hxxps://drive[.]google[.]com/drive/folders/17S1RqO0FRTe3IO0_qavwf1NLetpffngX?usp=drive_link

Resubmissions

05/08/2024, 01:34

240805-bzgw4ashrq 6

05/08/2024, 01:29

240805-bwqptswhqa 6

Analysis

max time kernel
141s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/08/2024, 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/17S1RqO0FRTe3IO0_qavwf1NLetpffngX?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Tattletail-20240805T013038Z-001.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
1424	msedge.exe
1424	msedge.exe
3328	msedge.exe
3328	msedge.exe
4832	identity_helper.exe
4832	identity_helper.exe
3056	msedge.exe
3056	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3288	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 400	1424	msedge.exe	80
PID 1424 wrote to memory of 400	1424	msedge.exe	80
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 3544	1424	msedge.exe	81
PID 1424 wrote to memory of 4296	1424	msedge.exe	82
PID 1424 wrote to memory of 4296	1424	msedge.exe	82
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83
PID 1424 wrote to memory of 4840	1424	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/17S1RqO0FRTe3IO0_qavwf1NLetpffngX?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb12c13cb8,0x7ffb12c13cc8,0x7ffb12c13cd8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1404,2110144323874818411,655701923379389982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2d5f127269415bcfc4960e31088d1999

SHA1
8aa4a50756345abe8d18bab9dc0d24ff512d1088

SHA256
fbc77fcb382dc04690ffec4304788f2e8a184e37f8091a85f3a9c98cea864ca2

SHA512
28374241925cbe95114038fdd52efc9bbbca948a53e06256aa886a2758152d3aad2f6bc6e8776d6c77c6bbe79be5b7eca4cd737a15501fd6afda4f5a8ea9823a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e31c81f03a9a564a5a943d1b892bf61c

SHA1
152c955f82f0bf521ff93c94b57996f25c282e13

SHA256
781909595982ce49b6f471a7d894bac78d502911d08ad5c83b7ea799daf2b322

SHA512
8b4551979fde51bfb1af1402ec8ca4e406bcadf9003d3322762514431bb0379394d705fd685ebd92dc5d8c58653bf6c99d9d9ec8ff9f9211d4b5072ba46a0ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b3f83f5cf740b155b9c60a94898ef141

SHA1
cd6e1570e2df96b19048c6bbbabb78fed0afc354

SHA256
4e08c8c15f11038e2a7eeb6719d8cbc90b359a0e7e3f81b5279c311f332e731b

SHA512
b58d2272dc7ae47c07c20983896f554e1840efa5a1c0fa6d6f9db9ac0287d2b288817f9bca22bc810405c7d23646a1551694af4e1f6e5ddb7df1164cc54419ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3dd97a1a131d1a176518f97f1020f2ba

SHA1
449a8c47a682341751f87c58f50e957d294e5b23

SHA256
178965db994a59676fbed2342aa0847b02b94096b68fb23657a77e19eb579c66

SHA512
b8902d3f47feabe56741efaa7a697c86a7000962f4efa30d6ec4ec0479ef5579c5675d6118c5a6b9535fb0d188e4aa71f7096b91e5f618398a1147d1dfdd3604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b06fabd388dec1a81870a10fb9afbe25

SHA1
eed0c319f716d889ded2789dbfd9273bf25776e3

SHA256
744386cf7945263bbc8eb39529c05f8c9f529eb11a7842a36a9f536ee0e3ae2e

SHA512
6e01a9874f116b0f05c36132d0124b18faf55ccdf5de18ab9d8697937a62c81eb376e319744bc83968bde633f21b0f7d13dda1e7083c6ca90e69958297085458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1bb7e0f1cd3c2fd31963fe71bea7f9c

SHA1
d0a725fc5e20e53619a91e969f3435115026588b

SHA256
a63905a100928332a9195aab1eb80f792ccf38b5c60fce8e3e70657f73ae8741

SHA512
d67f1173ab7d767f10edb8360802812244590713302c7eaca293cbbaa5c2f304f4af2e36b9ffce936d498eb2198ec1c912d11c0d760df86c0edc9f698a6702fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e19052299f23d4b06afbbb5ef71c72fa

SHA1
e42e16de2b942e131cb2e4d229f0d973e4918bdc

SHA256
db7f116d7b21ddde690244dd25df7a73e09ac63cd58fb26ec3b5a44a04acb9f2

SHA512
fd3438185400ad4a5dfb9d73a98107642d97b63bf68f6d046ce3308dad857ba688c17437c5dc3e122bd0cc036c7534c1d487bf411f0ecdd4411c2f87650204a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3481a49aeb82ac2406aa426c048a2f4

SHA1
835f0a4e4251b57f88642f1b76febf228de4f1fc

SHA256
113f140bc832aae6b1b8a9fd8424a92159fb0e49e3d48171453f4d744afdc568

SHA512
092362059d73955b80cedbcd8a81cc4af546bd743c7882ec32f1278d06fc21e32c1e1e3d8b01c38dabc3e25ef171484f732552a35b0a05b6111db22487ecbef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d2cd56de74a8d11dfa16d839e7c9260

SHA1
4e3e43034cf576f57ddebb115fffd2c43cb1de48

SHA256
43b86c66696a59f42a33fd03dc48756d829c616dc0e3125a514be099c37f0ac8

SHA512
40609114b3f2bba8bb13a260c692091d6437f03bdc97199c59b6c9b5b46d013ec4c682f59246dffde551d3ba74b7e82982881678aae71524d7a6a53afb71fc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
275b41f04b0278fa0abfe3f22e21af90

SHA1
79a3cac032d48b01a8ce70c81c561d495385988e

SHA256
4f146ee49e07b34e7d91da8cfc500f273a4c8141621a87d2ce36efcc37911c7b

SHA512
8509510c33bcf521db902168e4c930987c69a459cea561bf429000413f3e5277f4e19767aa9c8cb1b934e05810a0444fc92f91846c7c33a8f147a497ef0f9564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7aea3f20174df4e6028143eaeed3e8d4

SHA1
c5022dd9105f3281960d8b8bea270f9dc5361d13

SHA256
0a671604c689611be3b8e7f65c11e654014e7a8721d8df0565230da66f19e727

SHA512
47445191ecb078894785878b8f738f840478dc7192590380adb9d0defd786a14c7768e5c3078659951964990dd8c4710086ef4a271f1977cab6db852687824c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
069b0007a80b5dcd4b14fe7ce3e3c7f1

SHA1
bdf3cad30c067af94207249e7d03bc5926b76e20

SHA256
7a70e27573e7b5492faf05f7d2344bc46532536eacb4b1cbc5021efd229df9c6

SHA512
83c3bb5732775bde09e35ef606c76e6a4c28cbe64baf0f6f8c43567ade5fdd557ded60a75df8070fe100006ae0ba25399b52c2de20f285efabb1888d3149b585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58080a.TMP

Filesize
1KB

MD5
f124da97678ea2bac7b5becb236084ae

SHA1
d5ae5bda8af2226ef4dbd55bbc4bd59e165d7147

SHA256
8572151228316f99c03e74594d78945187f3e4cd4bf49b32207e1a078909efb7

SHA512
63d20cd8d40c41c21286f29115e285b34831574acdf65ce86f0e8b5546a16b62bdc8f81e462a28092a9bc76209719d7fb3dc9317a46bcfcb649bb8045881b755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
52f04b6a3fb3120de0811b50d234dbcc

SHA1
0ab87103f5af753409e259d4fb84b3854ab826d5

SHA256
2969145857d32ab1240cc4ba1074f725542f6a70ece2d4635a09c62412197cbd

SHA512
aa63f5a9dfc02e28c153c1c0595210d62df21555e79c2db860ce9d65c636dfcb7802d713458f1523eecd7d52794e1d5165ab5cd0dfae891c0eb0dfc4d5cf2a3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
cd6829f53a60318a54648f4ff9d694c2

SHA1
eda672c23f219a9cdbe740079412f5fbe04a157d

SHA256
5410184dfd5ef071de14c78cc7e9488049a85e313a3454250d53e974251ac906

SHA512
25a54ac013419868211b704a9b1f4cbc7c0a5b1a0e10cec09cd8eee3fbde7497e36c8e35f0506622eb9a47939c2c6b9590bf9bbf8d43508be13d7f85f7838ec9

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
bf9d506bc3ef115492702ab73476920b

SHA1
b5eef4d22ed88d8da0ffcf0b71ab6533378b6a4f

SHA256
76203097befb1239bd25e5a1d492a209cc461b5db423230937609ce84209cb0b

SHA512
1e77b56c16a0022818c24bdbe2448d98dfc3b87e8e9d6a5a3055a76543846dc28ae4e5a63e393ef853c032450d9963f7cd50eb6fe54e7aaa462dd14e3c12c9ee

Download Submit
C:\Users\Admin\Downloads\Tattletail-20240805T013038Z-001.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit