hxxps://danitails[.]fun/?hecddjwb

Analysis

max time kernel
251s
max time network
247s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://danitails.fun/?hecddjwb

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
3028	msedge.exe
3028	msedge.exe
540	identity_helper.exe
540	identity_helper.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 4200	3028	msedge.exe	84
PID 3028 wrote to memory of 4200	3028	msedge.exe	84
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 740	3028	msedge.exe	85
PID 3028 wrote to memory of 920	3028	msedge.exe	86
PID 3028 wrote to memory of 920	3028	msedge.exe	86
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87
PID 3028 wrote to memory of 996	3028	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://danitails.fun/?hecddjwb
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe67f346f8,0x7ffe67f34708,0x7ffe67f34718
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17520662341776172976,12460968895069108632,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4656 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
71f6642722090523f83620f812b2ae02

SHA1
425fbbce79be8199ed730f4b2640a92f1f8fea6e

SHA256
f6c1d0d0a9b0490016059c05f33389ec835a726a967134b11f748e6e2d8d9337

SHA512
02d028cef3b8e17d076571a9c9d5c234e206dab8da417eee621da0ffd8c6a1a7d88d543d1d5062d4c3da11decc23edcab8eb92a10c389bb76ce4513b2827a1d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c32feb77cc8af3f4ea2ec191cbc05577

SHA1
e767dcea7787abfc6100fe886dc0bc5b0e056407

SHA256
8e22a643079b29da18638742452e4514f298f07eaee9a1c81b0dd9723023ca3a

SHA512
8451e8ae9de5aa1d811b8d0d9350c5c3dc4dca86df7b3709c5abbf2ff62dbdf49d87dd6e3b1e354381d713000449db00aeb0c3c73accabe0bf340017b605a184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a7f48dd6e57cb14e9191be46a337777b

SHA1
0b155c06e7fd3f41b8829a344b214afdec060b43

SHA256
b122e170099851d7a3ddb9a4b8fb048261da8dfc1e3dc3db7f5dff6edd30ef61

SHA512
30a9899160d8b8c83ae5a4acda78bdf3848f6dc192a0694c09021836de160571c7254150b86e170430cefb720cf1804599d922b9d4bbe371dd0ab66bfc94e8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0ac7fce94dabed25f670b8672558cdc1

SHA1
5dd19bc164e949312156307daa49f2fa93012f93

SHA256
cf767f1d83db7645aaadacd052dc75ed5e87d220e47342d8ef7fb40fd5f510ba

SHA512
615125363c536a2baaa2fc68a5b069cb1683f8ee9fa8a4f43f98407d2112002ff36c5c5b238148eff146b4ace3408410241a60e640bcf32ed272a302084df2e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3866ad3c257c903279d2c18e0938bbec

SHA1
7d07218d11d965e89e22aba2f8049fe4dbb55c3d

SHA256
149365a8dd07033d2b86270947d37c332b59bab2f955682a483dd486e1cc7ba6

SHA512
62ee00c4e58d0f8988e068596eafcb513af9b5a51d7e0393ac5d98f8c82a704ceee155490a4ddf367be5c6e8b8c9642288aa9f7f033018c251f25538751eb001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
874f16946fb7a9f48903fe990b7fba04

SHA1
ca89c9b5758bf2fdbd5e6560e24caa21fb9e565a

SHA256
be4734046ae505f55d1db9e329776a59bec86e520373a2e0f260b241905486b0

SHA512
3721ed66b9a7f350ceff1a782a528fa60f0aba4a580cc9703f96f2440ee2994e9a62035eeb5e35929ee8fbc37d08542e93b650565ba3b892791c689647b4ec33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5d9c13b2e7b3e983268998bef0d549c

SHA1
e4f58aa159be4aa971614f48e19595480727063f

SHA256
e7644d042c0dfa04710cc24e6ccf71007cf5b8089fae9c1e5ed1287c6c2f8dc3

SHA512
6363fdd072ad26ceff07c90352a311662afdc34f6a435fa8c86de2a2ae7c114316979402ca7e8f1d42a67204ab9a181ea60a7a011c6acc302a706597b0749309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a880da97cca527e6100184cbb0ffd582

SHA1
ca31a6ef37f54421c7bd1232f87d8752a2044dc7

SHA256
170ce947b259502eaecb5333ee94a81d94dfc56729f2ab63648af6c79ffa76ed

SHA512
477405d436d9e593208350e070282d2a4b7d467e02efab8053a22c1d28874911b9e730dfc3db27fd62b84f182d5607611238aea08a7f6bc6816e95fee2fef3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0e5200b72d23667b1864c4db056b6fa

SHA1
a5612d743dacd110b5a7995c7fc04f6bdbdc4d23

SHA256
0ca29511c6c0296ab8768d51e75c94102997e4518db4624d85489d00e0513e06

SHA512
c7a0705b5f6f780bc8b582a66263a6fa82d9c1c110734f5dd6aaceb22ad066b2f44bb76697f189f6e6d38d099f4e20c8db6282bca27d9b75aacb12f3639c0ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d155.TMP

Filesize
1KB

MD5
84f7426559a193a54a1d082ea229baf9

SHA1
688ae9e5086df85010f22c50d98bf3522f613457

SHA256
726e11f5bdf5e79d186556698d59dfa9e044beca71be79275957cdd5cb50d32a

SHA512
90f3fc7020740341a44ece4ec0b5b8c6950a1f2bf79c3be13e9c4717d81a6b7e15a19684601dd75431b364107b50103272c71f9303d1971d689595156b2af5fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\df5a7895-b3ba-4eeb-8ed9-f7dacf1ff6f9.tmp

Filesize
6KB

MD5
29efc8c3985487d62c557062cd54dd65

SHA1
02b78461d0324f1c5917ba2be1db390ce9e89096

SHA256
54e1549afb24dc4f4a28f2c1f8bcdc05666b26a8e04a6dfc1b6e762625b8cc00

SHA512
6aa3f194b7ea3310156685ad30181aa188e7d0c7f48ba55a84366ab3b7a9d56c135bed15fc67b7fc4d879c55743d38240495764114fd23752debb94c6e9e1b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
92886cba34693b25a8443d314940e938

SHA1
ffc7f01d9fc89ac616dfb2cbac84729d73bed052

SHA256
84ac36f657fb6f377f63b3ce8892ddd8a139ae4dccbb7b480492e9847d6b1ce1

SHA512
ebb2edd0375ca9ee939dc14966824f02b6e78c6b496e307eeee0bf3cabb6c9f714c1c0fa9349513ad75a9840bdad13f88e89460a7284e40ad99d55d36006fa29

Download Submit