hxxp://www[.]anacorteslittleleague[.]com/

Analysis

max time kernel
158s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.anacorteslittleleague.com/

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
1800	msedge.exe
1800	msedge.exe
3684	identity_helper.exe
3684	identity_helper.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 1264	1800	msedge.exe	88
PID 1800 wrote to memory of 1264	1800	msedge.exe	88
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 1620	1800	msedge.exe	89
PID 1800 wrote to memory of 936	1800	msedge.exe	90
PID 1800 wrote to memory of 936	1800	msedge.exe	90
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91
PID 1800 wrote to memory of 4600	1800	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.anacorteslittleleague.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa486546f8,0x7ffa48654708,0x7ffa48654718
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17593952132024989481,12486641879626126104,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c901047560459ab4f9f5be992d806ce

SHA1
971e3b3a06f3e63da422e440d6d46e7268b29377

SHA256
715752d13115dd9dda10ebc8de9cbdcd398220fca7fb0a1db62d8dd58c0df23f

SHA512
0ab0292eefbfcc54834eba6e7ae125acb9bb4367b8e19f479e09c0de11b8a7cc0c077a71b9432ca32630b8e380503a5291d2f1090e35e88868dd921fae020318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
322f03d93e8f62c6ebe86331935b78d4

SHA1
4c9a70ff64f92f240dda50b2dad1374ca35e7a79

SHA256
de70a630e2efec879df4ce58894a95ab3aa110fadbebf0a939e0b94e966c3c13

SHA512
303a509b9f394153449e140b356476cff7b878c6b5f92c3e29af9d793dfca90e6bc43dc3700edea91258f1005469ae72c13961107975d68a11c372f42def0984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dfe315af8978202f2161eb6fd39f9ee1

SHA1
76f1c92f66707dd29e03103edf66dcc5454297e5

SHA256
98c75b3e4968bcd4413a877686a2285b41603168a0cc470205183b8e296505af

SHA512
79b92561e1e1d944ec2c67ce9487ae83acea857d3d3f9921b574bf9d8693852a39cb50e994e2b6d0fa34b0dec3879d7feb338179f3f6e0f809a0f0172228c76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8fdec4f7043691a3060c0f6bdc5fdf17

SHA1
8cf898c11f4019a0feef2b0e31bf9689fc6168fd

SHA256
6195dac18ad681d7478fd56993ed6b6566e52996e0988a05d185bf1e1e48eef0

SHA512
43185b502026fa46b51c2d268132631aafc0bde830e7ac9b2045e4b4fdfa9449ab94c0af4a75bdd16324eead1a2b5bbf0130a44d5500964e5f5576d6ce5fec3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f6c3e9dd0ca51fb690ed2756def28d40

SHA1
fceebade8be634c4714b24f9f19833fc257898c1

SHA256
dcd4182123af53710e3e1930adb1f25c6bd3b8a4457458d944ad842fd1c0ab8d

SHA512
531ad504488f6e07b07614841f85c61cbb402bca1d67ae30126b9950e164f192c761fb2351c50574c23f67e0b1adb77e18f49ab7d0529a09a84dc0c81027bd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
830f77b3de8b7913d865a66a8c21a677

SHA1
a870573388f8c1bf818de8ef25a78083fe13cb16

SHA256
f353ffa336bb96f8916ce766f8f7906ae4cf69597766180e7043d52245f78332

SHA512
ebd93c195877f2211680f97941f39b92d6e1edf3573f9a1af530ff793fd9a501dc5f961e056e4ab54f46d20b1f31ef2528ccd6f1915fb29f87fc2c210787418f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8ed69d0fc17ebe5772f76627ed5cf3e2

SHA1
f541179e771083d0edc23d4a6aec7c010b5ca7ee

SHA256
9dd206e2eac5e557eda6210819318b5f52c1d78125273fc10ec07add281eefe7

SHA512
b308fbb59c9e5aff5fbb1788db802bb73f537d65073203793708443a1c8c289a223345de08e4192bf8be3ddbb814706f77bcb4032cf16850c94d74c7251addc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
57df2689746acee367a8a3986c4a3375

SHA1
2ab7e29a0fbcf8ed989c6b4239973417cb6a27b8

SHA256
9892761279ad9c0d04c53ab1dd7f71b7da51e587e58a6302b2b6195ca8fa0c1b

SHA512
5fcf584c420a077bd99a5f570f98c467b79f4461b94780ed61d5e1ad83f51e4dd96f94602417b071b02e1793715dfd0e692a5a854370c611fa3dd849c0c984a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584978.TMP

Filesize
371B

MD5
592a8e9c33e1c2b5b24efd5d4476be8d

SHA1
29e058d7ba42cb67fef3d7251f8396a7a8966e39

SHA256
7ba1fae45779d20a629c6aec1791d326ef3a749e03354ad4a195023afbe4b69a

SHA512
f1cef10c925efd98fc89ad13e99794b01f5ccd3e6356630eae5f08782b93bf66538fdf48f530222193857aef7cbd1bad0aec899c5b6a2fb952ce9a766a89cf51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f14922d662a5ecb06a5a16f0cd6fab19

SHA1
3dda39a335f69bc479dca97ce359eff3f07f66ff

SHA256
c8ff6258324ce2a47b1a37c9b1e71670826812fec36a8c56e343a21f3b88cf2c

SHA512
f46c0d0cb02dbfa6f3d2134b92ca58433c1892f09e717996137a384dc92650314bd2a4789eed4f9e32333948f1215531ac28e573bb593912202ac73c947dd817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b08a94c7efabecc0f3146e0460be83e

SHA1
e55f212ef0238849a28c4d3d713cc34cb982d5a1

SHA256
0cbceec5db07f3f9c9622cd50f40c682b33f84e5817b64e14f87ab6386f1a7df

SHA512
fb8152ba5a9ac945f78b1c37f9eafeae1ce8b0d83f681b573ec87ae18aef7cbfb03df0ed7e1a353fe6c8a955f7fba5bc2e9309fd987a130fe1df61f4b0a9df86

Download Submit