Analysis Overview
Threat Level: Known bad
The file https://ctrk.klclick3.com/l/01J5XTD9AATG61KP0NBR6WAX8J_0 was found to be: Known bad.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Detected phishing page
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-23 01:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-23 01:12
Reported
2024-08-23 01:14
Platform
win10v2004-20240802-en
Max time kernel
94s
Max time network
98s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Detected phishing page
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ctrk.klclick3.com/l/01J5XTD9AATG61KP0NBR6WAX8J_0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8996946f8,0x7ff899694708,0x7ff899694718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16146384090322337713,15391418164873278591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ctrk.klclick3.com | udp |
| US | 104.17.93.1:443 | ctrk.klclick3.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 88.221.135.104:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 1.93.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | georgeepd.co.uk | udp |
| US | 104.21.30.161:443 | georgeepd.co.uk | tcp |
| US | 8.8.8.8:53 | 161.30.21.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.95.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gist.githubusercontent.com | udp |
| US | 185.199.110.133:443 | gist.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | findicons.com | udp |
| GB | 13.224.81.95:443 | findicons.com | tcp |
| US | 8.8.8.8:53 | images.freeimages.com | udp |
| US | 3.165.148.6:443 | images.freeimages.com | tcp |
| US | 8.8.8.8:53 | 81.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | elites365.tairmcan.com | udp |
| US | 172.67.213.241:443 | elites365.tairmcan.com | tcp |
| US | 172.67.213.241:443 | elites365.tairmcan.com | tcp |
| US | 8.8.8.8:53 | tr2g.selinsvi.ru | udp |
| US | 104.21.78.226:443 | tr2g.selinsvi.ru | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 226.78.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.213.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.socket.io | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| GB | 18.245.187.34:443 | cdn.socket.io | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | ok4static.oktacdn.com | udp |
| GB | 18.172.88.48:443 | ok4static.oktacdn.com | tcp |
| GB | 18.172.88.48:443 | ok4static.oktacdn.com | tcp |
| GB | 18.172.88.48:443 | ok4static.oktacdn.com | tcp |
| US | 8.8.8.8:53 | 34.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_652_GBMNMBGIBXMWQHQQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e94a6478002fc3200006c22a52ea92d |
| SHA1 | 5d295cd17c4eb933262de702ad7dabc38d1cdc73 |
| SHA256 | 08c3a491a8c0d1c43ef9eac6c6e7af67fa30ce774d8554fe55495968213948ea |
| SHA512 | 0c6bac9c6810f5f77512a501fd9388847f057be4b1d7fa826d68b53306d5eaeb4d7d907e74de385a418afa1cb9150a9da19687d03e564634ce7e3729f85e49b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2a66b47b36bacb9c0bc50b8e3b483d8 |
| SHA1 | 78c225ccd3d758765b4314e2d0d5d63452478ce8 |
| SHA256 | 10882568bd446bd7e4859d3d2114f7c4854308dc25e28dee0de8d661c08912b5 |
| SHA512 | 13fcbb39a8db27d7bff13b91d76f754f07dfab256841ec4093194445c3a218596921ccb591e1d325a41215026f3c11cec1f77bd30e2a476a21c92be2576316e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 740b18ea5b4e950593d66840c07f2763 |
| SHA1 | c45690752618384c56bbfd8fc066abe1e5beb769 |
| SHA256 | 9eb6a81d809950e345bc0200ca2b87ae580dae34fc9314a8981e34e5bf1bd9a5 |
| SHA512 | b72e23efb4b3fa55b8b9fc1945e3459764f6730b7ab6dddc4e708d38559117d8c07d9939d31a2186e5c90f89e09dcadaf84cf4c4dd231ffbf2d9e17e294d5a40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d079261d18322e0884f4f84c1ae5cd1 |
| SHA1 | f04c9d24d36ec12b1600377a197c4a3536424a1e |
| SHA256 | 1dedd8d7a1a24689de0fe5a332fea41f823b61e6e4a047a77d1966d0869e9c4d |
| SHA512 | 1486528177a01f2f30198b8701bfd9c5ce2f17ea3d0acbbb4c338ebb4bc055bb7061740191aa014763f81beff4de9ede2fbe7d4a4edebe08e2eb5fdb32eb439c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c7aed844f72e76efd10a2271195b827a |
| SHA1 | 9a26c6c4ab06af82fe7fd78d068f3ba86d822425 |
| SHA256 | 6b4d0d3f72e2d104cf4b05aff29b7ddb28d37a4e0ae9d2dae2656fe70e306c06 |
| SHA512 | 9fbef0908092c339ae60750fce9f541dceca8d860cc95a2bd717e4e9556222fe593924eb51c6efeac3ed3a37a642f724b63b33d14e1bb35c2bd2ab3f2412de2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d81598209856eb6b7b69194fbb3a4890 |
| SHA1 | 91ef1cab9a32958f2473a2e35d713a717012232d |
| SHA256 | e5219545863a2cdbbbeceb14d48711f31c3a15cb11c128f77abd3529341d9842 |
| SHA512 | f752d6a7de795d4d5ee826866ac8a08a98da14fef43eb37cf8982bc56b622cdcffe223d0ffafc49401f7c9822fa6c0264c39e80532930789221c080ced325186 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d397.TMP
| MD5 | 9627a43393075943b101790f0ff0390f |
| SHA1 | f16dc51834cea321f4004fe6addac9c6e08a0ec9 |
| SHA256 | c6d33e13decb0e2fe18c94b032106f6caf0f0e2175ee1f76538245284aeae033 |
| SHA512 | b0d74c3a023dd0552e5a85607460536af472fc92d88fd47faafebda590b963cd83aa54c599f4cae5bea70cd32aad6947ef87fc734283b2bcfcab68f46fa27d5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1814089f4828dc6c4ba212679f65b320 |
| SHA1 | 49f589882cbedfa620399072e3dc15b84e6e47ca |
| SHA256 | 73faa2dc98651997bb37e7ba3c99466b751d3a6086cb09ef882505c7346ca37a |
| SHA512 | 0db551e5f8edff2f66c9bbd6263501df40ecd5696fdfbd7d822ea098dd2e207bf6f812425e1382d7315a446b65dd7d288dcdda06af3b2135383ef94b3a2c19cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c348e61b2a7f7c854a26383f5705d874 |
| SHA1 | 7d09ec0ae635a8d855103bf2647e3d9ef9ed43d9 |
| SHA256 | 6fd5745ba7bee2b1d1e20c6e23a63a7b63c1b0a092c747be5fe754b3467243bc |
| SHA512 | 07c6cee4f2147df49721d777db73ca85377b9112311bfab9c21a1f215f9522e15684dbe396807a467540e23686d8a34721a838dd94584d2f7eb4388b9b57b402 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1df2147c7e6107ba33eaffcf39e8bc79 |
| SHA1 | 94c3405c0d516a04d2d92f5f2afb9d1db12d65fb |
| SHA256 | a9c79bb80a7337bf69db09540cabfbda056ecf5cd5582f3c753a09453081add1 |
| SHA512 | 130cd3b19584e01f4b94ea5733fb49adc82e93202e885072305d716738bdc11ad907c26b46192d845798c040a23a612d2cac954d7940fe1215b2c8de33c0fb23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ab9ba7ff4e17ab75eb13cb178adf0e6f |
| SHA1 | eb30cd12e80ba4f761db145af4a553ed18df49dd |
| SHA256 | 5c7bea0126ab9f2d753145e66ebc6ee3cc1f28a7b43f18421ee53416759b071a |
| SHA512 | 9077c856025a1af1d03eaaec5d64642117854cb1f2e0f1489c5f8a2b13327d5df9a47a00e9e699d0bba354027bcd2b4a43b6606faa37cc13c9c9fa68a76877b2 |