hxxp://tria[.]ge

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tria.ge

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2496	msedge.exe
2496	msedge.exe
3144	identity_helper.exe
3144	identity_helper.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 4864	2496	msedge.exe	88
PID 2496 wrote to memory of 4864	2496	msedge.exe	88
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 4152	2496	msedge.exe	89
PID 2496 wrote to memory of 2216	2496	msedge.exe	90
PID 2496 wrote to memory of 2216	2496	msedge.exe	90
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91
PID 2496 wrote to memory of 3568	2496	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tria.ge
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff86b846f8,0x7fff86b84708,0x7fff86b84718
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9595219809092468735,8093716673228768154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1701dad1-01aa-468d-b25f-f7891753a5f6.tmp

Filesize
11KB

MD5
106629a52d79c09efe6c202dbb063500

SHA1
37a280ed109e26a6db1b2e433643ae0eb026f49a

SHA256
a44fedfea555f980f204ae4f4eb737fc6ceb17736aea664df9299887ea51c685

SHA512
d1a3ebbd1456af618d47e0bc0e606c933214d2ed93ed92f8fccc9c6d6f926a17e3a0f9d5bb212164c02a976d53e84d7e32675cee02a73511935aa63c9ca8f8bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3e941e1b4d7c05726684e087ef34a4ce

SHA1
bb3dc1b5b4baef3fec3ae0792b76da7551c164e1

SHA256
16174eacbf6fc941f4c696e0222ebb159fe06d7859dbfd63346f7c9918ddfcea

SHA512
fe8a45d6776d416fe5bea998bd6251f90b9964fc1e192f20912b7ae6e956171c09d18dcd4fa741a8a4eb3a94f0be4a54cdf752214925e01c1bd8427da2522147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
79f9e0dc4f6d2ee0d6c77f06352a0dd7

SHA1
6c504b5e6e0cad633bd74c1c3a8c2345de8744f8

SHA256
93fe383a7d10c3b2c7d48603e04436be1618473cd2651a6e72a8601004477df4

SHA512
9c8d2538902c38636f5a71eca9180ba796f2033c6cd824d75667999af7e0280b49f14e3b7775a460145850551fe52f3aa9b6504f2b19fcfa3161fff447c4a91d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2ea056b459bb6bc5eaf67169a93b5577

SHA1
355a162633e574343615849159c82d49c7540016

SHA256
b19d3fb78948f8d650252b7c7411143a2f2fffda09064dce2ffa4d1a238a240f

SHA512
ed12a1ae6d16ae426e1dfa1f886679a374dd2912472a7671290568e4af4cd3f9508f5af0c9f44c7195949674b19f995c347c42ddf045b26e09a7664af0602739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
11e19ab2021ebf03b67030c21c653ca5

SHA1
bc4a984a866fac46158cbc391549b73a0d3d3d8a

SHA256
72ffef37e61e1d2f67e52f90343ba638eb0f99f3b9d1bcf1bffe7b38353cfdd7

SHA512
bc6d250157d9c0acd696c11b637cdb114eff8f9593f896ca860fce39ae347e766d4dc37a9c41645e22607fdd92be048e471e14bc24ae806b1e8722f2a8f653db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
703fc713513f065b48401e810bdf2952

SHA1
e59ba2cb9f71c6410083a614e99d5ca45a0b2d38

SHA256
2adbee6587003f7048f3573a22d28d0034e3659c37a2c80edcfc7f1a5ebf35e8

SHA512
3477a15e6964f29b26fbe62cbe868d5f43d28a1eadc1837cc5b81e17daf5c824bc5b4218e6ee69ae8469c014f25fe50de25fc0ac44d45841849af28b613dced3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cf842769e68c14a083122f76fb7456ee

SHA1
e0d5f2aba181346c40c249b718cbf1198742f062

SHA256
9b277ea4b1167b02f94b5c3644a88306eed39f02099ca9d338e6dca4cc033167

SHA512
bc489f276d1057041efed878c68051bd209cb07169f7c2f660d498d7120b30e948c9304e3c848510a917c2bff8fd4b524cb04b7032d45407cfc66eb620db5a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1c379314300458e0fd8eab77a8f67af

SHA1
4078e940519905083c9d1f03cecee5c180bdd77c

SHA256
3e17fb2e50c9f2c1f9c51269f4cdd5eb6d969a30f48e9d959631bd05851fcac7

SHA512
9093e29b1159001adbada389e7554309ae1766665cabf4fb71b63ecbfe80ab7cc76c8e287fd61c8a783cebe1bceba75445b95f47335fae595162fc45d89edfb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad63b3fb3376eeab174c3900419cfcd6

SHA1
37a2db78aa63ce5a52a5dae8b0f479fd78dde2b0

SHA256
8e5f92252af23ab2018093bf640c8c43a8dcf98f10b3c41145af49797d3e68ff

SHA512
d366d10a3f7d10e4bc4ca4428638dce39b4f2585299e5c38bd119d8298a45c71e335d8961afaa5e4b659d87ccd3839133648c27f28ab1292b230f3e096f3e46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
74f83eabfa613fd9a202870a4d21fc61

SHA1
b20abae40cef86d9d1b66ac776b012da5026284c

SHA256
78a91d37be0da66996e45c4493bc8d95dd4cf221f5c4ea1abb1a57768223fbe6

SHA512
b4e65ffdb01bcd03e84066b0a40835f6730539384a315270b71b176282071adc0dea6749ce24f61498b310679fd031082b642131b339f9d79a10753ad3317136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584179.TMP

Filesize
48B

MD5
dd740081a22f73505a4ac09bc24f359f

SHA1
b841f3bf6e20682b536f525429e5fdfc94dc5d9d

SHA256
a3f893ac7ccfe364b6d5afc8902d014b5f97c69597edf0b579960f183bfb9ba5

SHA512
f7a1f03693cf0422e94c19b4aff9bb151ef8823488a0b5003d89b5d2b878b7214fd375effd4292396631673583fa2ec3c693405055b085956ecb845cb06a56c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
53f8ece97c34dafcc9e3f505e89cf713

SHA1
fc0a996aa1da7cf69bb5884e88c731299351e416

SHA256
4c87e4bead60735dd06f5012fdde464593f58e8d074f8bc3e339943faa0e61c3

SHA512
2226dd0875068bca8b3ff7e619c8105b9b6e598623cecdcb6186ce64e374331d652e8616d6d295582e72351737393354084e3338b0cf3c06e5e4214607bcf4bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
36fe0383c8fcbb7830429adb5a6620d5

SHA1
f239c0ddf66d82df5034edf73541b28a83cc1b38

SHA256
51d36bb1d141f4ddd5d269405e2a60305fc4179a1cc094d50b74ad43d856d363

SHA512
1dbcc67e0ce9183ec5a62c4908a5ca0c024bd4a902d7e1e3dca7819ae6f77c532198eeb2579c19befc9517bc7c174a5844d52545ea8f9a898a528d87f1139163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4954ec8b612e96462cb33cf540377b25

SHA1
999b3eecd71f85bf18d24fdbec043ee9284e5ba0

SHA256
fed10aa228787a0a65fbf01dc29fe33386341d68e3eb7f326bdfb2382700163e

SHA512
937376b75300815f286fcc76d82f3634da1418f7a7cbc61a9b053d89563762933da7bbfb9aacfd0cac7c8f6e161c336014fec04fe0b9f900005fc8a0438e7a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de5a.TMP

Filesize
204B

MD5
512c6599e1e7e4d005579d6ab3d7dd70

SHA1
cc8c74b4d85e63cee98e9108c769ab5981b98627

SHA256
a66b2b2048554f4421df967740c24c970b5b0f1045c6beddad7a34e031365b9f

SHA512
1c20858ef78c64afd4bdbaa52cb1c4976442d5b9cacce97ef53eaeaeb9dc1358e6a2ee9c9b70f819c2a42a7838f589af2f982415e1cad229086f3288f04aceb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit