hxxps://lesta[.]ru/ru/games/tb

Resubmissions

05/09/2024, 08:16

240905-j54xtawdpn 6

05/09/2024, 08:04

240905-jycvrawcpn 3

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 08:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://lesta.ru/ru/games/tb

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
123	discord.com
124	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{947CE0EC-F395-4068-9AEE-C20EE5558DE4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
1340	msedge.exe
1340	msedge.exe
3476	msedge.exe
3476	msedge.exe
1676	identity_helper.exe
1676	identity_helper.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2952	1340	msedge.exe	83
PID 1340 wrote to memory of 2952	1340	msedge.exe	83
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 4044	1340	msedge.exe	84
PID 1340 wrote to memory of 3932	1340	msedge.exe	85
PID 1340 wrote to memory of 3932	1340	msedge.exe	85
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86
PID 1340 wrote to memory of 1168	1340	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lesta.ru/ru/games/tb
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84c9246f8,0x7ff84c924708,0x7ff84c924718
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,13991554000167665909,6212354258732622002,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6540 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
71eb4c0fccdf95860d446d85bf38375b

SHA1
ae174a1a65ad73075a37d31625fc67960ea2e251

SHA256
6fbd0d036d9045dbd07b08012de82e78a34b50f53c9b80e07812450a6ba0073a

SHA512
73b8140a1692f46091a75bc6e3655d928c06dda8b7538f97a200edee999856f3e4978bb0ded501e38ee773082799ae5eca6d092241a4249799323e881e9fa881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ccfd420f8e1d02b5acf0b5fafc9dd8a3

SHA1
dc847b0808ce1250ede52ba48a58f0e4744f8893

SHA256
446d06e4173390a149232474f5de82750acd677a8f02ff284f8e6063c7bc8fd9

SHA512
b4cdd57d904995836749f9a87f5d3a46cf71f305b433a86c784106148cb4c53bd80e184538303290a189362bf72ac008346fddd6d80ea64261ed173a74332e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c76ec22b4d8b7d981d77f13be7858581

SHA1
efa2d435a0def42ced776255ed10975e51fb3995

SHA256
8ac7fcbdff69bd1ac62c87beb0b3427ed358d52c020053c35c47630265aae3d9

SHA512
296125488a1008b5a5198b8a0640cf72195d6c9e30ee64bd81536277229157499fab8b3b969ada8dacb2c9b3ba09d49f0dd85da315208f61b5653c6ebd8f75b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
43c99999fd672cc6d625790f808a1602

SHA1
7f1c27dea0c6394836531e912443be25a5e42837

SHA256
402a7c0778450ce495efd97e224850101a27f8ca7d62899db4e74731b8785702

SHA512
835d9e704d8c25cd2018190c9f7021a7f56affb825d8fce68c3eae6c6ea8b589e47d967087971ed0a2aaa4c4179a2f66acbe6309bcae57a04c2e92127aaa6b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4cf8676abb27a5ae751f3abc34b03d11

SHA1
7333c9c53189ba16e2815ba101a4017b1a598e56

SHA256
fd4c4ccbaf7e98165af2641cf1a896f2762ac059eb441ed28672d901dfcdb365

SHA512
e9053c14587d07177460fc5152f308dc8c0b120e532c8b2050701de93194766761e5bd2fd03e5ab5fbf96a7bf72a38fe16435d611788488cacf0a68b95a68f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a8bb3f26bcf4a2e4d6a1b6a181d48b5

SHA1
419a1eb4c458cf6f71b42ca3dad37934e415f80f

SHA256
47eb198586906bf477de386c292cdddd0eabb76935a0a44d24e8be451be4f81e

SHA512
eb52c3e08251b6a5203ce5e0f89c1b59c721a0f7d0199d514ff8c26073bdedcb92f90a5dc4179623584f3e97ed8c139b0d4f7c1fc3fd415782dc9b6fb89b4cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2f4966be279bd507b55e618696f9f771

SHA1
9697c2bd67cb64557a6f63ba5e2d769595be9988

SHA256
42d344189d652aca0ab5c6eebdc79f8f7e5b0d2963f63cd5702cd119fe2b3c05

SHA512
ce988a1b20c283b448241d8d32336542b050bad0c810ea5e106b7c01ba9483608b1ffd7474fc423c7dce2a952e06966f8cc8fb674cf3fe6154d3be4ba9344a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
711f0b772ef2cef60cb6ec132081feb4

SHA1
a7dd2e6ae5a2dfd93beb49be5802b0ed202410ad

SHA256
f81528b74a5bbf341722495cf663029bab7bdbf0e11a5462864da64411ece9ee

SHA512
d1284b10482b1a821b710e00b07392aa3bea98fd76d01706e5304e0b83f3974643acc63c2fa96598be81bc9a155cd10e589f74703211a1dd58f31e5f4358f695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc2e35ef4db540fc6963eff7062f0ee9

SHA1
0c93c3343a26d9423eec517effb9241d13a7da62

SHA256
ff1dbdd6eda973d54b34b887bdf4f6cc6346e468bd19ff4a213b2b8534e6579f

SHA512
a096d52d87e404b6b7aeadf769117f5f950290ed9de7495f39affa9b52712b8a48d72c35b83137017010f576fbf50720e955ab056784264802431931b1202326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
edca6f3f6bb9746428afb81b075eb496

SHA1
a4e093285b116c48ddc0e97f6fdd3801e2e6c524

SHA256
b442f51532d01d2d0399fe3380b7d06fbc790484046fcbc456b3476b70c4876f

SHA512
82aa5293f6fb61186abf481512b5c9af18ea884061289276f57e1143d65228dc307cd91fa96f58ddd2bbe070898d8c9b263367d115937adff6cb91f53054b4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
2535a5bc271d89fcc2d93750aa639fc8

SHA1
c0548dc7acb549d4044a2e9dd347c1c8f115da5e

SHA256
a5479cec56e8c61672ead99ba8a805396faccc430f24772c69aba1ed1994ded1

SHA512
2a3905d116e2ffc942bb1f469687d85836445a402616a333d6079fd3b5fb876fa37c7689e898a4b1eb5a64d621d9a1c441085b8bba3304c3e7c9b0746639c0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16a47f5b9512dadb23af1f137ab155ff

SHA1
2a4eaa57badb46f85982c4fbd600da2d62039147

SHA256
f5f85771e7c9aa2218862e4db7f825ad67c8fa0dafd5afe4dd69e2320377949e

SHA512
bb7b09146861dd4b7896c57438b58eed2d33fc209824254bce57ee8d8dfe60b93d23f40686a7f527a4f8099aff99ca2b4a4c3847d165384237f276a3f5fcf03c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c8e.TMP

Filesize
874B

MD5
63e3a0a7159d9dcb4ba6f15180508f93

SHA1
90d8a82205ffdffd597408d2dd32c2366f65cb0a

SHA256
96a063de2367cd3610375947a2734950b53e7271bc06728ca7fe900764bf0f12

SHA512
eb374b7102ee745cd4cba26ad094c27766d34d62902dfa21e6297341520a6d1b707532c773dd7268d6b32ee562db9906c896529ca4d810bac12d3cbea81c0e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
535a8df52c8f326e188a183c2d8fcc7d

SHA1
4c344cf5eff52cb8bf3ecd4c81a445e732b037a3

SHA256
db6fa5bf3678f9a579599fb5ae8c10dc4caf6ea779139caeb8c3c8b5ac870098

SHA512
9ec653b75b0e64aa3fde361df66e071529ae745c5c0a851f3b8f3d154020b53ddf21a11a12ad4beb3fcdf7bdaf2d2032fe3bee7a7db24788f611c7dd2bae4126

Download Submit