Malware Analysis Report

2024-10-23 21:01

Sample ID 240613-v29jnsxcqh
Target http://www.twth.org
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file http://www.twth.org was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 17:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 17:30

Reported

2024-06-13 17:31

Platform

win10v2004-20240611-en

Max time kernel

45s

Max time network

49s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.twth.org

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3256 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.twth.org

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe103746f8,0x7ffe10374708,0x7ffe10374718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2228,17073448083114875527,12351834568570438969,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4876 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x244 0x2f4

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.twth.org udp
US 35.190.0.130:80 www.twth.org tcp
US 35.190.0.130:80 www.twth.org tcp
US 8.8.8.8:53 www.thewaytohappiness.org udp
US 35.186.223.223:443 www.thewaytohappiness.org tcp
US 35.186.223.223:443 www.thewaytohappiness.org udp
US 8.8.8.8:53 files.ondemandhosting.info udp
US 8.8.8.8:53 tr.standardadmin.org udp
US 8.8.8.8:53 live.realtimewebstats.com udp
US 35.201.127.87:443 tr.standardadmin.org tcp
US 35.201.127.87:443 tr.standardadmin.org tcp
US 35.201.127.87:443 tr.standardadmin.org tcp
US 35.201.127.87:443 tr.standardadmin.org tcp
US 35.201.127.87:443 tr.standardadmin.org tcp
US 35.201.127.87:443 tr.standardadmin.org tcp
US 35.201.127.87:443 tr.standardadmin.org tcp
US 104.16.224.240:443 live.realtimewebstats.com tcp
US 8.8.8.8:53 130.0.190.35.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 223.223.186.35.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
US 35.201.127.87:443 tr.standardadmin.org udp
US 8.8.8.8:53 s7.addthis.com udp
BE 104.68.81.91:443 s7.addthis.com tcp
US 8.8.8.8:53 videos.ondemandhosting.info udp
US 8.8.8.8:53 87.127.201.35.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 240.224.16.104.in-addr.arpa udp
US 8.8.8.8:53 226.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 91.81.68.104.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 browser-update.org udp
US 8.8.8.8:53 beacon.9165619.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 104.26.13.241:443 browser-update.org tcp
US 50.16.65.10:443 beacon.9165619.com tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
BE 108.177.15.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 d1en0cs4s0ez90.cloudfront.net udp
DE 18.173.161.203:443 d1en0cs4s0ez90.cloudfront.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.178.14:443 google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 241.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 156.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 10.65.16.50.in-addr.arpa udp
US 8.8.8.8:53 203.161.173.18.in-addr.arpa udp
US 8.8.8.8:53 89.192.66.18.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.217:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 217.83.221.88.in-addr.arpa udp
BE 88.221.83.217:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 142.250.178.14:443 google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_3256_TBLXQGNGXCNSJMAS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 07a1aa40c2a7382da4c2e6461b7c08c5
SHA1 2be68db1627f40f4810689a15d5e601b920e3fd7
SHA256 72f75de501ac709c01cfe378ec6f52bb86c1e7f3f3f36a6c07e147302bfa09d4
SHA512 0280858f553a629af13582bf4b89c44b98ef9d6e49c6e0d5106bb896ff46e5560bb6055ff0ef28a5081c631a3f9846bd410f85278603e9721fc841309085da12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\index.txt

MD5 44549d8a7ceff69505383bc2a08283b5
SHA1 cf6f1f27665e2c8a2009447dd7be8950c75b089c
SHA256 75af890742c91924cdd6d91fc23f1d88facbaa3cb4b586a82f20123a2bcc6e7c
SHA512 2b68627c06a9eec5ad5abe977cdab48b913be007e2799838d1f906fe1cb55af06a4fb31b1e6a90adb75d42dc0cca06aa4b7513f2aa4c2aaaab119d8d95e95f2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\index.txt~RFe573e9f.TMP

MD5 074e36825c51575d9a89a59e178eb047
SHA1 bc081f54a42f9b65dded3a3d4f6f20da43b215fc
SHA256 08fa6c34791ae294f19e35f3b5b758a779bbb7eec4e1eaafbe5481daa883d558
SHA512 9942a6746397621a9880d6b6cc1d82a2b215a7a726d5be17f70d43198e13eb30e06703b9a6e0e7376dc395a07d4f5fe5510ac8ad0c297547c53ad9698cc8a8f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\index.txt

MD5 bf2d060fbfcae0e0712b0de97a8b8180
SHA1 7764b5a89c7eab4b05f054875c30deb8b024b403
SHA256 0ae17427f6ac2dbbb5fcc234835451a84fb07887bf2c5351c42055e1aa5b84a2
SHA512 b3066b40b5796ffea6c80c3deca65e6af36f8ebc72151c0eb2fe3d3a8e7748473f468594efadbf73b9f57a2484364c6c0cba2f065e7b99b4fdb09244ffebe0f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\index.txt

MD5 fa0403800a26cb55f25303b2fdb4a7de
SHA1 4badd3cfcea5c25d8ca23e8f7fd0b2332075805a
SHA256 cb1a635fe611941af1445b5336fe8ccdd9601db029f660dbf99101ce61b17460
SHA512 6b338673a018f21d17bb9901bb623ad93e79e123de37f21f21a08d90fd27480cc96f4d8c49dacb30b1645681fa0e8ce44a27b997fead7dba18960030a1b0148b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\index.txt

MD5 ba7f3a10cffec03eabd58d7cccc26c34
SHA1 89cf0b8dd42ce4c957a49104da3557fae3528efb
SHA256 b3775e0e4a2e806e9f08114e4bbe1e7bd2098953eb38e66947c92b6340f26754
SHA512 46689f02470e96538ed9dddb4a3497a201d551c62822f01479cfa58a7349fe0f38641ed914ed825a58a46397d552ed7604bb8a276011d21996ebbd700278967f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\index.txt

MD5 e0acafb598ce5c6ae576ba8e90617f21
SHA1 8b241223b70955643d0cda659010fff114bf5c4a
SHA256 5d1cd583719fe51a5e4877f34a0165aab35b7958390f7e094ede823f3df396b5
SHA512 7d8ce33ab4b4f81be1d9a6eab8d423db55039d4014b122a20adec594314ffdab490acf142cc19b3c5e77befea78d0b75e6daf70fbb619bdddd7290f7c6695b41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\dd93eac6-3b81-49c8-a9ce-1d8bbd43b0ed\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.thewaytohappiness.org_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\index.txt

MD5 af8aabc9cb48bfb1073ab22271069135
SHA1 853ed13900b182d3c25c9a2f01d297af9af91247
SHA256 2447333e2644a947c018a7b9de40915346eb080cc82f4f8d3e0ae17da698c873
SHA512 c7008edfd63727bff1a8b785aeff518c84391534452fc8632de0a89463366171ce4eecc984e28389b2aae835efd4296eecece536e7c89268d0c7a1cc3e9caf28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed424c548fa7070c292ab9e0a76ca419
SHA1 f06efb0a5d94fe8e8e77b0231c8ba26ba40458ea
SHA256 67d71629f0c8931c2db6d8afc751e0622f99dbbdbd2418ed378de261e04504a2
SHA512 b85fb999c1aef60f0aef5a3b97c835d83bccc09f32d33a226777111dcfb2369ec69a5f347df3c2a8df4e3154dfd7732eb61cbe26e87dde08d237c2ae7a0991af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da68bf253ec4a96b7d250769c56e514c
SHA1 6f10fc33f75629a0692f5b35dd4c44a4fd7f0069
SHA256 d00319ee6055d34e637bed2fec3b363e10c9d96bc8809eb910cf779fbf98e7d5
SHA512 58d89b57652551bf0ef9b6ba3763a3e1d04fe2f07ed6f2b5309eded08b8c22a589412f94b15050d4c96f7de923be31e838e17de3de42039400890c80f7ff8b6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b65f2078358deb2a3df323e76dd4d590
SHA1 38ea5494d5a396bb74922db8bec1a3acf04206d3
SHA256 cb74245949b824cbd80935b8f7a7b59a49b1db76a37d582de39ccdd32eef8255
SHA512 9a6744960c4b6a619375313a9dc7fdc349ca448a7e52078cb02d1cba86fb896a5b54ea261272f1eee240310785fb03826f79089441312f690cdb78e33e69cef0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578cbf.TMP

MD5 d222193ac952fb58b2b6eea791b98def
SHA1 7691c2dd3f42ecee8705b9620c0c6d57983c2027
SHA256 0bb1f37b252d7be29f8f4483662cd900d69494228816dc50f9c87350440bd840
SHA512 5eda10ef5f7b771344d1e3d244d53bcafe767a7f3919492459af4b3d65ed9d9f0eb451ec6d05d95ca4d34756caff0c3bdc7de8cdf8ffc6fce5e9a9191c67edaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\71e5607a-7cbe-40df-934d-84c8cf8c4c37\index-dir\the-real-index~RFe57950c.TMP

MD5 3099afc352511619b6898cb0b7fa1f0f
SHA1 db86e6d5af39931448897bdda74fac2da213190e
SHA256 86195832d990addab5fb9266ff0e86adb5d6a2a92811b94e9a8f1a9a9abbf2c0
SHA512 a1559a2bfea7c99de3bd34ff5be0f0d707e59beef424798f8c8d75fc9bf9edcaf07fdbacbb6696d09d8d33a04ae52a59dbef4df35523c50efc286e22f3994555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\71e5607a-7cbe-40df-934d-84c8cf8c4c37\index-dir\temp-index

MD5 2b540434ba6f1801f54c9901407e06a1
SHA1 20137ec1d152d24869faccb6c9f2cea034b2b956
SHA256 f0384f25c1255e7d399a5c9cabba7273896b368085eec7a9d3f2cfedeea5bb35
SHA512 6ab1b9c60f6d3f0055ef79a3046971f8dcb39269021aa00aba1b5e629e288966b538808e600a1fd4d540c6f4f64432bc4e6afbf50733450024c0bd28a3f93f68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\19f5bc57-59f7-4448-b9d4-49137e947b9e\index-dir\the-real-index~RFe579942.TMP

MD5 d2ed0034b84349d9b6cfc4c8c0eb0ae6
SHA1 fa659a0e475497376eba90fcc3cb9dd27cfd9676
SHA256 8e2cf99ada3f46dd96de222858da17e8dae06dbe070e38a1a7aa407a9302b182
SHA512 2fd365799c2771da9688260f7c3fe4158269d029f7bcfc84e91220189da8ce06c3737034ad90642878792e455e1895da0d80c8def0483078b753eb2aeb6cb140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\19f5bc57-59f7-4448-b9d4-49137e947b9e\index-dir\the-real-index

MD5 7906189b196fe36f3d758fde61aa11bc
SHA1 816246c4235e2c69f2cf8ba5266da5ee578a1ae6
SHA256 29828ea9b13a63717e825ee1df4d39c662d0f209dfaca545b4a89a1f2822e140
SHA512 46f0482c341490cd83fa1163ec9ebeb4a83d7dc67e983dc5504be80a0f641ca07946d71b869d5a5d6282a4d91378715262ae69bb4ac31bebee53f7218668f1fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\dd93eac6-3b81-49c8-a9ce-1d8bbd43b0ed\index-dir\the-real-index

MD5 e103423abfb12066661045e27a426872
SHA1 5a70e8d3a53512b4c168b62a6687e52058e30c7f
SHA256 4c2f9ac88e219d07bb7aa6b5542b6e743ed49706a13ce3291d83494383043d30
SHA512 c844b2bbbc6dfc13aa20a34a5d44da2dba6c08faf3b7acc07efbb8072eb3ac5a5fe75ee334d6cfb7d43cda2a98a11a06489397baa4c9482644406a48d975b722

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\dd93eac6-3b81-49c8-a9ce-1d8bbd43b0ed\index-dir\the-real-index~RFe579a4c.TMP

MD5 1590bfed2b42cf09b51d6902c021b221
SHA1 29290b4702abfcf1924bd12a928aad3d025d142c
SHA256 b0d7f4a198bb5d8b2c6f4334adbbf2fbe52cadbcb028fb43ecde14eee283557b
SHA512 2681eacbc04d5233b9df6c7272ff78ddc9e0fd1c78f515105498af6446cf192119be7c54e3b51962e57b56e3f94b449165a8cc8f36dfbedb41d3ce467eea4fba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\344d5487551c3e70e7fa0c55883d273f9ea8ab1c\index.txt

MD5 1709860795eda7cfaedfe7d0ee9829bc
SHA1 ddcaec0211482b522aa42fe4f18197feacfa0ddd
SHA256 4631dd8756e7cb8fd6e01d7abd35a27a8a421d8485cdac4c58f4d1378631d8d1
SHA512 bbbfe45aa8cd2dbbc3559b5931a10eb813108707b03cc769d56fc40bc63a24db4117fa716a53c226aa197d1ec4ba106551a0cf7d6c2de4627a8ceb86a7b340e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a7b0c41fb7f29cdb41e45178955f9c48
SHA1 aae21f6fc41e33f9ac71e94d27528a852ff4ac30
SHA256 0db3d57dcc387c0c81ba2edbb64b311cad52a53cfa66bbb86e94181fd61acbb0
SHA512 18e82c38ed7e4f39ddf763653e16f7a11d90ab72bc48049cc699d851bdd07a87d1d79a3576add1e872f7fc9c950a2305ebde17586bf35d571f8b341124606578

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 690843763a745405d596d0a2ff98a4ce
SHA1 52beb23399fb6e5dd0725763271343c5aec5dff1
SHA256 6c6047589699f05806858a3e250c3dba41c1130b5c7f85fab65aef5d68fcac07
SHA512 58880b31259cc3d9fcd2d93727dad70dbdf2d8d4d62b3235b332d4e7c972fc386348ec20d145f375db7071dec6fcc93c59e28ddf76a41fd1554ccb3a3c0bfc7c