hxxp://portal[.]tripleseat[.]com/public_profile/comments/219867120/file?asset_id=75878636&t=iqrtsi4wwahbxu3vbmc8

Analysis

max time kernel
145s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
22/05/2024, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://portal.tripleseat.com/public_profile/comments/219867120/file?asset_id=75878636&t=iqrtsi4wwahbxu3vbmc8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
3104	msedge.exe
3104	msedge.exe
4392	identity_helper.exe
4392	identity_helper.exe
4232	msedge.exe
4232	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 3844	3104	msedge.exe	79
PID 3104 wrote to memory of 3844	3104	msedge.exe	79
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 1368	3104	msedge.exe	80
PID 3104 wrote to memory of 2272	3104	msedge.exe	81
PID 3104 wrote to memory of 2272	3104	msedge.exe	81
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82
PID 3104 wrote to memory of 3624	3104	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://portal.tripleseat.com/public_profile/comments/219867120/file?asset_id=75878636&t=iqrtsi4wwahbxu3vbmc8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff842c53cb8,0x7ff842c53cc8,0x7ff842c53cd8
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1716,817162423002867010,12143621610943665937,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
29KB

MD5
661f0477a23f1c59985efb3011652f5c

SHA1
6fa6f97b48f95be61ca6a7b871a8a7103ffdbdc8

SHA256
d5c35d20adae6c9d45ad04efe05a590f57ccaf900f94a7ebbbafb8a99d3b981b

SHA512
d513050989bde2040a259eaf25570f05561659127fa0c1d8d7a0ac359571b292f7bffa7453e792855129e4d56e3ebb5f9f4277c2606ed0a55e571abe665af754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
501KB

MD5
69e7a9c6ed59eccc2b846f74c140d0c5

SHA1
5d96cac5d19c08c7ff555b5781751fc9771d6ce5

SHA256
e0d593a3ad98e5d4a6569dae39b413a61c750bad41c237239d8d7a132cde77e2

SHA512
fc138c809a46c6121a37f4988b56d10090687811ac26963fc169ef729903802fd41b218a3e5886f35be70476689cb41eccfc80ecd20c56d25776ba5e464317f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
664KB

MD5
fd7aef2cc4c01cdd22adb0fbc9ea348b

SHA1
762b45c045b580709d792e502af4c00b9e6bde4c

SHA256
6f4a324205f311ec332949cbbec6772a11e8a3ed3c43a5a0f6011587ce10baba

SHA512
8cdecec6691df92e7dc3bda33a13bc7d3b4a1041683db36372a982c62772efcc2cb48db60c0285b9adac8f998319d9665f6cd99b1b6a13d45e03999b0ca1d372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
36KB

MD5
9c3f07066b05460308bff28f883810c8

SHA1
48b6eb0b2b1b4bf76a2a924815fd5477305a9de2

SHA256
4d0527e444184d0d7b9a62a329a9f4e7a1fe777ae08423b6d2c222162c39578d

SHA512
e64abc428ce9c49672326db9490f225e10e1e75a1f2d1cd879b92af5e969043c6780da1fd8497462b13cf913d0b1ac9cfc3b445d33259c955e83a0355f9549b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
18KB

MD5
921c94cc7403873cacf6ade4719ff34b

SHA1
bb0663e2419155741ce0b9447db739e136f3db17

SHA256
5485c74f23198d2720a1d01b2e719fb3452c412ac34dbf4c29c1aa26cd1c005e

SHA512
49040db996f138e099bbb19f7ef0a0bf9536a4ad42c9f7daf7581d93a8ff5644dab478a72205149add62298ff5aeac6a1792785d3b09f1ecd74d334bffaf15cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
296KB

MD5
78863e0f6e65fbe6175866e6d5b6f18a

SHA1
8cda0fc2a701bd6dcfaa94261178fa78df1d15de

SHA256
82877c6d33c5d786db4815f756437c3e853e08bf8c6c267fd246760d2a96d029

SHA512
c28bb3ee26ba58f4fc27cd29ac1daa858c34d6b4768cd1d23836c81f3c62d8aa0d63f34aee682be251dbdadbbfefad9ef8bf212a92a9986e946269831487b644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
178KB

MD5
f5e7e3293ce94350cb83030940d49fe3

SHA1
d6597198633325c7b2efbeecf0999d855adb5cfc

SHA256
ff6fa192e7bf48da9cd618affb30087f980c36eefc5ecb4e7cdb8c4dd95a8efa

SHA512
6f3bff9642d88abc2cff0420a4ff95e5fca10b67e503e94834d5937b3cf6773969cbe94e8e1b97b5a492c1d240c6eb27ec99d95001316696e270816d015a687f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
17KB

MD5
94ace4ac24e05dd7a399b3d75e6a781b

SHA1
69d7a51055d36d3fe6f150bc3359efd41191183c

SHA256
19fbdc3b97c9913afaa6827308382d1e8100e1a5ab04799fd7c355654e57c496

SHA512
01296c2a6b1e09138cd03b9fbfe1ef934e2d4377e25c809878421769472256f074c7240c39417aadae691becfa43d4b223e18d75bda1a607f9eed3754d1ee289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
62d3d9047a1b9635834e16831ff5fb3d

SHA1
f4cc671086e9fab2849b06377da707a09265bcc1

SHA256
a499797ea2948738a80fc43e6d60c18bbae3184fc9a7ebc2484fe714f78d8168

SHA512
cd590ef9300af959f06e614d11a586f7aaf35816026f5708b74485f82ef3e56cb7ab2f7dd32fb8f3c0e210d6653acbe1c1d89f76f10ecff64eb7a858701396ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c69635e1fb8849f3bae565df5b176f86

SHA1
b64379da27a38f273aa6bd00ccc27d6b953a7de8

SHA256
db41188296f8f6588e05f29982b6b39a6eb4cf922adb1836fb892edbce4de3d6

SHA512
60d4caa422ddd441b259f96053f78f3448dc889489d38fe9c3da916d61f54bb5dca5b6b2198d02159238fdee98bd2be4b65866029c33aba4b5625d1ce8120b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
628B

MD5
def83203ff0f9391fef7b9e4b554afbf

SHA1
657e0e33895fb4d6578f303e79db5184506511dd

SHA256
f5da6420fe3e41ba54c4e85f82f0b9ede7eeccd4b7402f99e73b9821ddef86cb

SHA512
0e34a65060f046d0a13902b18c25b61ceadfa42b99e76eff5d7d769998cc587cabb6a626b6a9b7a8ac6c73fb9c2f32529c99cdf87147c25095d8a66a29f1ec42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6735313e59e461c62e20f2514352121b

SHA1
1f7881b91b12dd5da31a42c0214d7c35da7662c5

SHA256
94c8fba99d596ebdfb946ab21954d7d30491a015d797be7b63ace9b2a8d8ddd7

SHA512
a8c4cfe4484119d1088b35c8c6f5aefab9cc9a8de5663cd45de11383c7ff6392d3e524408c6e6b96e6ae99d9a0676b0ff06e9a6b5db603a2032c7e7cf8897959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a3a33169fc8f82b077f2199f1f2f889

SHA1
90c44e853bb8c115719ce172665b575f5a103539

SHA256
dfe38991a7bca23fcdfff566fab226fe449b919613dd74965dd9ad9c16406ac1

SHA512
69a2d4511586aa6fcbdedf05dc65db9651120ef8c04e2fd451f825b4dbd9ab2afef5d77a5120f22a0727f65e8b2390fdf355770dd6f75d17821ab4497174e4ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d77ce831d2f32962717767b21820e36

SHA1
2ffaef8b2058514dd1b96a2f469b93356aedee9a

SHA256
8f94b6274556c9ea0190ec87e47edcf746f03798030e961e928016b6eb1e472d

SHA512
0dff917863667624ffa9d7df0272d09b253ddb31d081b0e158f3a4b896cc55c460333920abb9f3f80c980ae903e6c2669db6fc04f0e125edfb62d9ede01d2c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64cf59b5db174a7ead912624d6322185

SHA1
adb6925b283dc2ae07ddc9054419038a0c3436a2

SHA256
9b89ed8d46b670015812d3410c4f964c36c6534f8ef8455a2981f77ffbd8200f

SHA512
83fea285c05a4d990b8bc7af86617b125e141e475d4b1c33995b2b12f20f1a84019479493142c83c4db1db9880e7047b5e904b5331998c3287a30b54cbc12050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40b413bf81a98de4ebeb0758d8157228

SHA1
52431aa98881e73bf25c2a9a54fdf7d6094dbdad

SHA256
efd2d563d103a58cbacc47b7209d34e7aee6574067cb4d9cfa1d6bf28ab88215

SHA512
c513bab7106073bcda7c4a62f2a16965114f97027ee64e05de1ba71a59e08f1b328de7c68401f74451950af8b513c0e000372bb9e181c3a2309b481ae49e45fd

Download Submit