hxxp://astute-privatejets[.]com

Resubmissions

18/01/2024, 23:45

240118-3r6zsshhh6 1

18/01/2024, 23:42

240118-3qdlvshahm 1

18/01/2024, 23:34

240118-3kelzagehk 1

Analysis

max time kernel
186s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://astute-privatejets.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
3300	msedge.exe
3300	msedge.exe
4676	identity_helper.exe
4676	identity_helper.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 4592	3300	msedge.exe	56
PID 3300 wrote to memory of 4592	3300	msedge.exe	56
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 1036	3300	msedge.exe	90
PID 3300 wrote to memory of 216	3300	msedge.exe	88
PID 3300 wrote to memory of 216	3300	msedge.exe	88
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89
PID 3300 wrote to memory of 116	3300	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://astute-privatejets.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd92e246f8,0x7ffd92e24708,0x7ffd92e24718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,686712744821367842,13603166593114162229,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x498
1⤵
PID:5860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
201KB

MD5
c445ab4315d0633d446998c80764cc36

SHA1
47d3dee9845cc6e29b6771dd6560793b8b93000e

SHA256
5635695eeb70b51c449aea7a5bd3c9699c3c28c64498fb7fcb8173aad45d7242

SHA512
83a32ffdddf3ee56e89f232c8d05a4b00265895b0e41d13700f90fa389f0bf3f112c291c24c3819751803322b11e2ff866971d835d601672b36818c4e099bff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b79ac695b154442817b11a7f37ff6186

SHA1
7df4647d6f6d7e58eccb5e4ca0be99f03c41a79f

SHA256
34fa3b1a82a433a4a23d9873a4fa984289cabb483ed8f487372ceba261a1c237

SHA512
8277262432dfaddc295e9b498274bce4384dac814083234f9a2c33ea78a5dbb858e5c7f3fed6d824d5a8cba9347ac2d070ffefd238dab176a5a321c34aee2dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
10a56db359495eb8419b58eace6d94f2

SHA1
e1dfcd5c8e82db7df364c2647e5063c68e84288f

SHA256
5a03c38d38025de33b87474ec7b52e50e1f9492c87e7e722656e9d4dca75e320

SHA512
14c722e98298ad17831c3a142e1c919dcb59f228d76088c3e950966bbab912f430ba35ec2a8446399e0bcd3c812ad08a77af625dd1c74bafc72f7edf027ea610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ecf355abd277ddfa67aa1e8a984c4ae0

SHA1
b0240ea00383df95ff19d6c0a4fb6069f39c235c

SHA256
fa8c9085838167ee0dad3bb1ba8fde70620bd84c22ca956729a8fcc9c0f3b6c5

SHA512
09737d9e6dfb962011c0dc6aa38fb131ec766d93377b5e904ff0973691fd0a135dc5f737ced2a8a8a9ce964b79722490b8c53aa9af95211fa2d4ccaa1064d93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8da33cc6402a10b8b89d3ef059f2d041

SHA1
683da5200d0224473484dc2c16dde88f95296661

SHA256
62906bb48b82a27d62e530ac61ababfe232006fab3137cb1725ecfd665ef0fb7

SHA512
5da86315230e4658e1badf50f82d538ce08f4144b5fa63f6fb7d690350d72130601c79599d166fe3e0b7a8fe14c74a937cdd3cc326f073cc39d9b50d462375d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a56db5af3e0d9bfb60b753492a9862ad

SHA1
8220d9018b9e37d6d1ba82c55adf732f54aeb024

SHA256
707290e3a84fe445e34b90aa69f57a5cb8aea4aa02df675b454da73d44a1e782

SHA512
d3cf82463b02212a66ab68a7fc44ad7f318a7c8036ed41cdead15121340bc0a34de64a122142e10cc77a572976f3d84b7f5a9ebfc64807d47843c278080031cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e389eecd9462817a40f0aacf06f67a1a

SHA1
b316ac848873a12d390c9c506b5cf0c0286c10fa

SHA256
fc635abcf48df83d086b1c84e4a7c67a4246f75fafa5d6fa60079499db0d8b8d

SHA512
05f973c3e65297c9ae0435926b19a734318a2c603df73de5fba38e27fefd1dfc23b7b07eba4affaee2d1a0b01cf937708de6e83504fdcc2623f011fb58a1289a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e42a78289900640ce4fa784b086fa70

SHA1
728c6f9668d232491780811c16f32109ecbfbded

SHA256
28949469d896ce1ae9b35cbe975e044ec7859242b5ad5128599ae2fedf5ac5d0

SHA512
a5768eb1364c5aaacdc8a77f023dbf8aa9c3c8d50acf8071699a72f7acb8663a41a3d084389eb1643704227b550bb7a51dff465992b1ee12c60348c5f7d147d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
019597e0930c6df19e66af14fcac3a32

SHA1
65dd3e565d88e9dd1cc665ce604f7e014fbfed7c

SHA256
09e58f200739bffc7d8462f2844b1658e61386e21e8ddcf4dae04e2c3d531925

SHA512
b8932fc06b0bb32b8de90446979b400b521c25a743f29158dc826e44275c392a08bbceb2ce1e9db42ca4a9dec50776f6cead9727f54ca141903234cfa86bc2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd21.TMP

Filesize
1KB

MD5
70b5e8ecf94c94806a62e095dfb8a4d5

SHA1
19d98fa77fb1b14c2b16a0807fbf41f993387b75

SHA256
bcea95de8292f4a3cae631a40149d080d3ebbbc34a8805f37921d3690535d6d8

SHA512
f63f8dc2306d24661542a9f2dd30319233795ae273e087d93b15992d318b8161cea5b6c41dfa4934251dbb144fb436ca0c047de98cdc5756a680ab970505082f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6a485f1f6def668d424ce95a67b0dad

SHA1
df00fca858233b98d4e5764a61731c47bf73e8e9

SHA256
1ef997d43ad5eaad636fde6a5e029c79464954cc9ccf3a8adfa08442a1c7e44a

SHA512
b445d42485aa04891afee7bea93e9ebe15f42ef8f9b3e843656bb226430d51717f151b5b9317ec71a94c18fddd74d8ca3d52f7ee573399aa6b59e962534eb629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e006f46c63f67e6f1cb59208ca0e6efc

SHA1
71f8c14c790b9f2c064dfcb9f5ef4501d9d0c502

SHA256
9f530ce6498e513bef6d9539b9915fbd7aaeea5d8a31b8a4c209b036f4025355

SHA512
73e6c790a8b59249e922391503c2fa0f673a855ed3851ddd1446d9051b240897da19fd9ea125be7b4836a5da56cd4661a2aecf30de80f62034ffde622603e95e

Download Submit