Analysis Overview
Threat Level: Likely benign
The file https://itorrents-igruha.org/2368-raft.html was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-02 17:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-02 17:56
Reported
2024-08-02 17:59
Platform
win10v2004-20240802-en
Max time kernel
141s
Max time network
139s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://itorrents-igruha.org/2368-raft.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce4a646f8,0x7ffce4a64708,0x7ffce4a64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4930072291121848856,3861154703270561219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6868 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | itorrents-igruha.org | udp |
| US | 104.26.5.172:443 | itorrents-igruha.org | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 104.26.5.172:443 | itorrents-igruha.org | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.102.119:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | mc.webvisor.org | udp |
| RU | 87.250.250.119:443 | mc.webvisor.org | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| NL | 142.250.102.119:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telegram.org | udp |
| US | 8.8.8.8:53 | cdn4.cdn-telegram.org | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| US | 8.8.8.8:53 | 152.35.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dd2754d1bea40445984d65abee82b21 |
| SHA1 | 4b6a5658bae9a784a370a115fbb4a12e92bd3390 |
| SHA256 | 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d |
| SHA512 | 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1 |
\??\pipe\LOCAL\crashpad_2532_FDFPWSGFRFEOZBSA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecf7ca53c80b5245e35839009d12f866 |
| SHA1 | a7af77cf31d410708ebd35a232a80bddfb0615bb |
| SHA256 | 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687 |
| SHA512 | 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 80bc9a63f1753bfd36cea91e901ac644 |
| SHA1 | 6c6351cdb2bb0b578a845e55ac4dfb6dea4516c6 |
| SHA256 | f4779ea40929a1f9c9617a4dc704792d21e665d01df17afd7573fcb7a40513b6 |
| SHA512 | 8576fdea119f5fecdf9c1b0f8ea277a7ace0023e718238c3047e0ff196fb21e63d04834da2db1ae5f92b8539d8c4c22a530be72f1620a44b9eb475cb2dbf5cbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4637c2f2306d8116096e6ab09bcb3f1 |
| SHA1 | 48a5f1b9b72b462e5e859665a11ee49e1bacb94a |
| SHA256 | 8540861bb2f102f238fad91ebf22134878b2bd76b40c00c589749772b99bc9cb |
| SHA512 | 635c18baea270aaa2448a7c8393b219c575054f3466f172d7469f933ceb0bba9e7f697ace67d520c5f56e45ae43ac4e4900973f15290f3f7e747d294bcf187a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d3c8e45f86577f099d1e46e84540660 |
| SHA1 | 89fe71abd626d79a02af5ad3d060293e35d7052e |
| SHA256 | 3451ec76e9ef1ac9f097b8f940ebbbbccd1798e45cc93203f18ac72d8055594e |
| SHA512 | 71bc442a5bf4a99bf5209f56dac9a9e811721e2d3a0e3ba3f95551caef93b5f37ab44af859524e43f9a92806cb65cfa4778c4e650284fdde37745e72bb9d1488 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3eadbe006a738c81b07c05d7ff8a09e8 |
| SHA1 | ab8b729f186167c2a18cbfd462b4d2ae68af83ab |
| SHA256 | b2059f36212646a0e5933bed6d4ed74c043d0505e8001989ef715d80204725e7 |
| SHA512 | 9f9cb67fc6be894d7b984873765d79819a1633dafc068c72e6924dfca823ca2af287a98559c21955d20a718603bdc9e5882eccb626e0326c5f3f921e3c2e7753 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d532.TMP
| MD5 | 326c5a35a388ba04e5f41389ad2c2eb1 |
| SHA1 | 72d34dbc5669a0aa7e9c8a6d7944eefe6b77d1b9 |
| SHA256 | a00ba38075ff3f5e2fdc558487ce000bdfc4c443ec7f925527831e9c57e5c8ff |
| SHA512 | 8b41f5f13b933430df9e6cd6c09fd3c584e4cbf4a3d6122af2a0673ca6d18b1a4b2e6d86ea9234fc3f0c0bd3be29b56c52382be3bc8e3d2f2b101e9efd2f1113 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e449eb2ca7855c71402fb4ab238abe5 |
| SHA1 | daba2023303fcb182f123651156fd3d0c868aa66 |
| SHA256 | 0278d8dd19c7767533475986f046219ac1859886a4eab4b8be57fbcbc771c89b |
| SHA512 | dba391f682239fdbf30e2f58fe55ccb638511c9345e43ee42664611e640f4c235a149a649eae9a749c8f7d78c83c4de6e207e8f1be7c373fb8afe4d7ec7b918e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5aac62e881d40799d13bb6b998a931b3 |
| SHA1 | 5a9aea2ac837430443d30ebf3d3460f0a2396961 |
| SHA256 | aee5c0be38563cb4ceb79849e285d372e7a43142aff5b39aab139cbab3c0d368 |
| SHA512 | 2f8863b525c64517e3c33af61a7528a30e6c1bbf9255564bb9243fa8acd966c4aa9099e06519754d6c6a9174982f451c2e65d024001af4127130124bd2beaa38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | bf40de408d3cd4dca282d7318a95b7a4 |
| SHA1 | 9ca2d3702bec0ae8b9c206e3a61bc0bc0dccbb0d |
| SHA256 | da50a41b2c4a853e1a49652d54db59a939064b4cd7cc24a82d7701717a91e79c |
| SHA512 | 3ef1ba9b9573a001d4c772a214e8213d45b2690251d9c71ce390ab8a45c17bcd80e38fa0a6cc91cabbefbe48c140ced57ee7299a80f37125fcc930d01fd48923 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c1f0fff5adbefaa52e0d26b502265f30 |
| SHA1 | 062e8849c2de66ad184e0531b2b0fb8b0520cf93 |
| SHA256 | ed0286cd753766b2535f30d1edebc29b8d23d78d024e5c9061d4f677ad1c07d2 |
| SHA512 | f626c20fe777beb06e5e692560dab28eeab50dba640eff1b4843daf096f2aa663d257be02e4218fb7d9dc7a67bccb4f99e459b7560bb277ada635660aace0513 |
C:\Users\Admin\Downloads\Library-Of-Ruina-v1.1.0.6a6.zip.torrent
| MD5 | c78ece9d1f2a3b0234ec3b04db87d19e |
| SHA1 | be2b55da3d1c315c583865fd46bbb007226fc7fb |
| SHA256 | aabfdec173f041c9314b7953acda609b6eb3b2226c88537d5c93ff92f6cbf51f |
| SHA512 | 4c172fc2029f076f7992c4d0df0d09519120e6a8c3c57106bb32d55bfb5fbcb297994428bd3438e251901d30df4361de229ff16ca012d087e00b31233668f3a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f17959a1-c881-4c76-a668-4c0e6da5dbab.tmp
| MD5 | ea72a232e0c899b359598c80d1280a6c |
| SHA1 | 84174a142a73952cf0ae233f4de2b30cce846f18 |
| SHA256 | 50ef58b9bea96f43bda396ecb6aba4c9696794506c49609859f69afd22bb0e91 |
| SHA512 | c4f24dacbfd1667f62a8807e17cd12a30b468cf9f25760032e936c6dcc50d98145ed82cb08d7febd3f4be98471026d5c889c9a304bd244c86e52301b4a4a0029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 575467001d468b63887c27ad95b8617e |
| SHA1 | 721c25ef2804e58c2e1489fb455fd5fb9af7d98d |
| SHA256 | 0df8768a8bab2ec48099e703349e23cc56ac6d00e8d4d109d87be8cc4056cb4a |
| SHA512 | 5892ae4328f1ab6140e5079ebb02c00b1860f72c08d79ff5064326d0e2ef9fdca4c2a91ccc4b233c476791d75def8e9104c22974044a7701c4734eaab1054c99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9730eb99b3ea8dd63c80a06f9f8588dc |
| SHA1 | 36a35f133a9c829072bf4371754041d1ad3afec3 |
| SHA256 | 0594b140d13086c1685d83bb78b2bc56c15694d39998d68f39f7f88d9203d53f |
| SHA512 | 3d770de525f828ef87c63f798286a4a945f1d110673ef03a7b7e0534f838a6fdd76ed8bdeb0fb2392d632383b8e88c922e0ca5a6454f34d2b9bd4794c7fd4bc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1daebe1f4601a8e271e9309fcf5360ed |
| SHA1 | 44f9c2ad53e2b212567dc99182e4c08397bb4d36 |
| SHA256 | 1b94c51cb3347d93162d1892070a51b225521b78481fe597129cf2e9e2107bfc |
| SHA512 | 984b058136fc53ac6c8e3d1f6b6304c8427b28ae6b897937ca2c3362192750c971b970c1095b481fbeb49b19880a33d485dac8b7af8ab0ce8cda7adaf85f01a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4c8076a7b9dd97e448984ac2c6a36f35 |
| SHA1 | 6ec7960c26b8eafca0873c4942f64994769cf923 |
| SHA256 | 48a57d95f254e6456ef9268522db6b2d74ce2d9edd793e61103d00fd51f14d21 |
| SHA512 | 77604bfc18e2c0830a7544787cfafb0f755e1a2718ad7ee48c6055e7b80c55766cf6bc1ec84f91de254f01a68723540e379af24ee1fa1e43c1cca6da3c88c34f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe0144f6ac5ee87adcc53c97487f01e2 |
| SHA1 | 907bd6040508f48a7122ffae2645ce96ec5f2e30 |
| SHA256 | 8b3bc1ea6dc345b6e2f68e3fbf82e54a528899d4a1cc7aaf1128c1865f7af210 |
| SHA512 | af058a5bd0b642e53494d029c783a518678d1c7839f41f932a97ea441bee9545977320e257722b3e29fcb5e64797073b9c7f986c237b31f8a4de186c76d18cd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | de55c7283d31df3f78f7e70e5b9b11a9 |
| SHA1 | bec00bb516297d6ed96aee785c511990e8d5fea1 |
| SHA256 | 3947a0d4b233ca973aee551d260931b667a67e2cef11c274a34da0e3732bb20f |
| SHA512 | cd8762642a514f5c40b48b4055f21499a4abb4dea9d4cc018598ba4b2e7c61f1667b7c3c1e2b292cdbbc5741ea841f27bf75f2798b1a3e2e57c5be7c766f6765 |