Analysis Overview
Threat Level: Known bad
The file https://plant-candied-tadpole.glitch.me/rekit.html#[email protected] was found to be: Known bad.
Malicious Activity Summary
Detected wetransfer phishing page
A potential corporate email address has been identified in the URL: [email protected]
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-03 14:30
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-03 14:30
Reported
2024-12-03 14:31
Platform
win10v2004-20241007-en
Max time kernel
61s
Max time network
62s
Command Line
Signatures
Detected wetransfer phishing page
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://plant-candied-tadpole.glitch.me/rekit.html#[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1a8146f8,0x7ffa1a814708,0x7ffa1a814718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,5839268538509667818,5856552795460102315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | plant-candied-tadpole.glitch.me | udp |
| US | 34.197.170.180:443 | plant-candied-tadpole.glitch.me | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.86:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 180.170.197.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | scrawny-hospital-melodic.on-fleek.app | udp |
| US | 172.67.73.189:443 | scrawny-hospital-melodic.on-fleek.app | tcp |
| US | 172.67.73.189:443 | scrawny-hospital-melodic.on-fleek.app | tcp |
| US | 8.8.8.8:53 | excel567.oss-ap-southeast-3.aliyuncs.com | udp |
| US | 8.8.8.8:53 | cdn.glitch.com | udp |
| IE | 13.224.68.8:443 | cdn.glitch.com | tcp |
| MY | 47.254.218.69:443 | excel567.oss-ap-southeast-3.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | 189.73.67.172.in-addr.arpa | udp |
| MY | 47.254.218.69:443 | excel567.oss-ap-southeast-3.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | cdn.glitch.me | udp |
| IE | 18.66.171.56:443 | cdn.glitch.me | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| GB | 172.217.169.10:443 | ajax.googleapis.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 8.68.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.218.254.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gepromul.com | udp |
| US | 192.185.96.78:443 | gepromul.com | tcp |
| US | 192.185.96.78:443 | gepromul.com | tcp |
| US | 8.8.8.8:53 | 78.96.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.180.14:443 | drive.google.com | tcp |
| GB | 142.250.180.14:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
\??\pipe\LOCAL\crashpad_4196_QTRYYXPXDTKBQKUC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e73fe030f18ce31a76648722ac09ec43 |
| SHA1 | be9b7cf8fbdc940e137bdae796c77ba804ad9595 |
| SHA256 | 4880ec7f5c89c1f6e0cf4a15a33df2dfef6ad1dad1a21480451bf87b0635d0df |
| SHA512 | 8e1f632743c05a3c8f0f5fb7511cf41247a1278b1560fd4b4f33bbfb0923b5b7992de0b186bb7ea2f2eb6a188362783ee62be482ffcb4e3bbbe0b657c893ec84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4084aea938efa6df32c2c7836ab7877e |
| SHA1 | 19982354cf711fad231a2da05427118427cc4c0a |
| SHA256 | d9d5cb30f651dc0a88183daf4b8ea517037812d29fdb93c273a6e4495b4a0fb8 |
| SHA512 | 0b113d592d587c251d3af1c9f24370a07a025d341d53c9f3311d0f3fec0698278b9c64f30db01f7851d2f2c0e0da0742970247eb4e9fec5ad6942ae0f3adfc07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ab0f9f6cdda81cbeb6a3d836be50c17 |
| SHA1 | 87f31e35936cddcee47f8e5bf1af1fb3a6d7e65e |
| SHA256 | 16fa6b9597d1095c2c944f3cc04bc244de3277af12049df9ef5701d23d99de3b |
| SHA512 | a85a2acf46fde6e27faf6f7781c83ffacec0715d4ca51764849962cdbe2f6a047f43212de954bcd48990782902909fd1a2dc093fadcf2ec5511e10b46b587a21 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cd126b915b80b1186086465c74bbf14d |
| SHA1 | 9ab48c184f2e8493f66c90f3f90e8e31d9cce539 |
| SHA256 | 9777d306bba2e430dee0eee02be2cad71cb3c602cad9267339c8e76aabb7bc31 |
| SHA512 | c3766438a4b311d26f71e6bdea33dabe002b38a92797e4895df0e30a756845e3f457200f227b72f50b4d0cd119c112a1e1fc345134517af97fac7c32141f6aa3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ca2f9314b0a1b48fd685a961abc0cb73 |
| SHA1 | c5fb7241ad7184eba50020d6c868d7bb698d4801 |
| SHA256 | a99ea6b7dc4450bc3ec15abaed86cf7ff182121580874e15f844b52f79f73159 |
| SHA512 | 42bc87152a548db274bc067986c8fd79b81c0b68eea50b91ef954fb32d75e14cba7a6fa95d02f701e241c6ca5a7b9b06bb161d0ecc4bfbb2013194818707f0cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 819b13723632b676eed5ce57a3328db7 |
| SHA1 | 56617257ae7905ab053ec88acfaecaf3e298dd7f |
| SHA256 | 09bd23cfaf10665e64c44f2bc57cdc91da2b34b1c826c089837008e0d506f434 |
| SHA512 | 02af393eacde85abfa3da05a16414f7d9589c5f08c3ed5dfb9e2c1490ff516c66c1e9e8245f8a2883a72aa22e961128b5d4924190a1d8e61dc35d79f384a1360 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e076008b0d242026e99cdb89b90f4ed3 |
| SHA1 | 87ed3409ccfccf3b23370dc4bb981208027f7ed8 |
| SHA256 | 824b58223a482e333ea633eee63738aabee543e2acfcab5b04edffd0451063ad |
| SHA512 | 13a6d5d3428c93477ceb6af14f501498611c861652e404a091bb0a1e8ab58f65872f9a76435424388bc3ae8669b0fb7347d65dcd598ad7885f0ffab9283cad20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24daf6f787b70da76f41a2654cc913b6 |
| SHA1 | d22fadd0c6d90f8b64a032f2bf4a69a69122102d |
| SHA256 | 5d51609a7f6e2797b9074a363244e6281bec1fd86d8ec2cb6be52311d3cd1a00 |
| SHA512 | 9c55dded7efa96688b8de30fc03ca6bbe039da254e020509197d921e946798773e6dad305b3781a8ca13d98971d22ac78372fd56c488e36714565b58cb80bb71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5884ac.TMP
| MD5 | a0f4bdaaa4abbbb1021dadcb9f8a90d3 |
| SHA1 | 30ec6ade35a6bd010be7ec070719e198dfd7f482 |
| SHA256 | 4bfdb56a4a3e317dcaae6cabdf5b3bf3006f595d5d869bf6897219d35cac9d4f |
| SHA512 | 50319156b94985aa0894f83799a288579359275f7741646621327091c1fba72f1f1a7cfd1ba2309f84ba8f2d37f45f1ef2122d21fffa2a2d2184ee59cdc56fc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2f8fb19f18c35a2b46b9ddf0eefd263f |
| SHA1 | 9ea159b3ce88281b342ba189b626c12b02195af7 |
| SHA256 | 9c7113c9a9977d4c94f9436959b3b0105fe8d6bce4bb23f43cb6161818da7fb6 |
| SHA512 | fdceda6bf5d2520db2f8505c9584cfddd5942dc76c40114bdcca341a6c5d6dabcfc0da849eaaeedecbc1ec1f7cf120b4e7b7aef78ba5275b7109095e01373868 |