hxxps://l[.]instagram[.]com/?GBeasleybee=29169158779951add7a2bfd57331bbcac6f5314974&e=ATNr9dKHvvpMJw3DpyVwhhp2tO99_smJ00-zHrUIHthqfisWMNuswqKgHsrf8FX6cyc1WM5x&s=1&u=https%3A%2F%2Fbusiness[.]instagram[.]com%2Fmicro_site%2Furl%2F%3Fevent_type%3Dclick%26site%3Digb%26destination%3Dhttps%253A%252F%252Fwww[.]facebook[.]com%252Fads%252Fig_redirect%252F%253Fd%253DAd8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE%2526a%253D1%2526hash%253DAd_y5usHyEC86F8X%25232916915877%257Chxxps://pbs[.]twimg[.]com/profile_images/1724291288638308352/zCKgmXYS_normal[.]jpg%257CGBeasleybee

Analysis

max time kernel
159s
max time network
171s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
07/01/2024, 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://l.instagram.com/?GBeasleybee=29169158779951add7a2bfd57331bbcac6f5314974&e=ATNr9dKHvvpMJw3DpyVwhhp2tO99_smJ00-zHrUIHthqfisWMNuswqKgHsrf8FX6cyc1WM5x&s=1&u=https%3A%2F%2Fbusiness.instagram.com%2Fmicro_site%2Furl%2F%3Fevent_type%3Dclick%26site%3Digb%26destination%3Dhttps%253A%252F%252Fwww.facebook.com%252Fads%252Fig_redirect%252F%253Fd%253DAd8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE%2526a%253D1%2526hash%253DAd_y5usHyEC86F8X%25232916915877%257Chttps://pbs.twimg.com/profile_images/1724291288638308352/zCKgmXYS_normal.jpg%257CGBeasleybee

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4600	msedge.exe
4600	msedge.exe
5908	identity_helper.exe
5908	identity_helper.exe
6096	msedge.exe
6096	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 3060	4600	msedge.exe	15
PID 4600 wrote to memory of 3060	4600	msedge.exe	15
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 5544	4600	msedge.exe	22
PID 4600 wrote to memory of 4652	4600	msedge.exe	24
PID 4600 wrote to memory of 4652	4600	msedge.exe	24
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23
PID 4600 wrote to memory of 4384	4600	msedge.exe	23

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://l.instagram.com/?GBeasleybee=29169158779951add7a2bfd57331bbcac6f5314974&e=ATNr9dKHvvpMJw3DpyVwhhp2tO99_smJ00-zHrUIHthqfisWMNuswqKgHsrf8FX6cyc1WM5x&s=1&u=https%3A%2F%2Fbusiness.instagram.com%2Fmicro_site%2Furl%2F%3Fevent_type%3Dclick%26site%3Digb%26destination%3Dhttps%253A%252F%252Fwww.facebook.com%252Fads%252Fig_redirect%252F%253Fd%253DAd8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE%2526a%253D1%2526hash%253DAd_y5usHyEC86F8X%25232916915877%257Chttps://pbs.twimg.com/profile_images/1724291288638308352/zCKgmXYS_normal.jpg%257CGBeasleybee
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbe52c3cb8,0x7ffbe52c3cc8,0x7ffbe52c3cd8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,733153066653261804,6805851510197010026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5444 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
552758a7bb19b27354a76866861c4801

SHA1
93a74b56e5bb5aa86a53db413081b3ca7ffb808b

SHA256
53e1302ff50d199fd0002ddb9d4f66fd264b17e73a50e67299adf1243663530c

SHA512
13889bc4ffe240d8a7cf71ca0f2a397f33e38106116f38b5b8fa6c977187899d2d7084d606288f2892d14776460c2fe450adbeb93d2d200caffefe9919076fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\25594112-8046-4390-ad3e-b200ebf42597.tmp

Filesize
4KB

MD5
7e40801c0c19a9d9d1d6d248329741b1

SHA1
9831a4dc2d65bf6be3b3b5b3ee40faa4d9f2c287

SHA256
042b163c38db7dfcd6c1c60ad02f3607570870570e70ee672d1c3a8b878b9fb2

SHA512
6bb310c4861d2ea00cebf507c5be521b580140801803e6c07e1ef693c5769a7d7b584be3b55515e0216dffa060a272eab0180a59f3c9e9d69976dc5fdfe80326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
1f5cb8596aec60b0e1a602fa3b55e63c

SHA1
eb666604bea7f57fded98d2b80f97ab66d45c742

SHA256
0064dd102c3484d2cb798ba52d6f9ea225a1ee37b0f5b0b4d0b974975818bb34

SHA512
147ef8348557fd589b89a8682b742bbfa0b875a693057d47579b4657ac19fef5c43c33cbeb85b5aef19e38bf2cca5ec36d31410ddea7fbec5a07e34b146fb52d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
36de61a9290a1174b24e695a7dca73f9

SHA1
48354b45e78c0671ac6e236d9c1ed34dd0cfbd96

SHA256
bc25602de4e3b14299687dc09fca6e6b0ae73eedef3694ce327ea863afb5bb06

SHA512
92dd5d73e639f90dbf6765343c2fa294c2fe580da8f49afa85cd54e77809315ca91d4662f4b9c60d50af119018a90830af5f1f767252b29ce248d9f7f11ee2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0c1802ca2420838761d4cd226a374653

SHA1
98a58a975397b62c6f58bc9b1bd495f2c3463cbe

SHA256
2f7606d7bf742735130874d990c074841ba7abb2d054d0985b67bc56f9de2140

SHA512
1e1ac2a2136313dd832da3a1fd749c1b90937528da2a9c17f2ee5bb8cb532fde1a0c9553c05bcaa8c3dd82e03bb4c1503ea5ad5498d22475a9b105ea7b51e94c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7c4b7e788003f680c3a65cf3e7fdac1

SHA1
49e3d50fc10a9c87f349b372ae2ee6a1937a2f18

SHA256
cd19c3bdd8aef794a1b7a5081fcb764a771ae6b99f4c0663f68ab15b72fdb7df

SHA512
faaa51e127bee9e0fe22db4947bacbc8c872bbb4d0ab7ea3bddedc5fb032cabfd51db3c5b038e697e1386a386920d8621be738156df335084fb3ca88aadd463d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
086f9ee9f0e5a10b4757442f498d7c6d

SHA1
d3d3668806127e4072615df6d7e331becb9b9954

SHA256
2eb800bc6c6bd6ede11fb90ca06b9b8040b9686121e60e792c2a970dfe98ce17

SHA512
2532a1ad51c1d89d02a67ac7ef5c080a18be6153589c1723aadd598749492de5d17d31fbb135fd454b04b94797ff31af210e4683e69f8846683301c11dbe2026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8604f294a835423e7950e52f1aaed3a

SHA1
f5d2b1dac8ed3223f7b5fbb2a3b459e3bc661a2a

SHA256
067a54ca3df205cb0c8e49d3dc8e9c1a18f74f6f963ab1c5dc860e9031a36da4

SHA512
9b54a2a0a19bd2e0c22c9ffe00caf5e49013e3886970dfe47d0898110290597b2a12cf791325aab68bc8c64583eeafe4a077051002ecbaa79e6df91c1125b5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c715f27d5f9f0d690fa0ca61445a37ca

SHA1
7f8fb9230731e5a34522c8f74482cee03820fb25

SHA256
cdd5c918a20dc1a6761245b773b736da29d010f23a1d61b0cf6c8c565f471c74

SHA512
b23c09f74e16d74210194b895233bdc0dfc0f8d8f74539bd2fce2e0409d222c619f1ee66f9b1f124d94378e73fb7a543e10b4665594380371bf4cbd22e4372c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
63b6255b3f07d9e42bedebea98f2aca2

SHA1
40ebdc3a328e822aec42b2373d092dc73101342f

SHA256
51efbb488012f6ba9fd2182e4f57da8fe07e915e6b2c000fe96617c1d25d349a

SHA512
0e54c65fd7616217d813904524e84af94d966c93b9097053d0253f0e7111883f47aea07016b9d1096c6e6f877fe2c5754c035e82c6a5246418303da8662bf652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
6bec2cff720bdee3d47cb781236508bd

SHA1
e9a2b3807c38781feefa20fb4fd744a5128a4f3a

SHA256
bc74ad6f6cc8c6983f2507bc594f8bfe085180962031dd68b6ed724136ffa1e4

SHA512
1b916dbdddbf1aac3975bfa1f6a3d60736315f1d51e1cddee3724d539cd27561e288cdc8daf8ab14516e92a1b6d7c13c8bf7b810aa213b4ee5f7b4f0f5ed064d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
eace69b778980e20b27330bfcbd05516

SHA1
3f77e9ed9a7904a6e29627d8384e35dbad580324

SHA256
06da574f02d20d4f819a4116a1e6a53e10694d4209beb8f6a639c09f9742e8c1

SHA512
5083d258c7f3bfe76c865b645161bf02b4f5674d66db7d348ff48c52483908e3409a70634790d67ae257a8b9932e9fa1e60e6a8362da23a5f8a3da0fe8e5779d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a36f.TMP

Filesize
372B

MD5
ad6a7e6b9451f3ae6ea8d3395ed150f3

SHA1
3bd24fa41a3d63a357e757b2cccf77d177bdcd63

SHA256
e38d97455baf635ce631b281a80a9687b11a545624f99d9fbf9d76dd828eebd2

SHA512
0415cd4d94c43cfd17226839d1c616d0f3c82b39e61467a5b483e2eecdd1073d341d820f9b7548e0f4c8bd9f3610cca070da46c81b9065502ebba59efa42c46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
10059b8466a91cd4e4e56fb9923bfd30

SHA1
1b287dc025eb271c307b9cb6c24dc52e594924b4

SHA256
dbd1bca7583aa2bdbf510cac7057b4102f6386967ae49c6063be3996fb55a5d2

SHA512
61ffd5924aa01a0486eca3af39ee56e3ea37f36f45c667b353822e962e685e161d3c54f4cfc7aee9cfd38bdb4b2d3dc4dfd22ba79b757aaf57d7b1a75824ae77

Download Submit