hxxp://astute-privatejets[.]com

Resubmissions

18/01/2024, 23:45

240118-3r6zsshhh6 1

18/01/2024, 23:42

240118-3qdlvshahm 1

18/01/2024, 23:34

240118-3kelzagehk 1

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://astute-privatejets.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
1624	msedge.exe
1624	msedge.exe
4548	identity_helper.exe
4548	identity_helper.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 2724	1624	msedge.exe	90
PID 1624 wrote to memory of 2724	1624	msedge.exe	90
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1948	1624	msedge.exe	92
PID 1624 wrote to memory of 1168	1624	msedge.exe	91
PID 1624 wrote to memory of 1168	1624	msedge.exe	91
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93
PID 1624 wrote to memory of 3448	1624	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://astute-privatejets.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bcbc46f8,0x7ff9bcbc4708,0x7ff9bcbc4718
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,5805346935533364671,18073465003526869830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x424
1⤵
PID:5248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
201KB

MD5
c445ab4315d0633d446998c80764cc36

SHA1
47d3dee9845cc6e29b6771dd6560793b8b93000e

SHA256
5635695eeb70b51c449aea7a5bd3c9699c3c28c64498fb7fcb8173aad45d7242

SHA512
83a32ffdddf3ee56e89f232c8d05a4b00265895b0e41d13700f90fa389f0bf3f112c291c24c3819751803322b11e2ff866971d835d601672b36818c4e099bff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9095ac458c875c3648fb5350e51089fc

SHA1
2556fe26a1edae415077754c6eb3d972c32feb8e

SHA256
bb6cad93f19b754dc254a451e1312d6cf46c4128d3e9f82f656be0a4d9e8bb90

SHA512
c8c1f7c35337ce5349c6ec937c691aaa0cdec2781b034e5c32861e068b7c51633ac0ce3612e61c85271c38095b3207265130a1936c1fdacc8861cf92a66717aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bc0f89f4c9ce2cc169704c3cd64c21ae

SHA1
f3a7f281519fb883354dfb55b2842655b7831e64

SHA256
81fd982f83c5d02438f92654d66c27e00e616d78803503fbca2f60165a0b2af2

SHA512
878451084ac1190fa2925f0521119954e5c21d99fab763d1452d3b8f66c65e7a7e9f7bf1ae1c1abd3a6399985e8e874dac0653641ac5a98c68f38788915df698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
803824c570e4fe5f938e05eccd13e10e

SHA1
fee1483706ff3a3356a21292273cd1ee98680123

SHA256
9059faaa8620367410e9e56ad66515e37adf053ecd05c74326e58541cfca490e

SHA512
301768968a7c34d5911a950143d69008da421d2bd5577da78bbc903c1bda65ae8901666702721dbccfbd76ec64f4893195c3192d4f81205308c34e855ba01012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf02a9abf2fb29d74a66359002bc14b4

SHA1
61789d99485eca9fc46be07e34abab99001b7dcd

SHA256
516ca36cfe3a3133cadccaccadb905ff6f1ef828e4cfd7907034c1664fef1188

SHA512
81e9f94612302f72461aa8e91162c6c37296bfe7a6ed8d48072b879986babfca8370f5090e0273703471945759977ef0c3d7d4633c436cebb25e0c18ab9b74bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a237c136ea6b28ce28ff8b9fdd6ae5b1

SHA1
152f3ed56cf17bad0acc2e73f564a0df979cfd59

SHA256
6cd8d6f86333cd8f70eac0c81df75adc24ea657c00b55f464900981e9f9ec534

SHA512
04b16454dd84172a68f8b7922d8716220d5785b53eeb337259a267b98d40d92aaf379732ab56678b6573598cdd59b95dd8edd55c51a228957e82b024033b341a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e815dc85f26610dcce25d8587d69831a

SHA1
17b77a3597a95e50376104f88fb415501e96937d

SHA256
cde32712b3b5ac2b2c7cb4aceec6464f16ca0697a38cb38f167c27d4b8710f17

SHA512
cc0cf9b76aebccc0a494b111871e7b6d4078daad2724204e3943dc17111694fd3f4f7cb2fac54e3443a086d4ab50c9521d9e301420bf1a9e7ad8e089d612c85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4edade7e915c469c8a90b37b8de002fb

SHA1
c42803cb946b094830b4046198a5dfc809407720

SHA256
32d6ba1f49f2fa40ddf46a38161bf7887df4fbb4ffda44360938166c9695f2ef

SHA512
66727150d8dc4c6dc3eeb7bf0e9ebbd8eb383ec201e066682bf2e35e976d82da60509c36fddcba3a3d0916b0095c6965c100d6b2296761e06458e29b2f319c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9282968cf8a1051df6ca68ec5bb91848

SHA1
745156bdc3d308b1da6b06c4d50077702151d5a4

SHA256
777c20a605bcf2d3dd1cc2f07d9e66ffb3fc652b0a90390e39f62398336a4c0f

SHA512
1b557fc3d689f4e7c4c5dc1f6029747cf09028d3625644488a69ab9bae91c853aff64f9dfaa901122e17f48a34a1720a02535e0377bc30b1b8688c26fda13601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dc08.TMP

Filesize
1KB

MD5
823344eaa9b3697433ca837e7a30a889

SHA1
38088f113ddc75bb15a373987abdb0922274ddb8

SHA256
488213a32b22b7210862cc7b3c5758f42caf41e810666c89ce6fde2f5e557240

SHA512
8dc0f794d04868d56170117ef5b2c8c83a0b0d1405adbbc2db4ec1101f39f4cfbb9e39c10125db70ec761da75c577cb4c11fb69cc8dbed658a5f1ee9a1aee9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
02527286b66efe08a180507b5febf197

SHA1
778a51f0a47370452652c40522ac718e3a0be4cb

SHA256
804bc05d1f493160d19deea576f82eba641439ddb4e291ddac7992bcf0124cc2

SHA512
6f8b29834ad7012e9dd9287fe765f6b0c1b717d9116e24bf9cd5301096c88aa59cda383642e5f083dbf4e72db521b41cc88985657075c2e927959af3b4bb2c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b277677a1fbc20620cb56c86b9572d57

SHA1
9784756118be9a26cec4f4edbc507e37776711bf

SHA256
4a7238bf99e76192a557ec19ccfaa40773a5c5033d8d142534fddfa9c74216c2

SHA512
a1e7f151d65a98e9c091c1c888b89cb18a71c7dd527ed474c2f48606148a60ba423c8cbd52e08980f07260d05fda39228dd4d2e13e04b6366eb84631d08e8294

Download Submit