e918.TMP

Filesize
95B

MD5
73e1a7a272e13d5186524837577f54d7

SHA1
ef54b109e49cd0751885c38c271aa94ee34a80e9

SHA256
184a6d23719e952866ba606b488ed1f82ee0e063446c02b909b9775906daa821

SHA512
d85f6c880274b8b0fcbc832410319f3a6aaf5e4b135ca8ec1196cd5aa37ff4051cff2259ad297a6889b6245b2d3b2610273c128ce7cf743ad7f0a3e8a2578d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b02eb27d97f3bcfe15795e964b34ac65

SHA1
ca8dc1ede0bd4dff03e42235c0a4198bb616f66f

SHA256
9f10071480709f34a79376a0aa5309887e41ea2ca596a77a518f59cb609caece

SHA512
ff2b1619932dc64c9da945aeaf518e8494ca2afd2c72246aac8f471c750599a7a06e8ab94101acc367c367b40fa60d76702cad93c4786c2b097625ca79cedf99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583a83.TMP

Filesize
48B

MD5
4fd05bbe369dc91a49b0cd56828dfbdd

SHA1
8485f96c919b39194525131f0c6af190aab02042

SHA256
169bd1d91281333d6a21c978a3fa50b2cfd9c7e377fef327e2bf0b849fd690cc

SHA512
8cc470fd844bde247680690f7a0d54fdf84f29d9529d6b57443c5d7617a4d8457a1aaab13e651e266c0c965b3680e27b95005dd9070d6455af3446482edf6e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
867B

MD5
dc1f48f54a14c6fa80049d8a29c32bdf

SHA1
da3662d321a184f8bf0dd134a157638ffa5ff6c9

SHA256
97e41bdfa67edf87d6e2f5be189df89875eba7575c17d2d9018ea44e75fc1a48

SHA512
f962c206fa7d0a5e4b2f53a4ce90832cc93a55a9e01d3a2d967824a86e249448137a168211dbb45af43cf8ef63dcd551efb2092b68b8ba22b515ca9f4dede819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5da0644d1e2580a5f1fb2fea92855a34

SHA1
c9ffb56156dc4aca1256a3585b1a60aa6c5a0564

SHA256
b76b22935336c89062a7ec5e0ffdf3adf874cb53fe8e7ed5f7b383e5b60edc64

SHA512
2208c8674384a31ddefac2e2d64f9a07427973e9ed21b38cabbe1cdf6ea5af154912bb36b4776276033fadd68b33357d634fb1fcf81a74c1d5f68e66f05b28b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e99356198577cb55b93b26798d0e88bb

SHA1
cba1d174401bad454df5114f6dab3096a77f2767

SHA256
3a18f289684d3e1191588e4390add897d956c51b6d1eb12cc4932d98cae8ec1f

SHA512
c7d78f7ae6706fff9cb19d434587be8e526ec80e78c24f40afd936c523c7662d772e0aeefc9762ca9e8902a2fd3a6b4521802f69a25814ecdf66f392675c8105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
55572cbf78579ed528cbd921e5ed4e40

SHA1
b1f4d4fd2204a633abce39bba8be87a2ba193140

SHA256
69bb3a198e95ca61f77d3ddff83352646c5fbb84846565f2a20992124d0cc7e3

SHA512
9c46efd6966bcf4b7ab92b525a3422360c7adacf5e42e4ca8606eb8a0eb382edc4288174f5eaf02521a83cae2746088b4c5ee72be060ac1a3d4853ff2de44fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
652b0cf0ccc0ca3bd10a05d9927e16a9

SHA1
a7454d855b2851d98699ea38bb7eafd1e1ebbff3

SHA256
d05cefcba18ab42c26617873e226853d656b9fb1f9fe576608241ad7d6e0f7d3

SHA512
0c236a0426d094dc72d9171434d55475bf78e09033849a254883dab876c8ed6b85e1aab9122cef4492bf3075c6eadbbfbcdf1c70f389f3e6658e203eab64fda1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc63adf1a39d342941b691519dc430ea

SHA1
38d07a93151edccf02ddb8eae28520168ede2f1c

SHA256
4ca26daa0fa1ca5921dd588a8f29c8339497adec9941c631d075f2e25dd360da

SHA512
e1f0fe35d3af9092de3b6ae06800815e7515950a1b05e199ea1d27f08c837fb18a0239b14c3b120f11524d28967b9a25117bd3e5a0a9bd9852f379492eae94dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5570683523f7903ba3f6591ab971fc29

SHA1
191e26c0677bdef1e089b2c14b30bdb7e7cf5c62

SHA256
cdf7d84053a5d1ecd1215f1304cb1ca6808076a8f00149abda89bc3e272a3980

SHA512
39b11e63ba1414898be68c9f935dd073aac1c48590e7791f17af2a6bf801d4dfeb4a8cd247ffeb6e078100e969f0907408107e8a976fd69e1a845af6f8fba780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ce0e.TMP

Filesize
699B

MD5
b1ba8937f795f7f299150d7fd4f8a5fd

SHA1
d940055542396dc2d7a8c2154d6b54cfb3d7d295

SHA256
aefd1aa51da0bdf0c9883db21cdf948b7ec7c5c93fe420571769443183f5cb15

SHA512
7432ad52205aa3417b1e5bb6f0894af84551d257c7207651c77bf3db36d4eb5106ea26da5ae24ac94862fa5e44c5550e0edc0bcbdac22ac67a75a05eaadbee4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c5bcbe94-4d8a-4904-b5fb-6c4d89b8055b.tmp

Filesize
1KB

MD5
96d8c8451ed87de19e1db812e5c08a7e

SHA1
d2739bd3ef4720c2101d4fa0ab4c7decd565f734

SHA256
a4b958dfab9c38ab55dcabdd32f69993b1e8395aa3821af5e58a267b6fd3b6cc

SHA512
6dd3238add5d3ca8ba16b29710049a7fadf13a1f36787cb745bd2f0eeaa103be5e02c6775b538b35f2db0b2989c5feaf5237d4fd3dff0f7a6278cc278ee163aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
609a412d562425a471f304a13c9f3078

SHA1
4b38b49404e825581672f23280a7fed25dc1e2d2

SHA256
e25fa462f869e7208aa098bab6c7496b40cbd417265390c3395a644f73f668db

SHA512
661b4fe2bc6988c617fc3a9cf9b772e2f44c56fbcf451f3eb4d955a584790f4e636c97d720c8f78ee780f353238afdcf815e0d42f6c0bfc54d4dffb2b1e51e3b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit