hxxp://astute-privatejets[.]com

Resubmissions

18/01/2024, 23:45

240118-3r6zsshhh6 1

18/01/2024, 23:42

240118-3qdlvshahm 1

18/01/2024, 23:34

240118-3kelzagehk 1

Analysis

max time kernel
0s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://astute-privatejets.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 4736	3024	msedge.exe	18
PID 3024 wrote to memory of 4736	3024	msedge.exe	18
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 4548	3024	msedge.exe	35
PID 3024 wrote to memory of 3444	3024	msedge.exe	34
PID 3024 wrote to memory of 3444	3024	msedge.exe	34
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33
PID 3024 wrote to memory of 532	3024	msedge.exe	33

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://astute-privatejets.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb5d0846f8,0x7ffb5d084708,0x7ffb5d084718
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6641842591745447738,9842328706031558377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x4d0
1⤵
PID:5148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
37KB

MD5
73e863a86444e2620939b663945334a6

SHA1
ac8eccc6ffb4266403d09fd4183414ef8eba953a

SHA256
48e792f4fa3eec213836e16de8f4043048418cee3e4485fb11f7e04a4b19575f

SHA512
f9d6d29db77e33ea96e3aa9d2d100c91f5bd576de4b6e0278447f6206d2a2f58b44a7a7797cd7bafeec34ac061a072ddada7f9b58a3e6d17caae5707cf85a81a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
29fc3da8df868ee5cf1ef6eb0bd7a62b

SHA1
813c02395228614419bb6d006ff5ef1c39a3b1a6

SHA256
7ac2fe515fb1db07a06bc3ba2a8d59356411acd5f6e19f4697d837faa17bf115

SHA512
4007f5eec9f215f2fd9416b1604593e77fa8bec02bc583b0397ea16ebf2b02ef34262d4980e17067ad74ceb5071253fb93d35b3e7c2d432ff9e421017e693d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dbff3d1e1ef7fa9d1acd9750853ad19b

SHA1
f67874e76733d4e97102dd5ba92c678f1cf6eeaf

SHA256
4b1fc941f210657b5b840ddc1000b8b83d9d1e9dedefb43e6351b7f6291b1c2d

SHA512
034df6b6936c239388545739b786fb487c34ed6fa6386f7f87559822c070e97a5204596169a5f55d763e52f18cfb68eec076ae58989dd541154d2fe5caf01fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85ae7a24276525942321231e37f45625

SHA1
8f39762afc55ddd0cfa427f0577ed128e7dd7055

SHA256
bb1501b44e90d383d10f21e5f3739e6581fef596c8d811666f2f4335756bccf1

SHA512
6358e2efcb4d47621efc382e9e52592a1ca140dc574a181a82c4cfd3bcf717ad17d06b860a3642c59d8de2a14acb9e0e8ef6889d9bdc4019aeb4f1b145c8b92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe1da7ccae8ec023b4cff1b1ce5caf9d

SHA1
5a54015c100f3027f53f1ff14d498893f1a8ef5c

SHA256
013609eb6b5b8bbf1d326e56984774f759ad1f410fd2d09cbef380f2994aa796

SHA512
c3b2a7281f0442bf99b4ac1a42e5820f831c7e1d19e18e35bb37caf99464a4ea3cc7a5c49d57b18fea98b8249c53a7f3aa45e5c4203f30c58da0d0eafc6811a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d8df831b77211087499ef2b242345164

SHA1
aca3e88bce6695949e486b55abc634a59906c615

SHA256
a58d65d9883b9489d70c9097bc9b78e774afb6b9906665604a232f441931f26a

SHA512
efd31abbb4752d93f144765fa1518d97302e0d104961a323c37e5bad6418cc74942a4f9c0b31ae071222ccd0fddf494fec043058439ed30a224d48b10772c035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
1KB

MD5
7533c8792e22c677e0f4979b29549614

SHA1
f56480bfd0ad20fc53dcd3651567866f5c2d8d90

SHA256
f37bff15e34ee780ed7ef528b594eb7c22770eabe48923c9978203300addb5ae

SHA512
6e9eec53c848d1c87697de176bb319d9304b1b7a169053a9b32a8bb43ff441f2f2327df22cf2226c2e3f35a6a50af7e5eee447846b49293d36f19fb244184ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c59d7ca3250d1d1888a1319f103ff2d5

SHA1
93cf4f8a1a7465f1b68ee788aa7b1c72ccda2a1e

SHA256
c4f979f2469f936d780fc3cdb50115959dacc3cd91f5d8c529cee0337c7d2ada

SHA512
75a68819b8561861ca51a103174df74d06be976c917d4b920c55c9773e8e0799297ae9eb5bac60ba101cf9ea0db5d31fe8012f5040963b9137d1254652ded8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a623.TMP

Filesize
1KB

MD5
493790eeb49e2aa168dccf177855c87c

SHA1
51a3576ece56254ac8d24f1dba02f41c74e94781

SHA256
7c9ed590bde359f1b7c263fde5018730574669ea901403cbc54bbd205f789beb

SHA512
5afd3bf9fcaed27a14086026eeb87d19618806a1244eaa6f6c5a263359e879af9c21bbc0118f68cd3917d011ac421e9fe1e42ae57e8ca8fc9a02b0b582746a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4c1b15f8158610b30bef1c305139bd1f

SHA1
5f43447c853298066fb40243cb01d0be9c39cd56

SHA256
3a4a04bcf459ead1133aacec4708a6cb984f4c01f63521ce4751263426c09ddc

SHA512
a991c6471aaf66d2b6cbfa96212aaee38c8ed5efe24ed5250ae409ae10e577cf53c131ed4320b0b66e0912ded8a64ed123bcb886a37292264be605d3d9400eb3

Download Submit