Malware Analysis Report

2024-10-10 12:52

Sample ID 240602-n7bfhaca9x
Target AIO checker 2024.exe
SHA256 28fd7c5f8ab145889653beee671957a07696794f4b0ac7343d5c25e43f66042b
Tags
dcrat evasion infostealer rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

28fd7c5f8ab145889653beee671957a07696794f4b0ac7343d5c25e43f66042b

Threat Level: Known bad

The file AIO checker 2024.exe was found to be: Known bad.

Malicious Activity Summary

dcrat evasion infostealer rat spyware stealer trojan

UAC bypass

DcRat

DCRat payload

Loads dropped DLL

Drops startup file

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Checks whether UAC is enabled

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

System policy modification

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 12:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 12:01

Reported

2024-06-02 12:06

Platform

win7-20240215-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe"

Signatures

DcRat

rat infostealer dcrat

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

DCRat payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system32.exe C:\Users\Admin\AppData\Roaming\ms_tool.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system32.exe C:\Users\Admin\AppData\Roaming\ms_tool.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\ms_tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2208 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_tool.exe
PID 2208 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_tool.exe
PID 2208 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_tool.exe
PID 2208 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_tool.exe
PID 2208 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_updater.exe
PID 2208 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_updater.exe
PID 2208 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_updater.exe
PID 2208 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_updater.exe
PID 1116 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe C:\Windows\system32\cmd.exe
PID 1116 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe C:\Windows\system32\cmd.exe
PID 1116 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe C:\Windows\system32\cmd.exe
PID 1792 wrote to memory of 1340 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\w32tm.exe
PID 1792 wrote to memory of 1340 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\w32tm.exe
PID 1792 wrote to memory of 1340 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\w32tm.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe

"C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe"

C:\Users\Admin\AppData\Roaming\ms_tool.exe

"C:\Users\Admin\AppData\Roaming\ms_tool.exe"

C:\Users\Admin\AppData\Roaming\ms_updater.exe

"C:\Users\Admin\AppData\Roaming\ms_updater.exe"

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zmzgeEglwU.bat" "

C:\Windows\system32\w32tm.exe

w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 pastebin.com udp
US 172.67.19.24:443 pastebin.com tcp
US 8.8.8.8:53 355212cm.nyashnyash.top udp
US 104.21.3.45:80 355212cm.nyashnyash.top tcp
US 104.21.3.45:80 355212cm.nyashnyash.top tcp

Files

memory/2208-4-0x0000000000070000-0x0000000000071000-memory.dmp

memory/2208-5-0x00000000012D0000-0x0000000002733000-memory.dmp

memory/2208-9-0x00000000012D0000-0x0000000002733000-memory.dmp

memory/2208-8-0x0000000001483000-0x0000000001A8E000-memory.dmp

memory/2208-2-0x0000000000070000-0x0000000000071000-memory.dmp

memory/2208-0-0x0000000000070000-0x0000000000071000-memory.dmp

memory/2208-10-0x00000000012D0000-0x0000000002733000-memory.dmp

C:\Users\Admin\AppData\Roaming\ms_tool.exe

MD5 f8701952b62a7e52652271a20b824128
SHA1 82292b1cd54afa277116b42f4b1c43c8933478f0
SHA256 5b0b886143ffe9f5c5750c9b171656783668b655e559ea95d002a265586e3413
SHA512 5acde46db767cf11ea5183007542fd67e1512ccfbcc37efdec685e2db369840a767981b0996dbace0f40602ada0a5c0aed39019ce06590151cd59f0dfa5d68e5

\Users\Admin\AppData\Roaming\ms_updater.exe

MD5 a60d266939450562f1db04d3378e730c
SHA1 af0177186223694a87333307d05f634de0415d7f
SHA256 0f9aec1487ae1456ef99fb0e7ed49ccf3d76fb642efaa95c7551298bec2b860b
SHA512 0ca1b23dc1e83df78f95972e72b2342ffb5cbc195388e9011d24fb85b7dabe74605a9860e68bd70818ff475ee9a880d1f137036b41030b0bebb16c7823704b44

memory/2252-26-0x0000000000910000-0x0000000000918000-memory.dmp

memory/1116-27-0x0000000000F70000-0x00000000010EA000-memory.dmp

memory/2208-28-0x00000000012D0000-0x0000000002733000-memory.dmp

memory/2208-30-0x0000000001483000-0x0000000001A8E000-memory.dmp

memory/1116-31-0x0000000000390000-0x00000000003AC000-memory.dmp

memory/1116-33-0x0000000000180000-0x0000000000190000-memory.dmp

memory/1116-32-0x00000000003B0000-0x00000000003C6000-memory.dmp

memory/1116-34-0x00000000003D0000-0x00000000003DA000-memory.dmp

memory/1116-35-0x0000000000560000-0x000000000056C000-memory.dmp

memory/1116-37-0x0000000000580000-0x000000000058E000-memory.dmp

memory/1116-38-0x00000000005A0000-0x00000000005AC000-memory.dmp

memory/1116-36-0x0000000000570000-0x000000000057C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zmzgeEglwU.bat

MD5 ee79c3ac3beaa8a040e386a284baa5a8
SHA1 3a6618a7056291cd843018d8d244cec901f09003
SHA256 60b93dbd8226fead00f188c5e95fb8faf115a28706cdb504c6a5ca0ff785e823
SHA512 b2ecf17d8e812f271b2c13467607f2da22e3586ddb57f832fb7e6faa96f67445f2112f0cc3dc31abdecbb2541d1e74b9ea27bf4a4d5a3299ce63e63b20cde669

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 12:01

Reported

2024-06-02 12:06

Platform

win10v2004-20240426-en

Max time kernel

146s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe"

Signatures

DcRat

rat infostealer dcrat

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

DCRat payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system32.exe C:\Users\Admin\AppData\Roaming\ms_tool.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system32.exe C:\Users\Admin\AppData\Roaming\ms_tool.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\ms_tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{0C629130-45D5-40D5-8286-A6F817B75D95} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\helppane.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\helppane.exe N/A
N/A N/A C:\Windows\helppane.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4116 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_tool.exe
PID 4116 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_tool.exe
PID 4116 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_updater.exe
PID 4116 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe C:\Users\Admin\AppData\Roaming\ms_updater.exe
PID 3860 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe C:\Windows\system32\cmd.exe
PID 3860 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Roaming\ms_updater.exe C:\Windows\system32\cmd.exe
PID 1716 wrote to memory of 4936 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\w32tm.exe
PID 1716 wrote to memory of 4936 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\w32tm.exe
PID 4868 wrote to memory of 372 N/A C:\Windows\helppane.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 372 N/A C:\Windows\helppane.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 4888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 372 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Roaming\ms_updater.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe

"C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe"

C:\Users\Admin\AppData\Roaming\ms_tool.exe

"C:\Users\Admin\AppData\Roaming\ms_tool.exe"

C:\Users\Admin\AppData\Roaming\ms_updater.exe

"C:\Users\Admin\AppData\Roaming\ms_updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqgYfIt5MQ.bat" "

C:\Windows\system32\w32tm.exe

w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2

C:\Windows\helppane.exe

C:\Windows\helppane.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc31e346f8,0x7ffc31e34708,0x7ffc31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc31e346f8,0x7ffc31e34708,0x7ffc31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 172.67.19.24:443 pastebin.com tcp
US 8.8.8.8:53 355212cm.nyashnyash.top udp
US 104.21.3.45:80 355212cm.nyashnyash.top tcp
US 104.21.3.45:80 355212cm.nyashnyash.top tcp
US 8.8.8.8:53 24.19.67.172.in-addr.arpa udp
US 8.8.8.8:53 45.3.21.104.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.194:443 th.bing.com tcp
NL 23.62.61.155:443 th.bing.com tcp
NL 23.62.61.155:443 th.bing.com tcp
NL 23.62.61.194:443 th.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.155:443 th.bing.com tcp
NL 23.62.61.155:443 th.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
NL 23.62.61.155:443 th.bing.com udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 112.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp

Files

memory/4116-2-0x0000000001163000-0x000000000176E000-memory.dmp

memory/4116-0-0x0000000002810000-0x0000000002811000-memory.dmp

memory/4116-1-0x0000000000FB0000-0x0000000002413000-memory.dmp

memory/4116-5-0x0000000000FB0000-0x0000000002413000-memory.dmp

C:\Users\Admin\AppData\Roaming\ms_tool.exe

MD5 f8701952b62a7e52652271a20b824128
SHA1 82292b1cd54afa277116b42f4b1c43c8933478f0
SHA256 5b0b886143ffe9f5c5750c9b171656783668b655e559ea95d002a265586e3413
SHA512 5acde46db767cf11ea5183007542fd67e1512ccfbcc37efdec685e2db369840a767981b0996dbace0f40602ada0a5c0aed39019ce06590151cd59f0dfa5d68e5

C:\Users\Admin\AppData\Roaming\ms_updater.exe

MD5 a60d266939450562f1db04d3378e730c
SHA1 af0177186223694a87333307d05f634de0415d7f
SHA256 0f9aec1487ae1456ef99fb0e7ed49ccf3d76fb642efaa95c7551298bec2b860b
SHA512 0ca1b23dc1e83df78f95972e72b2342ffb5cbc195388e9011d24fb85b7dabe74605a9860e68bd70818ff475ee9a880d1f137036b41030b0bebb16c7823704b44

memory/3392-29-0x000001F9A62C0000-0x000001F9A62C8000-memory.dmp

memory/3860-31-0x00000000005F0000-0x000000000076A000-memory.dmp

memory/3392-25-0x00007FFC36343000-0x00007FFC36345000-memory.dmp

memory/4116-33-0x0000000000FB0000-0x0000000002413000-memory.dmp

memory/3860-32-0x00007FFC36340000-0x00007FFC36E01000-memory.dmp

memory/4116-34-0x0000000001163000-0x000000000176E000-memory.dmp

memory/3860-35-0x000000001B280000-0x000000001B29C000-memory.dmp

memory/3860-38-0x0000000002830000-0x0000000002840000-memory.dmp

memory/3860-39-0x000000001B2C0000-0x000000001B2CA000-memory.dmp

memory/3860-40-0x000000001B2D0000-0x000000001B2DC000-memory.dmp

memory/3860-37-0x000000001B2A0000-0x000000001B2B6000-memory.dmp

memory/3860-36-0x000000001B920000-0x000000001B970000-memory.dmp

memory/3860-41-0x000000001B2E0000-0x000000001B2EC000-memory.dmp

memory/3860-43-0x000000001B300000-0x000000001B30C000-memory.dmp

memory/3860-42-0x000000001B2F0000-0x000000001B2FE000-memory.dmp

memory/3860-89-0x00007FFC36340000-0x00007FFC36E01000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\KqgYfIt5MQ.bat

MD5 879c03b847dd7446b5a70dbc043ca3c1
SHA1 b73bd5710e91e0ff7b7e720cacafd511facff832
SHA256 c0e5c1efdf3759b1be299a22b06b50fffca882cffee25747a22600e260f83290
SHA512 11f51b445589df1288a252f45e64aaf1b1c3cb8716bd6b3939256952027aa2f3b94b66148e30c3ff6c293932dc26f83d92892d90ea16588f85fff24df777d351

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_372_JXGVMFRCICTQTPVA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e84a55cfb614d2e7490b3981295e0192
SHA1 49329d2b3ca36374a505f9b64682c3d4c62d7def
SHA256 2ef980f6aa3c5c45af5e7c250f83a9ffb2bb41e236cd9e93dd1274a1dc7670b9
SHA512 27b855c6f8e8e15cbd05085fc0af20679252739a659ea932e536d6e933dfe2016f56080130e00ee73c01d973735f915bcd31f6580e59d1a635014426d341be25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e12c45a58a53b75da06a913630f9450b
SHA1 8253747112dec130aa3d14fa34f340d59d9f1639
SHA256 8f92c4d9859cd626324366b1d3e2ca89001232986e9890fc9d4da200d414bf96
SHA512 38f98c8439dee68a3817bc01ff024bf3a5b680c33c5a80988d403374d1451f4974af3cd231a28044cc3a067cff42c96db83dac9b1e70ffc0973a9d9b3ad3b55a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5901d6f5a0d081df9047a52d5d078e00
SHA1 d6c9338fb1c51e29e019cb76ffd4c12d066573f9
SHA256 671797aa1a153948437ba42a33643826d2202db4449d57a8176600da5f51b638
SHA512 9a10afa002e2b25e1cf9d5e99cbf9400a914980cc3e1eb584721fc02509141b370c58d5679a1d3e925595b824e325d9b731762ba98dc3e11e0986fc01fb2b53f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed1475bac3c94b327b8d29d6dff45b7d
SHA1 927a916cf6f299d0855f00bc5f92376329baec24
SHA256 1f737cc27c547301d99b5f7f58aac5b65a49c84516b9aa60666447bf2e5856ca
SHA512 43117f18a0adbae1256321ad06588b2f6588e13135b74590bae757827ef1e0e80884d134253e67aa8c202df9ff6c9c349a3cb237d30ed0e8d4406ebc4d5406b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0c2e258e4f9d769b353bb8953b93d3ca
SHA1 34d7000d955379f72e12759513575ecdf610a149
SHA256 b654ea68d6ca7744a5aec1718f4a588e3aca3367b5ee158699ea522a44566b1b
SHA512 a5b6a455b9f9c81e8eb229a977e3dbe4a84fcf81921c1fac0080c0e208e1783e0186152307caf65bf36db976faec608f10ada8a1b18387637118d2ac7db973d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ddb853b7697db9541edca96c613ee2e7
SHA1 ff55b9e47b5163c3b85ece139f96f3f94979ed54
SHA256 1c84bcb67ccef5e0d47438167b7b40b8b2fa5f0d75997b847e960a73d529f428
SHA512 fecf84da84b86e1d544f1b019c9696aa9ab97bc1e2a5002d1f71b3b22871cc4651b8a2c5339388015237aabb06fa801be1d13a3ca0ce171e0cb99b9826925bcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 c5a39786ff1590f7ba18e46c9203d70c
SHA1 770de33104281b15b42c089b95c2fe9244344367
SHA256 5b615137500fc9b3372c1d8f22b1fc42db52569d02af5c5beb954e32013c4f5d
SHA512 88469e769495ce11c4443aac922b2b4d38ee015470132bdcbfd42937057b2f9183724748dfbf6b4a3446568532cd130ecf61d1fe9edc08156c75766f8896a680

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 bef9ec365b438199b81c02fbbfc99372
SHA1 bc541acade345e4d4d4ebcaeb78fb6fd7f8999dc
SHA256 f169968530197b3e741d1e17e1a9739a56dff9f7b84bbe58ebb12333796b9b73
SHA512 0a90db619a74b44e02e094528a8de715391078d326a561da89d6db661bbe97a5b037e5e66193f632417c4415d7c0eb643a1dbccb8a1d96028b768daa9cf3b882

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361803508593481

MD5 90a23332f83b0f6561b962c5b7ef746e
SHA1 2859669a947ceb71337eba3dd0c45a2cf72dce76
SHA256 039604e5cb5595d26e0e92f4bc6ab2e72e7962cfa30fb7056654ad335bf531ef
SHA512 90fe7e584abc14c057d573bb95ca3af09cc9c0e17e0930a3472494a9756cfe848681ee95dba4897be4cc676eae3050683f4c472f582ec12ed54cb6850f9494d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 8e0714ce3393597884b2848f176268f5
SHA1 c3e0fda89261f73329031fdb007d236c5d10c066
SHA256 214a2e14b73687063882a13f8d536cd6210266e1b37c27adf61676705ae813bc
SHA512 8226773bcf057065a91540b6a93d92a10539cbc906fb83b3c616e193938c0451820fdffa45df28c105b5430c63fa86c49f614d9f5d2ac5be4432e226ef34f40b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 b5b2d3d8463ccbcb296518f9e8c3662f
SHA1 93cbab2dc0bc5fe573376c31a05e941e4de2c446
SHA256 6510cea5e87cff10548fbe53172e2bd9d0bfceb42e283a1e045a204a0879445e
SHA512 f1565a9e81fd0fe792a8d7bf211e34c693cbb655e603c335bc570c53b0219f66934db2109cd595fe4dfb99c5a0b65b939aaf740054520ae3a089afa2aa1f722f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fc403bc54f7521ef762822e0571ec3ec
SHA1 fcf5916855a7cc0139d8e13488e43971a4f9f196
SHA256 dfb36ea693437ce5abfe919842003ec2fafde1e61b5c8d4c51423bce4b839392
SHA512 0427e479e9026f215e4a77b389b6951743f1cd2e0c45cf7d0947857ff1f060e9eb6f66a4e687b00d54b5c1a390a53776456dac173414650cefadd527bc8fc7f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 bd3683ccbb9dd8d9c843e6060a401829
SHA1 5091a347c8b05e5042209810c35f9170d9df2b07
SHA256 40ce0d6991586c7acf5047287b57e467efb4299cb4f7c2d6dcdde25e17c5e32e
SHA512 a816b38e15874263c9f422cb44eecb3fc0a14c08366873058a290ac1ca1dba28fc5b85f1a43b574c8d37ff40c9cf921eaf0cc657e02836a9e0e81e9ffc9702e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 ff940e197f604059e208acfea2676e82
SHA1 40e994e9a098c4e9ada882a7e3e7287e49302a54
SHA256 3b61a71ca173e56cc703ebbfb4af87c8a3e69c6f46a04485ed4c343ee609ee22
SHA512 718ccca4ff958adffabc492a43480f35a73c1b7bcd5d88eea0db35c3156bc4a81e725359027f1fe906f72fab8cf2d62fb4fbb0407445a6c6d1de54584e22b9ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 73c678ab56429e735c252517adc46bbf
SHA1 0e71de1d69fee8570425791107f629da07b1b9df
SHA256 9b10bb609792d463558e6b7ce4aee9e02b18b4533254f172c0ec6661af50157f
SHA512 66cf48dd4d52c4146e7e5d8dfe0e1b50da6eca5d29fa08ede92e047accad937bbbe755456b65f82300d23997563bb6500a53b8f2990dede591e2171f2bb198ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 06f658d0a65f9f9d9fe56066de889ac6
SHA1 9fe94db8379629feeaf274571aec35714289686e
SHA256 065cd1487db05ab0ff0e4e99c3477fdf1c27457781f7425e55aa454fbb488374
SHA512 62779d1818718ec0598b866c15afa60c48f981f2010dfb4df46c6a58ca08cfdb6e50446e90c77bc6700aff39b1b38c22b2631461f90fa8d10d6fc921ec73561b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 f4f790dc210d57df4d46b5ccb1fe5dac
SHA1 b3043d61c23c0c1a63febc9ae71ea207b27cb9f5
SHA256 93dc3f403758a5755d0fcef8b3c52086ab26538847ea29c3f23faa5c69bbb4c6
SHA512 439e7e23451d79bddd1b1bd4b3de22917ef3fccc7e56cf419c885c3a222f51baaa09e5b8c1a04b4f0785924d843f1f3bf90b47a3fb1d3018d1597e8c40422644

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 b1235bb504a4caa78ac7e3b004d78cce
SHA1 8c77075da5d266900813ac09a58a493f94120407
SHA256 fc3193b1fde36c3ca751c400a883508501201ea8361512b9d54ac5cacf6014e4
SHA512 66bc2443b8c26da6530adcd45b9862122fe5c749117c26e4bd9a088503698aded7d9b9c4120124577f2de40642aa9bc263df6c6c49db4f844600dee6b77dc0c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 a48763b50473dbd0a0922258703d673e
SHA1 5a3572629bcdf5586d79823b6ddbf3d9736aa251
SHA256 9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd
SHA512 536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 ae63ac3a92ab1f9a5d0a29b509e90932
SHA1 21a8b2729fd054784a781260d97b619fccb4fcfd
SHA256 2b6363a0752d0fc49bdf3239359576d3645b7a55aaab61d4d1ef6dcb48c0cce3
SHA512 1d63372ed53b49de4c720c0499a7ecbb459bd869b2b5d6bba6077bd754c194afddb23686f6b344c30e040d9dd2e655953a6786ddcc65a020dfedf7586bdbe44c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 094e8c5488ae004852cbf94448d0236f
SHA1 8171ccbaf4c09ab3be136d49033bec8a2b16b5d8
SHA256 fd93a67b28944780c56ed145619d5ca349f42411096a648cd7d9fa3722e2a4f9
SHA512 f6ce7498bf305ed9875feb56716d0b9c955cc9687c5ec9c94d978e7c5ce206107513fb0dae964d3150dd3365dad8023cbd177f17fdeca9e34147a7192b8fe1d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 a2afffe48f877b1c872bf8076de4bd00
SHA1 882095dddbef5a3962c4db4d8d0317e2a68b2f7c
SHA256 5af34bd24ce1bea419e56ef23bb0bc6ba0eea2e523e68659e444ae59dc5173b5
SHA512 1f0464335c11d0dc312b811416056fdf17f5129371ae5282469f72363ef683eac58cf3f88cd36becbb119a26f5c8afe9dbbebff690cc8d9d714daeb4e19dbf15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 1e4185d150664bc81dc2946e84878ec5
SHA1 aacaf19d90e73fa349641b39d86cc006e1f62571
SHA256 eb347f2893efc5e03d937ca2fd87afeea54b185cea67b82e9a3474a1b485b070
SHA512 be1c98ad24bdb78a7e7e225c2cc4d12dd7ff44468947c1e64f59f41f255d774fab9214598426fa5a14d58ad6a1dc1540bc42e990d6f7a4f59b8db08a4e659624

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 2604f356737cb5bd2f13ee2a78d230c6
SHA1 adb979878bad0ef5b09106ed4c8dd01dc7b07523
SHA256 b8cbdd779c7421b4caa4a2ad55c815ac4ba4ef008b412c588422639c24a6717b
SHA512 079d659a9a0f690ff575a0fa569e98c8543ccd5021f9b17647a27c736b88c7124948b75bdfe802cf4ef7165cac3f7fff7540e5e640af31081a7f336f4ab21299

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 4eb89fb860ca9f9b0a221a401d275b48
SHA1 8d798154dc8c0edd2a90c6d78bfbfff2721a7567
SHA256 f57c17a470a6597832d7ed591a0d038875968174c1b8db91ed2a603a8b8a6b38
SHA512 a01a4350aad6a16d878637bb703b85e4a2ab34eaeb1f2f226f21b8475336e01a5004e6142afc56e6a6f78299150b21db36a88620dcd44954c91e843760779239

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c3e8b62b2f892253a4d6c4e2ef421dfd
SHA1 5e6a301c56e403e05124db954d6d49e8c9211ae5
SHA256 c270b18527d1aa5fc2f79ab793360c00c3d909f320b0852c33ad5d23c02124a4
SHA512 7f5816934a275054cd4d23675ac07574d486525d99444b5657c7a70ac3a4ef7fde4f5c67add122f319213afecb6d2181d10e703abdeaf73495a0f5d556ff587a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 98c0bf5b97463f140ec186a58eb20ced
SHA1 969e78b037618475f48c9093313de6a6bbe6b53b
SHA256 f43ed5033c1b75512dffe5caaeb02ccdf6a53d6acdde1420d72b7f54108ea977
SHA512 3385c3ea531a2d43a3a5abe699a02633747d995f3b1b4a08446b197fae7d5ff3373e79abec21aa02b9cd0838ed09e8414a66939beea33ce05dd10702a829063a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a62d3a19ae8455b16223d3ead5300936
SHA1 c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256 c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512 f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 4dd01eef021bb40623385831166fef66
SHA1 b9627e9826458270d138b0bd47b2c1653f64f75f
SHA256 ff246c05d2b414e82a9d5fbb76047befe27b142c7f0647a8a7c6fda57401a436
SHA512 885ccd3d11f1af4459a4b14d44e27c611b22813c7fb52f268039ad7dba34bb5d29442e48cc496ad25a14bc05c71fd1dd0c0cd65187554ad40cdefc691afa6b0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 617ec86c207990856dc073262b6103ed
SHA1 c65b3a05d27e1997d62e4fa5cd0ba94817f4e98a
SHA256 6bd1711d96ab8676fc0947da0326417ee435e72927adcaa0220a243adb8a5927
SHA512 a0c8f14a4ea50b9acebf70edbabd4fa10d3a4e76ebf7e0be8fc036815ae865376be85c4bc7771227d5ed98666aece0c0ab3553108581bd710c2d9e39f43f7a95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 dd7d93276af9c7d3e3488572ce67e1cf
SHA1 cd57dbb5fadf9ce4b87598487cbec014489ef3c7
SHA256 db784b2aae8537f745524a324d58235315cd0d6f44dfe55fa692b73c8e9a9a6c
SHA512 97bd0568e57c658eb42db17696b96c2b1be2e3d084465e8236c04cd1280b98614ed3ecee16e2d31ee2d797167697db5b2efffcd71b87a681705227eac403410d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 5fca1ffb1d811e3a73bbafe3313da5b9
SHA1 4f8934e8cc2910b4366b8d974229fd794cf2d574
SHA256 cde3d21ff6c9d954349f85dbe89e76f3efa8ddf648c25489ced3e7bcba7205f7
SHA512 c8ab0095b45d603f282611b301107fee6131f7f15d8051656b098e7c521df9b08e08b303d00864abb96c43ec31dbad84e44b4653e8471f255829b750554532e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

MD5 91ab23fa2e12e0c6d2a675362b67e5fd
SHA1 5524848dbb7e284897348477f454d403424c805b
SHA256 262cf8dbd67d0bdf8f741373de854f92c0f70c383fc4c35cd191b0d512cfbd0c
SHA512 9ecd103f6afc185cbdc89afe7fec569f8a9cc5114c91f4fb44746ef1945b6d84bfeff7f53b28312390b5f9e7ce848c82d06924d8cb8acc3e828ae501805261de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

MD5 b479d0c6f429d3a13c00847dbc56fa40
SHA1 3e6005d70416a55e730394855c4d97f6fca7f69f
SHA256 479d3fa5b002c4f2271ecaa7d5f475e6f2ff65e713ae6172800c60252d0db8fb
SHA512 fb59a26d276a92a0513cc199e87d5bc8eef6b65f89f5e864ccbf2e5513efaa1bef362c76c1cbf923a5d96be2f3531dbf8bc58628ab1f97e5a751bd0c124848c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

MD5 f5515436a4be224bf48a15473ac65134
SHA1 71982f82655ebac55d6d639405dcbbb0cdaad921
SHA256 f35a6f327fb99b2cabce3d11777e045943f1dc03d58251f9801cb29faa1225e2
SHA512 e2c6af63fa2a20711745de0cbd671751acc87267a1e8534e8bef1ed81cff941f12c463167625b02e467e0766605b2c7365594cc497f3b3744cc1ee032d8ed963

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

MD5 4905fb3bbe0f03694333850029026ab1
SHA1 efaf8d508bd483145f8aa93b7be0d6400a8d45eb
SHA256 e2fe949f1a0cb212a9b6b0cc73ac72fdda5b21b6b21d75d355f3ae8bcb407e9e
SHA512 6377d4eb4ce1ce99f32a6a18f089e0c2bce230fa98ad5855b08d60757defe1fe7aaef59f515e16310875ef0b17faaa2e7aa2a168e0526808f82b8305370b60e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

MD5 2970f91a2131c8ea581a746d3aeb52e9
SHA1 0ccf977d08808e3d73aec0240ef5f9af6a52fb14
SHA256 7251c74c77db5045d87a7ccd9ff613bf0da824b9da2a173378a5ac6100562134
SHA512 4d6a8fdae5b29e4b72bf023c86793037b0c6a237aae901b5ad4f25812896f569850f4bf73dacc10747f61a23225de8a6b62bafe31eb8c214f7cb0ad9fd04cd6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

MD5 d22cb8682c6c279a568ed39bdc634f0f
SHA1 677360e899085b1fe7af0098575842261a6d854a
SHA256 78b575d52c9342adcc7b89ee8545e0577169b0d520a9924c7d53bc3587b240e0
SHA512 2ad0f705556abae3edb620d4370c1e72c749935d6ec079a10272ba2cbfe42d06a67f6fa1c3d80755aef9419391f701e98d479e946708e26980497f438b154ce8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

MD5 507e84952813ee5c7b57489b277d2082
SHA1 3bc9052a4b23bbce030f8f9f48646461fa88c106
SHA256 0b7d5c2bd00d3eea03c36a6b1c072a307debfe892010c78c11cea5138d8eba07
SHA512 6ee8e67f81fda20d1a0aaabd9fde522981589210e4569476c23aa973b12ea16348041b7166efbded04cf71dbaf76e7284fe5b72db715d8cd77e43abec8b8ac06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 9e13d629d959fec51d437a00e92e0848
SHA1 02a712cac26804f0cb51d14e3fd96e4f7a881c22
SHA256 b12709ded8d10a0096220e0800c91d47e04803804b4fe4438392876d1dbd8137
SHA512 40bb712b5124a0d8a1d9d1afe846c00945975887a66fb7c11c808a047d719c9cad1c034bf1613906c907f5c840cebdaf77a004bbf8883c37bcafb513a5956191

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 de03dd5a40ddb078e6387e118134b88e
SHA1 97c940fe275a48b56e3329ea9e56432e99c80ed7
SHA256 002a437e97ecd19fdddd8d44ac2e21ea07bfacb28c40a5c147708a0b61f086a8
SHA512 7d3f704ec66cdf1c5406d43703ed4a773fcd35a00053e9f759da1f44e4b10bffa007176c096ce839f2845fe9e1fa27569e1b8244801663542ff7672a50708c61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

MD5 74e37750d46e5aa6a9583c46842fd72d
SHA1 744022d3ec87466c6cc04982777c1a72218b8627
SHA256 35f50efeee3ddfb13075c2b35293128ce66481977103b41a1e43f67725d8e64e
SHA512 e7b6d4a26531d67b8a7415a7f883777c0dd0e5acb6a5879161afd2beb5328d50eaa30c5af1bdd95214f81cbf23fe27b765cec345ceeee6ecff381eaa42d06886

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 a3f4d53fc9631ea23ebec2d36e7dcc65
SHA1 124e3233cc724ebe896356911def8cf12b7b975c
SHA256 318491004253c396c418a77dafb13c20e265b732f0f427b573c2045ed59071a5
SHA512 cb51c00e02c8bf6fb8f9b072ad7e20efd870aa5544911509a96a47b999180c9beeed52c664cbcf7600f6e764889bfd4a4db58a5b4f704c92b3596daf24a1d77f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 1a5485adf7f0a5bd395198952854315f
SHA1 a92178ecd4d37618134cad32e97e825042cf4907
SHA256 e751b9e40a18d6bc4659a954f79873b8c3716c5419c8360aa320ac95507dc214
SHA512 31b232e28ed83d5e589328aebc99133ea5b572c45141ff3611fe6531e8f252585cd67f2188ac5858a1640d7c34db4e4205318f7ebaf3cb19447f771e9049f37d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4d2cdfff5f83430_0

MD5 6a5c0c4cc94fe6dfd7c46eb7b43e6689
SHA1 9e2d7be4a03aaea848f36be86fc11a7b86743ef5
SHA256 178b75ce4061808b631fbbf4da3f55b01a54a561b50dc02acb6a58fdc843807a
SHA512 a3a67220574d36b7f39b78c1196a62968b0f4839bad7ff82076d54f441e43f34904cfbbf7337676b9945e5029df25cbd84aa03324f35addb380e8f5864498322

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 5daa4ea518f05f1b174e7cfc5f4ce161
SHA1 87414a8565b2863c519c27ec5e8dc3ca37336545
SHA256 bf961bd22239c8db046cceb1be178353f481888c4f4cade9b464735758468269
SHA512 d5a8563f3c377cdcfa2218edd19d23ad3997b832573f92c0633e09d8d2aad1d8c625576f46a4a5bf6a63fe945472fb7f4264504f18545bdb75dc08d6a8a852cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 aac57f6f587f163486628b8860aa3637
SHA1 b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA256 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA512 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 969a5697b3bf3d85fbb9262c9fd274a1
SHA1 1fe3228677f67b2ce828cc7bf1e67e4ac538e90d
SHA256 ab65490aa4253ea53a6121285baca3f02d9a1a08ba6363d9527add16ded0f77a
SHA512 6415701d2781109b060ce1d9f9c16fb90901eb4412a48af6fd552b78185609e93e7b62737e281d9bc0c0d759c3896e3946c71fa434af7b6a17ad5fe1974d9775

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a452e069c43cde8adc717f9885a5f7f3
SHA1 523bf8387d16f739270f721652e9a7ae52fab657
SHA256 c460a38c7336c8b449f4fb79afb44e4b55a264e89ef0704e5a1b01ea9f90b2ae
SHA512 0deded592ce0ea40d87120a79baac00aeeb856db8967ffd74c7ceca0ab9b0605238eb2e0fd987911ac210da1ee51d29c44afef800f3ee39845e5defe0c4f16cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0ad1e2644c0a9cfb917406d01cbe94a0
SHA1 3bb6baecbce7f14ff1b0b275d6e4995e58294258
SHA256 8cc22089295edd6bd8fb997e4803b3a172e964c67887fbb9320b954518f9f751
SHA512 0b5516ecfbf97c0308e3968215a70c67600c73b8314f5e58b239a9df00d0f904f6cfa61d38ed6fee41e0899586277b93cd7ad3be74f5b81b9cbbc710843f6fe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2d9efb3f0d4f7a39c57c220a81b54905
SHA1 c70aad152ef349e4fc8cfd400824d55f3fe427a9
SHA256 732f2d8fbc2748e13d0b4f470249a5fc1a74807d9d82f8efb255034da95a2dac
SHA512 bc55d2f3ab615d90d0a4de2403c9ad2915181b1ac44b8831e7cd121a3a96a974d0591107dab904b09fd9516e073db2d62a0a308007d6e1b217ff25d9cc2628f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a9d43e856eddcd700d7029335009115c
SHA1 4c0cd8ab4f534e3edb40520bec2f55dfb96df16d
SHA256 779359a50b8d1db7616b816a441746a21ea93a8c0defa95010970189c6bdd58a
SHA512 071430af35e6829d06b37357ef3aea4d93195cab6f80faed332180653c54ed73009c3fea151f906f9a8f7e966d199fdb4029d8988358e18a4290af648af180dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 707a5d65ff297f686dad535680535ac3
SHA1 d8874ae927a7986a2d2c4850bd576c696bd8e372
SHA256 dc4dca96e7286b197a97c14cdd3ca6e8900c1b3c7a2cf5b4d87b7d4eee68dc9e
SHA512 abe6bd7d3a0be318467ab23bb885cf3f58ede6392f299fa349f4fd03766fa17002adfae8c7931309d9b9d3c6a72d14349f5ef9ea357983aaf510fbe482feb242