hxxps://privat[.]directory/au/AU[.]php

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 02:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://privat.directory/au/AU.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
2868	msedge.exe
2868	msedge.exe
3544	identity_helper.exe
3544	identity_helper.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 916	2868	msedge.exe	81
PID 2868 wrote to memory of 916	2868	msedge.exe	81
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 1128	2868	msedge.exe	84
PID 2868 wrote to memory of 4244	2868	msedge.exe	85
PID 2868 wrote to memory of 4244	2868	msedge.exe	85
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86
PID 2868 wrote to memory of 1000	2868	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://privat.directory/au/AU.php
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8549246f8,0x7ff854924708,0x7ff854924718
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5250429671899330774,12948828409423386332,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4288 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1632

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x338
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
74e9fff489f14f62e828661a4243a311

SHA1
65f19e58b9a8ac46618428709c8bcbf7d60b093e

SHA256
3cc57cb2ce2c501bbd6b2d485a57852dcdb1e993a416083a5976a9aab425d8d5

SHA512
570123b6843f7ba3b072cd1613003015d1eaad957f4b92bbb2c0c99831f665e7ec3802b56ce59fecbd68602bb48946ac9fee714f1c155c24636757cd9cc0edd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
003cb4e49f20dddd6a7c5ca2217d779f

SHA1
39da5e6d28351e9b3415c34eede0f0180c815a52

SHA256
1d587f395be6db617fae9b43712b5b1bb2dedf7587ab1d82f68b3ac8d365511d

SHA512
e13c8c872f953f46854be69dbdca6204fd9cf5474dded6af85047e2fc34659517902275101017c3c60fec4aabe82c8beba6005adc5dcf0e3a254c17c36d5d29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9ec31322e09f75d47f5b8ebed48b3a05

SHA1
51c93cd644d8e2a5a633136722f6080fef20c354

SHA256
15b38653cff20e7f897cdf65294a7024448a4bdd183765e2f1f83e5a8a04cc01

SHA512
3eec97fa89d1f76735ad41a8b7c4268fd24b92fa306219219fc269ab5b2f7b54262d9fd36c1ab662e03aede44b38037f5325a927a0debf1e9195b4a05d1127db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b09da5632a42caa6b5ef830de59884dd

SHA1
f77ae3877c4301d2aee4d1ddc36b3496863134ce

SHA256
d5233db9b5215becc2128f7e8e148e1f8aaa77979401718db3c7dfaedc34b345

SHA512
b1d3e21bc780ea99586d8f1c5064b495fc46f65bc2325e428b054a039e7d133a878f00f6ef5ee906bfaa987685933fc73ee11f7745ce4c627d94abc72a7e1689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2066972fafd8a78c6004cbdec2f508c

SHA1
2ff0ec929a4618958364057e96fed7142ac182e7

SHA256
122eb4bbfd4c2eaed14872ee023f5035d72b01eff041b5501f1590347570813b

SHA512
2a64e0628146de8dd82f1f13a819bc7cfde7e53b3f29b7d0c29d7b810dad690d29d2f1ad357546f10a88ffb166705d37a355008ab6f370c5b1c7adee0f4874f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a8278aa39ee445297ee64c9a931eb074

SHA1
c633bc6716431cc4b60335b504dbaeca17210f46

SHA256
4d83b3e32bdb9f2bf938d1178ee005be089a88950369a6987c08e92dd93ef7dd

SHA512
ddc55c9b4c95ade222a11eba1624d6b8a43c0ad6b0e830b0ef555046753d8996dedf254e744d12b40290d1df49b07353d33dd99e07347b09a00135e6cd55a1b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
51d7fba1ce72dbe5a2a36ce12e3176b6

SHA1
2953cca2f8483ad3a889456751b9b46a20222b80

SHA256
4b43bd33896cd18f135387f6a376cb58bd73a08ed4a119c587271d14051799ff

SHA512
da124e5a38761dd0cae3ae1f68316b7a271c8797e15b078790ec03f52563c9e0fbf752a6dc14c38d6c0bd2d5ee1038d73e8af4a1ded365cc12686dd8d5fef07c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581df3.TMP

Filesize
370B

MD5
c1312e5a8e5e94f84ddaa12b8ad2a3fe

SHA1
67abf50e5794d83b6483955af7103f6e901d8bc0

SHA256
3882a83fc9e1518abd0768cc5cb42d8da256d61a8cfc9471792155976ae2ef55

SHA512
01a11e71e1f9a3a3b5f658f81c0ab5eb49bb28d35f92acc92a64aae8f941d5afb0af0e65ce4e6d6d6a9317ffab00b5fdc8568a2af9862b516bb0ace09a42d9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f01b40e4-454c-418e-9482-6ac6f2713524.tmp

Filesize
6KB

MD5
56c03ecfb262d03e4b110bb2ece049cf

SHA1
77d98746cfcd19b0b1a48c71e613834e7b5e3af0

SHA256
e498d175e4b8c4958f1d2291856b8b4e4ca858ddaea427448c946b9da0ccbc18

SHA512
c046805ca3ce0c8e0710db60e9b6dd4f4a01050f73c58d47181c5f7181868007fbe34ef711195818e4861fe224cb989bb72653e8d14f4e0ea72c39cdf6ad4d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2e3759859a7fd6c0f6e7fc362e2c502

SHA1
58d3fb8ff4b3f3671b1bb09d39fb5caefc6864e5

SHA256
0a15703d2965eb499f01a332ef362cd9ba4dda1d1a8e802da9b8d2403ced016c

SHA512
2a73ae80807e229dd738417e27ae46b9340c19b64a1b5b87f893f63c7b576d696b8198de68d7179a301ea4b24b27c70ca38244b9af5e6cf4b4d6b4023f3e6016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6bae25c731914cb172a4b751d2b9e8b5

SHA1
4b331256ee31a08e0a5c5a055f91c1b161b26d3b

SHA256
cc8e050e580ad7a4418c01b3375a03e46cb7256924213d3d302a6f2443519c54

SHA512
872ebafd60d735aa09f954ecb68f935c76eb9bfe2dbdb9b4076da7c5d4d5829334b6cf4416f440fedc22f74366a45513119adcd3492d39c9dd65c25a80500786

Download Submit