hxxps://github[.]com/gaurav597/LoanManagementSystem/blob/main/loan-management-system/bin/src/test/java/com/wellsfargo/loanManagementSystem/controller/EmployeeControllerTest[.]class

Resubmissions

20-02-2024 16:27

240220-tyg5ksbh77 6

20-02-2024 16:22

240220-tvekaabh32 1

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/gaurav597/LoanManagementSystem/blob/main/loan-management-system/bin/src/test/java/com/wellsfargo/loanManagementSystem/controller/EmployeeControllerTest.class

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
29	raw.githubusercontent.com
49	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3448	msedge.exe
3448	msedge.exe
1688	identity_helper.exe
1688	identity_helper.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 4820	3448	msedge.exe	84
PID 3448 wrote to memory of 4820	3448	msedge.exe	84
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3596	3448	msedge.exe	85
PID 3448 wrote to memory of 3580	3448	msedge.exe	86
PID 3448 wrote to memory of 3580	3448	msedge.exe	86
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87
PID 3448 wrote to memory of 1460	3448	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/gaurav597/LoanManagementSystem/blob/main/loan-management-system/bin/src/test/java/com/wellsfargo/loanManagementSystem/controller/EmployeeControllerTest.class
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe84a346f8,0x7ffe84a34708,0x7ffe84a34718
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12319539202840416694,10095690256468658191,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0d8432551837a38d3b034962b0289532

SHA1
e40a20851abf0c694ff862b620406423dec84cbe

SHA256
9794f998f25c39b8aac81ea919c38b82e8b10e4666e2c1188f24404d055f40be

SHA512
88612bfa3897d137bfa3c1e3bccddb3741a88e91dbdfd5d6ef63baff6e0800061939b7bbe91e434cae856ea605dc203686f85ebf309c96ef39df37e29bd37d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
7ac37464384ee7179ac68d1e99242b2d

SHA1
4ee441656cca629a32015adecc58aee62ae1f653

SHA256
e1ccebabefc990c0bc44376e9070301b5f1d57ed0260c81c4e78136e66fe2690

SHA512
ff6a8d9db51b9abeeceb69d251f38ccab6be5b670c193cab2f2b60292f5c66016db516980f14848021dbdb6e1933712d588fd3eafa7a7a36fd1657a3b55b3db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cbe8482ceeedb24da84d0e65e9123cf3

SHA1
21ca01824ec85625a384c3ddd3a74cbca7b5c8fa

SHA256
4e93f0831d1ad3b2e1c618f2101340f9cc6a34aac3d18329a792147028f10b44

SHA512
eda4dc35d14705ab3b933b1f967c91a8f710da971e572847a2906031b9d0d1e5efcf611295424373f2831dd0f96752b7fd6142f555398ab6a4cc0d49e9fbe038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67e6a807325fb7585b36e36f9329013d

SHA1
2d4fb77059a24114587ece21bc3262fd4b18d6c0

SHA256
4f3bb4cd727e9e24947a5f046ca72a4b17d5c599406d826a533e93c2d8b9b860

SHA512
1d6378bec0381ede51425e9a54b16b10890406e37be89cda8c571f5c44736630908f2125c5d5d20361b63cb37ff1e5ad81298eca73a54f3e64602fb615097823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19c76a0196187ad2ee83b5a10923768c

SHA1
45ddbf4d7f39b68bdb8c0337d5e4e23ea9beb9c2

SHA256
9579267f783c3cf2699d55c2844c938e13adffff68183bcabbd0f3f221efe015

SHA512
1194e9141fd8526d5cb38100875f57c8b904a9225a5823def8c754a104e27c4511ef227a066c273c6faa8beaf8d45a23d7158635d5bb8bc4ab5d0e1006d9741a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66e02ff7ea9377c2ab04d4b37147909f

SHA1
05954c30a2f026c11235409e3f1df048ece676fe

SHA256
bd36135d128660e05844f59769b0a4bc217c794cce2242ab74f948c3fc205767

SHA512
ae21cb56327f52b062e73bce27f3702c57d854044bd65cc4dfaee42026374e1c1eac65dccba4d9ef75b475aa18c8fc1dab13e47007f07144fc5c88e0a5e17762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6c9b75bbe617dff99a74f72e7795817

SHA1
0308604a35688d53679dfbd66c411edef15bc6e8

SHA256
35e8a73f6484ef7dfcba2e5a3932722df60ed00e00e402ad13ff5df6e80c5faf

SHA512
db0399308741fefb7d220bc3528ae3f7de66bb02abe6677285b87b76eb75bc4a4b38f28256dc96a8d63c028c824a832ff573c8629e0a592b22f1075058aa44f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae4d2b17995c481670d70e7881d575ce

SHA1
1207666e86dcc71819373469e2748d0b0f85574a

SHA256
06c48a1b809004ee97759333c88fa6650080c07e55c6603ed221986df047657d

SHA512
bff9b3a15d902dad069baf102e14270a3010124432651bd5b5fd3a107ee1411d6745a986992fccafd78f34e593e7d6b8d8fded7d911373740289af325732b400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1022B

MD5
784bce2578acf24856d483a900086290

SHA1
cfeb3505a4e9c5e402e1f8f5897996e9afa84009

SHA256
062e3ae9845f30a1925529fe4876327e4a503a91494287b0c088d403d27a3d94

SHA512
241f884a37c3065c639eb2dbeecccf40d713d23268eca7c7c7baa2a803126eb3af750abeb4b1db67e6b9d70c635a9aa5acf064e8f234f4333efb7cf049df0328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1022B

MD5
bcfca84a3b2d887ca9c5c1a6b002dafc

SHA1
23813fe7dc5a948ceaba901138b37d1138447d92

SHA256
3556aba6ca667fda7bb1a1fa8c90e7b8d3d885650137a2ef2223cd90e96489ad

SHA512
dc90575c0adde0543b309000cf82b6660eea9a92373cf38c8283fc13c4b31ea9e488876c6c1584e48291192185c7d2747c8c82588baf31f0ab35262453e14ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1022B

MD5
77a5430a31eb2fbcdb5301a4df40affe

SHA1
cf4e7d37d10cf15ac872343126c6366e3b07a836

SHA256
ce6cbfbaba1bffe3d09bec698867c4aaa77fac52ff999db43757dc77a33390f2

SHA512
9b6ff631985c9e8d757c885b4b2d063f0d0c2cbe05e0253920f609f3a0102b1fc66e0512cd7568a699dd550caa19ca5fc60e72a0ce928d023b7ba6deb80b7856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5831f8.TMP

Filesize
858B

MD5
9593719a6d6dd72e596da04621691e53

SHA1
43a281137351e0d5746b621e66ed9acb26d849fd

SHA256
e864078b460c7f475a387039537661815135a84cae2382f93678f3bc64c7dda8

SHA512
3f79b100b096429ce3d26a7fe23d703c758066eb3c3ea5fbe006580bc22783baf6ac70e25cb9dfb675bbe5d6976aeeefcf3838eb52366e83b8d232f5b3844dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08db448d33bfc1f2def4a854c529a595

SHA1
48597f1ddf0744582daccad4a6081f5d87f4ac36

SHA256
a4c866348506ff3bb7d570d2f463a605f67ac6d162d0cd42c0af589471218757

SHA512
54342567d1bba3bd2f323587d4b7fd2f4dc42af0050c0c80e4496aa379a2f00a693258fbbcb451f80ea86d71d9e3c31abf4ecf9941ad6d93ab504679f6e5a998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
434388ec479b88c25c349ffb0d5b3540

SHA1
a1ef0c17888a53ac6186fbb0af8a9e922fb5fca9

SHA256
ebf7943d07ae153a99d2c05d00e05aba3607de809780ddc9fcc45fc8fa62f7fb

SHA512
66cdfb6fc402622086bba4d787025e319971b1980f005605c180c5b5990969a423b8240e034a158940a82dc1d351013ee4b8cf9ee885fa326a5c0faa75051682

Download Submit
C:\Users\Admin\Downloads\c850ce8a-db0f-4501-8691-7a380b827907.tmp

Filesize
4KB

MD5
7d0967cbbc08b42e15eadcbe7b0ce87d

SHA1
a502c8dda6bbf78a75ec20133bc4438f00bba0d6

SHA256
d340513ad1d6427c1319b1c4f1547a0a321a72649c178163178f8ccabd1b504c

SHA512
0896b81bb7de6cb66f3849c61a34d483dc4540f1df2d3c61cdc611698342cd56f40dd2b1c0de9765c8340038151f8e911519575c7ee23a3c2c9b8645d9c6eee1

Download Submit