Malware Analysis Report

2025-01-18 23:04

Sample ID 241208-16tlxavne1
Target https://is.gd/oJE2qG
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://is.gd/oJE2qG was found to be: Known bad.

Malicious Activity Summary

discovery

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-08 22:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-08 22:16

Reported

2024-12-08 22:21

Platform

win10v2004-20241007-en

Max time kernel

328s

Max time network

326s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/oJE2qG

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{86FBAD79-1A36-429F-9AFF-4D8F39E8313C} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4016 wrote to memory of 4328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 2108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/oJE2qG

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb171446f8,0x7ffb17144708,0x7ffb17144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6564 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,10470051011470314659,5278297284956133726,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3456 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 is.gd udp
US 104.25.234.53:443 is.gd tcp
US 8.8.8.8:53 roblqox.com udp
DE 5.252.33.158:443 roblqox.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.234.25.104.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 inju.cc udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
FR 3.162.38.51:443 static.rbxcdn.com tcp
FR 3.162.38.51:443 static.rbxcdn.com tcp
DE 5.252.33.158:443 inju.cc tcp
FR 18.244.28.99:443 js.rbxcdn.com tcp
FR 18.244.28.99:443 js.rbxcdn.com tcp
FR 18.244.28.99:443 js.rbxcdn.com tcp
FR 18.244.28.99:443 js.rbxcdn.com tcp
FR 18.244.28.99:443 js.rbxcdn.com tcp
FR 18.244.28.99:443 js.rbxcdn.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 158.33.252.5.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 2.18.190.80:443 css.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.3:443 roblox.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 t7.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 t4.rbxcdn.com udp
US 8.8.8.8:53 t2.rbxcdn.com udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 51.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 99.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 87.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
GB 2.20.12.77:443 tr.rbxcdn.com tcp
GB 2.20.12.77:443 tr.rbxcdn.com tcp
GB 2.20.12.77:443 tr.rbxcdn.com tcp
GB 2.20.12.77:443 tr.rbxcdn.com tcp
GB 2.20.12.77:443 tr.rbxcdn.com tcp
GB 2.20.12.77:443 tr.rbxcdn.com tcp
GB 2.18.190.72:443 t4.rbxcdn.com tcp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
GB 2.18.190.69:443 t4.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
FR 18.155.129.73:443 t2.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
GB 128.116.119.4:443 metrics.roblox.com tcp
GB 128.116.119.4:443 metrics.roblox.com tcp
DE 5.252.33.158:443 inju.cc tcp
US 8.8.8.8:53 ncs.roblox.com udp
GB 128.116.119.4:443 ncs.roblox.com tcp
US 8.8.8.8:53 77.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 72.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 75.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 73.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 lms.roblox.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
GB 2.19.252.132:443 jsak.rbxcdn.com tcp
US 8.8.8.8:53 132.252.19.2.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 devtools.azureedge.net udp
US 13.107.246.64:443 devtools.azureedge.net tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 www.roblox.com udp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
FR 99.86.91.104:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 104.91.86.99.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 devtools.azureedge.net udp
US 13.107.246.64:443 devtools.azureedge.net tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 arkoselabs.roblox.com udp
FR 18.245.175.18:443 arkoselabs.roblox.com tcp
US 8.8.8.8:53 18.175.245.18.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_4016_PKIORLXENNSHQTUV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f036a48d88d58b3123ba9a6d17509ffe
SHA1 8478689993feeb0693c2dffdcd19c93887710c5b
SHA256 d57b93628ffef481125a3451c8a2a1b245aeadc7b43433551756c391e6577704
SHA512 d31873f347cad07522ebfa86c459dd4ac013821b1cffb1b894ab6ce347d6e9d5cd3a355058521a33c5245e33830009cf18488445ab96ba711a2846c0d493037d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f59a37f68117db6424d611274966c80b
SHA1 1b0a55faa71fb1203aa26fbcc94a0f539bc80fa7
SHA256 c08b2921747107ff1d5fdb5da487cfc9da3e60e3ff95d5f8fa7927fc68faa6f6
SHA512 88ff20cb2d465d2f22d06d49dfc18355db73f1f1da86a82e8d29b73b09cbf59fc6ef65e3c5887fdcf757bb6bb4e2477abebacd3d5863ea7186a4b9d3972765f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c902ccbe7fe4a7d672da1822f077cfe5
SHA1 96756e6057e7f170e232dd7960a2b915527bfc1a
SHA256 259f80d9773c00d2329b9f8f635435b6566c8aa1e602b62a2c28c26975fac081
SHA512 915ad65ce8a65ae5d37009506f7aaa727af34bb67e99d0776e53b000d833ca4b6029d68dc148288d0d467f5edd18400ad8dbfd991f388ca6aa7c5f521c527500

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a262f2aa8ae55300973accbca2288272
SHA1 3de409485fbae504814fd38b6d7766c57c438409
SHA256 98eee29eac864e004728836768acf51034da254cfbe86787fafded4781d3262c
SHA512 f84fc2340966506c8690ea8883dd6f67c6f8319745cc015a987c49377c1e8192f8f3714a12b6d7355a300880808fa168a244623aeaff6810186c68edba459465

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e33c.TMP

MD5 e604344729b88dc2f8cb046bc0b45cc1
SHA1 41578419164efcb8bec08564285f1ed233eadabc
SHA256 3e56151be8204b58069e6a96d9a31294f05742b307a4e96f30ade9f465073f36
SHA512 fe7874709b1d254a46e0c7ab4aaefce45b791894ccc31b81dcb0bd5ceaf48e38ca983324be6e58b2e6e2404f40c5b8f07c273dd4f07703e1070cc19e71cc71e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bcb3264d6ff7600a0d21ac9593ea5e00
SHA1 813c9c826101c3648d9e62baf908675a4ad99a58
SHA256 d9fe75ebeedc1a364078085f32db0e906b54e7c2cde4a445b4b3fde69e2330d8
SHA512 245728e26dc26439751a4ff6beb7d52d6405597b71e1ccc6c1f56babd01b5e788e5fb6bac8bf3cb31a52bbecd5fa35ad282388a96bf86bc08477979a409ba9e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a695174ac01d81727d7c14c05cd6081
SHA1 8d74aab362a2e93c81cc20177d125f1c555aa370
SHA256 6f0e93674234ee7175410f08115180edf8b6f687844bcd0e92bc6d8401c5fbbc
SHA512 e667f4a204bded4386f2e76de4d28acedda1e596ea0fea5f9b6064ce906dc4bfea84727107847b97d4abd3184f400f1782bd9e162ac229d651447ce6ea99effe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3de33d248648a3a833a7f84e788518b3
SHA1 65222dd82df698d50eb0416d25a44704b37f8d14
SHA256 a8ca434f57cad34dffc88e4237ca54bb031addfb2881a66f4a2facff92d72d6e
SHA512 8a8286c8b6be6d3f329f6280fbdc063bf19ff51f9485eec5b9eeafc1f736ac05e2c3aa6dbdfc1112a194fadc0fbfd0b89cfb14279605368667ba7d002c906a9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d306ebaa67692e6914f123aeb861da23
SHA1 f2b8864b594d9929661433beecafc9687abaa00b
SHA256 e2a091915aa5587993a356b69ce478b92f98415d63e09a0069405a935e73f3ed
SHA512 907be3ac5bf4a75e5accc5ea5bc7f096402c1e0beae58e3e0ceb1d534c5c4793f4858c297d75af22cc9d4efad8bff910ad1a5ec79b88d8add292f080690ec7a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a29f8051cb0146fb66fe553e8550db3b
SHA1 c3a67bef095e7d09615e23c5be637cb32e23de31
SHA256 7d6558d1c2c1788ea2455a45301d4cf077951946fe1c5df2dd4b9c03d48aef0b
SHA512 e9c8a0f5508461f7a6aed94508ad215861a8c95a18387b3fd352b94f1d0d51708cd8661c2f20677fc45b7f57d3ffa4efbe5b185ee533e2e8d550da4ba8de292e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a3196603a06e84b2e159e4016e1e704f
SHA1 1d21ad48df4a04cffd6cb42a3d8de5876fe951d6
SHA256 d5ed1b9aed15427eb29072904f9bf18d815877b72a2c9b2b4872c74d73bd4696
SHA512 7e405adc8c480e60058684451ecb336157049b218ab7b49a9f46e34d42e303a22b1bd785ccd1afcdfe8b8f2bb0d9eb5a271429e315d364ce511915b466d7f478

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2772f96b2edf38f616b8c69b71dee85f
SHA1 9f74b2f21191af12fd644b61c4f48d236c53dc86
SHA256 f519babec837cbc6bb69ace38e7933d1c78ead8a9f01e6173e1fc08f42450059
SHA512 2f647dc028699b699d1a9e39347cd6d580f5d720d42c6b47854a105151aa2b8b9de48b7a366d62911ee4ca95744333a21049ea7256761dcbc447614a179d07ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 77a32113b44a81f375a817a83fe7e306
SHA1 47091f13263f60e1112a7e83e83e5346acd3dba5
SHA256 2707a1a523383dc78ceb62e7d18225848d37bf770f1f30e50dfd5921774c2991
SHA512 707b131e36a050e19532ed3b01c91ea84ebdfc254f54d676ba70130e1c5f60363968dc5e9ebd3b6cccd04d6efd2d640a23b380130ef09da208148703627b1dfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 68f44e33ef320bcfff28d9a2ef5746b9
SHA1 a01278f5ee2cfc3708f4ea75bdbe15a2f716f533
SHA256 a18de18734ec4b6678d5fbeb1e6c1698cb09e17f7cbd792d129c31a4952bd320
SHA512 541fb903143a374f05ca275f430e8f826f5078ddf9baac65b12069c82aef47c8223ab6e0b35078a97172f5d48962ef5f2f6c55b6cdb3fcbac68ad85a5788ad3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 66dd657b1b8f2506627542f008c12a02
SHA1 a8e265554b960b682e8b09464969b10aa98ad5b2
SHA256 91cf65565d022ae18da6afce416c9237260c46a305a46e09197ecc9ec41fa4c7
SHA512 dc4e6a4e9d6274b91a2507f946db7512f7c3e130592aa5c4cb6f19e7ffac2fbfa8ad0e353ddc6c3f7eb9192ae520ba8eaedd03a6a97ccfa3fe65d7c4bcb30ad0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

MD5 8dff9fa1c024d95a15d60ab639395548
SHA1 9a2eb2a8704f481004cfc0e16885a70036d846d0
SHA256 bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb
SHA512 23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

MD5 8b0bb265d10c1fa5cf92f906a1a0ec69
SHA1 dfa7d664547ea00ff628ded0af8b1df7ee11ddac
SHA256 76052cad62ffeeb52ef48d9f4d7b0d3a727d7b21dbf7146aeae47d83f3cf899a
SHA512 887a852535ee77554e21290168a1824ad6ffe20c120a80b28d591160f9644462571ef264af6c3d8c443bad40485c91c517dedeff9861a56b8031bed5441c1d64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

MD5 d998fc602183757bd29a3f220e09e00a
SHA1 72a4f2cc21c3d35c47b565df21c0423c8e658daa
SHA256 e4ea20d42e11fc69849f325b06529775b3c02b1bee504e4dcd0e4866a4f34dad
SHA512 75ccff99032990f104aadf05ae6029309be62462ff31ce3823da863129199f7be606c3b3163cf2b1ccef7e8272c7fb99055c2d0863e803bac0b84db3dcf0744e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

MD5 881245c49b0865dc56c6dfaacc135182
SHA1 0c26c52e1fc1fddbb8d4ef676336add82e5c0edb
SHA256 12896b404502b2c479e52bd5e37e47bc18823efe242fccf0305515ffb20dde3f
SHA512 f4f4c02044779f72413695f575c2bd90a147c349425764d87ca3b995494154e00f65c880c10dd97ee54cff20fdca6a8cd53e7a0f74fa143b89cbc08775a172ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

MD5 c8a0f2a9d5ddae75ed8eed0e167ea4fe
SHA1 18388578b113d84a8851cce26427a75c00bded28
SHA256 0ac7052dfe5610ac39f04c1473592fcb1d59694fbda188ef26365a7aa384981e
SHA512 66c0f1c7f60942690dc585bb976efaca10e33793e1330ae0f3bd4f429784ae822e797626220284bebb711f71265a2d6704188f917b4c35668e3af3684590cef9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

MD5 0fe4284f5d822205ffd5ea745387515d
SHA1 43a62b4062400a90189fa76f0800e46b28e6e538
SHA256 c8dd5e9b776cb14a679541191964bff89dc832192954919ba79a456c7005b643
SHA512 01baf185632e734b6e7508eb9f5c0508e2ad46bd345a1dcbb89b7cb6776b231ebb3fc351aa67f8b5ed6195965192a2287a1a73bb779e74d420d0b04b331d8b1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b

MD5 5b3fe6c9c2cb96ab6d65d0f38245ba51
SHA1 78693a56ff776aa5906568f5dbd4cbe8c1ba67e6
SHA256 8451df2bf5b82a892b4385b623691408a40314958ec932000e533a4f6d765a30
SHA512 fbf64b79246151fed4c261454a9f401771fb534b3b3da440314f8269e572333f7ec801798d94c77346e1efd420bd180ed590ed372bc716306d3aa469c1cb26fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

MD5 6a07d158bef5c4134bfefda43becbeaf
SHA1 8d1b0d98ef649d53e1436eca8d4b64772c588b3b
SHA256 d36d99a76c2aecf982c0da2aaa46c733cbe1c8c1d0b92fc9305718396195321e
SHA512 1fa4ce2fa18c81dbe855e72e7cb26948dc0b930692eded9da83e71faafe4370447f6434dc6bfb6e4d7d4f6f96f9dec920bbfc314d8c12eef8e49814271c79f66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

MD5 51449f29756785ce1a0e9076cc22f837
SHA1 fad8d40deeeb49e8b79c281df92d28f35469e31b
SHA256 7e4affa820fb6d226480e76e5bd23a247988afd9aa8ff26bd5212168ddb00f9d
SHA512 a3f088fcfe32e6613718626b5b7aa8664f4e81e0d2023b708f1dd988696136b58d6864b237e81ad38acd0dc529c73e0395a86f9ff2b651a22384369be6009a91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e

MD5 e30a3696dae2b6f00cc5086cb5483d2b
SHA1 9c2e40c2721dbd5bca2636d20252e76f3603f816
SHA256 c1deb70babca44a36a3193662f4e2152b142636b37d316ff4a531ef6466fad6c
SHA512 04e9160437077510352b30bc130a61bf0fd35e1ec71496f35c90fbc32ee63793778a086e74ddc40b171336410d0983bb1009de344135c83a40b9a65189050a16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

MD5 2bcd5313b1dcf144080835ad367e5c2b
SHA1 56256f4f380d41e60594c723e441939398639272
SHA256 40d8fe691b4f166e20366f575f1e8cf441ba24d2e74347ede94393317bfcf8c8
SHA512 fa35bf75bb87343d9c58444d23f512f2168eae76cc8794de57dea6ef7110cd955ed29938ffe26aa0bfbef8173beca91a32cd90a7ca37bbf51d3b9babd29d0d51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

MD5 a7b866c01e651d7eabf37e37b6df7226
SHA1 3ce5344418c083c16cbfdc31dad5e28008cdd1d3
SHA256 5c41160481e25ca5e0608cb30823eb79fe2650faef025b70773674505318cb15
SHA512 5175bcb7c105bc689f8de32085db80b17077e4049f04d233990bd413379299912f3404b1a9ee4bf37f4aa72b2498cdd358c52e3d7b720957f862e146ef1f66d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

MD5 5d9b27716eca82e90b3a17ef14992ffb
SHA1 ab1f192d164d28eb19a3c23649115c5c97956d95
SHA256 71a55f36eef07540ea78e98b2288dedaca537b7e2559eb375f442ef7c392b92f
SHA512 7f291b3744720433f2b74f5f72d6a57e359573aa068ad7393e35c4ef01ff38c65492f6407852d511a4aeacd3c682017e608f45df9fafe31bee30a71628d50152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098

MD5 e9bd73c79416536e02796194cf3a0803
SHA1 5a9f728a688916d3edeb9c5a6bd00537eb30f2b7
SHA256 057cf3f03ba720968f2056682b9291c94a33ba86f012d6a32002efe86c397fba
SHA512 b545f94d98f1ab495ef581c2510f703272ea245d7a8c68c6e07d1c9348d564eeaf8e542e0e9affb77cbcd12ba9b7b7e17a669daf510c3e5528e71467a7986276

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

MD5 a45c05a8d67e3c24593a5d06c116aa28
SHA1 6cbf5a3aaa4c741cf0f8382b1cd15fe990a8175f
SHA256 54ee0d5c4cbd8f6d79961653060ac188e59e60565995348a1e35fa2dfe4ad2f2
SHA512 8d7e410ce23ea5da039cfd2ed1f207c780b73906f4f5b862524d631155d150391482ed9327f7c0ce08fea9242c8728a488feffdab25043785afedc391d3d98d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096

MD5 810247cb7c177c6cb9b14e3d56435042
SHA1 ff66c767e789f9fd4e31474fbf1d8e9ce6c7339a
SHA256 da81f439873b37961a4f807952193fde296959b5506af0807ebb140a9787d0de
SHA512 53cb0f4b7e628582bcc33420bb1a65bebeea0a196045a14936c64cbf2c87bcbd1a2b006306e181828bde006f37b23bb51ceb71a2ddda6bc01527a54729fd0647

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

MD5 aaa346da5f6b742ab601e5e22f01e4a8
SHA1 84e7f34d0fd76c5a28fc9be12116917f82e5ae4b
SHA256 343ece2d7c84fe67ebdf04a1e3ea60ebafa07719d122561c17f08cafd1925c05
SHA512 d77ae65b3b90f9c794c895dd1e3a21903b358f4241babecc971e3971b099e678d6866f6798585615e9b6f4fe18d64d814512987a68ffbe56b87e53b3a43b4403

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

MD5 b681bc599a37d4f918126f6a588837d8
SHA1 ec08d7d839f8ce5520e35cc83b4425d717987319
SHA256 d41f5f19492ad362cbdf6a42931bfbcda0ca8cd9d027dc993a70c70aced87abb
SHA512 bbd2dc656244d63e7ff1865e9e5da08794dc80c9e5b8948c3bc7da1de3e7f7f300e53bb87cfd8829697bbddbac4e9efaffe68defb82be3a3d4a79b367efd5bfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 e0210d118b3139c5c77b0a3cdf07240c
SHA1 520912218ff8fb26d188dafe6eb7d53e4a1347b8
SHA256 09afbb320f0230e85ca0b2ad49ca106b3cc9bbacd2e45bb4e8faed3a3fe93444
SHA512 dd11395f2f830af1571beb0293e78a4ef01c252371194bf0e8154d6494d951e44b0e34219ab52ec8cc8ed47eed88b99592e9fbfe2c8d4cd65e26faa257a64550

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 4670305c7a91dd7d819c49e11aaab673
SHA1 c808a80f512a23d3905909941e4cc9eb02efebf0
SHA256 5043a78776a6f0ebdf75562b965cc86893553f30efc120e5647d8b157629447f
SHA512 05bcece1cd9a592e6a6c9e5a80f4f019d1a4d57c9949db4a5b9296767ad8f7e360a5fed197c068b00156bd43daed98e7cc05ab8e62e13e568bd0bb015134c7cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 ff122ed83c65b35220660f38c2fa26d2
SHA1 f99451f4b2fa18429253c8b80209900bf711e8ca
SHA256 a0b52734f27b7bcdacf0d69789bb34370bfc772019a37ec52a3f62ea60f83dbd
SHA512 482afdf9c42f5277ba8412746ed79d2a9628d1287b53c7ffdf4afa3c71adc3368bdd1731b45104991a3a500451c9f02a29e0d15387fd706ff22ff0dc6869bf1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 99adec199701191fda80529b0506e475
SHA1 ba63a6135825ed9f463762fdb1fe8e4a3cab26e7
SHA256 86301cee42e07c559f6e99eb7e7270015f1b0617d1169feb1310508d4c6e004b
SHA512 c4ae0733870ef45a493685a3871c77dc2f9373d6104b429d38d508b5e6b0263114b0680e46e57ca20dc236cd45a4f6be4a1d1fd54945015f6bcfbd379e911267

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

MD5 d14e8802e62defc16914e0a07ad43ca2
SHA1 78872df5c10ccc9d57fd2a1fa5bf438989b0b781
SHA256 932a98892a0f0287f7224a85d93ed555e60a5d9babc675d9f550dd45348b8418
SHA512 c45be820a87e086d32509e449aca1c459c0171b85f59c35f06e6a6d938d45ca54ad4e2c2526e27e47a1b2ef992664359967076ff040bf273bf66e7da4aa994c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 6de364539a9af501b74eabfff2208dd4
SHA1 69e2cd44916c641bf41b993735631429ceb5d38a
SHA256 1b6fdfb416fa4f9a22097bb18854c2eb537099cab843d5f9af6d926ca2983f0e
SHA512 9594134fba6af01946a47c45f1f7177f6d98486e405b0534a205c7fb15e43c9b3837a07c94f65bb62b1608fcd4217a40ae372ba44e895180aa7c1c13fb9bc592

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 52a30eaf6f9171ab42fa2f4e746529a6
SHA1 d25e9ba467ba0c46e4ecc225ccc0b79603a15f3b
SHA256 cd627d2c91ebd8d52e0d75635ca44f653d48fb54c87686c78d698cf73e2f08ec
SHA512 e6459aae6da09e974d4c12e9e3c0eefaf072042cd8f9c0c6168d4a4494212e7ef4f89459b25fd4e4fe60617c91b3b274e09b10326e031ac14611eb86f41e2b08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 97a09aa4f4b80dece35061510ab8969d
SHA1 e5a6e838772cb4e8b7bbe73a302f71bb972d51c2
SHA256 657caab3365bf04728d83c35c710ed890130a83ed11c20333577eea591a662f4
SHA512 c4e05c200de14ffd86619f1fe99c78ddba58b22acdd61ea0260cd291a6283bd446b54d882b40427366769de76b56714bcb546330e7de96fe10a8ef49bd7e16ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 8226327996a67b56d47dbca42620a75d
SHA1 d604167574ee91bbf5a6e0aabed7591fee1cb41c
SHA256 70ac272dfb3bf6e7cd5869a4099a12670dd6762e76bd73df23858cde219e6afa
SHA512 959ffda13bd17451bb153225fcd72edea4ba3b0111d0f80d41f46da3e718127bea5f1a1674fe13840d8c0ce3fa5773bb8dee62b64937eacc16248f329424d57e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 0049e2c4454a1b88d7e5232ce501274e
SHA1 562dff86ef5302b31a35f3335b94f2120f83c3ea
SHA256 97977d6df3ba89444d76c5a05e1923ab4722e3c4a9c8d04cca207493fd2e5532
SHA512 34addbbd3ebc57bf1b6c39d876211d8756bc74decc658c8a64d253414b93ebb7b394837ccd7b2fca7772794f114443548f7b98c8a023cab3a286150bc8fe7ec6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 037f9de0a742704d765a90aa4b58f1af
SHA1 348829c107d3eb3b23bfcf1a7e92832d7aec2ed8
SHA256 253e4a067210ddbfc056bf61229e579d4727a0cda8e89ac373c87a2bff323ec8
SHA512 a7b4bedb88c4791008f663842426e69acf98022b95448f62c8f20babd34a46850569a00bd40d78eab79a50b03f67528c26d70af9b0fd73cf999535db99207e70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 58e0653b41ac9a6c6b0c9c1130dbc4f5
SHA1 76e2fd8d83ef892b9e1d7b6499d3c2fbc6636197
SHA256 515ab1ab1fd5d82a897f7c0d7401107f83b91ba3e3fea8c47650d570c4f78663
SHA512 3b04b61e42063a6c2483ca94c737220ae52270579e659980e968a794b5c56d8658e2f0166cee09d3bf6787b0ad271f8efe37fcc68501f5125bafd4be3cf49f84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 99f8b19ac0da4452cfb4f322d8d3836a
SHA1 012873e12f96ebaeec7055d454a1f5a073e98a5b
SHA256 2fa6eae1e99833260b4fda946704761b8a70493f8a17b70764cc30da05c939f2
SHA512 22a362ffa2ab98dd59a7a6f9db6d89fb0a8b3331eeaa17148ab42e4dbac00ea34200cc2fb49a17f9388e0ed1eda5b13329e23f0af48fb320002d41e778d2b901

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 e1f6e032096b2924e561c3928b9dc73d
SHA1 f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad
SHA256 fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8
SHA512 b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 cc7ad65e0558327d8fbe8ade40ab94e8
SHA1 6c153e9bf971f196db25cb2cb3b62f77f0a1299a
SHA256 956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30
SHA512 0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 8e0f49ff0058ff253f619fbfbf98e1fa
SHA1 c78b6d53070115a4f8857e8da6ff553f7ac4d249
SHA256 124597c56f49af7cffb3ef5af236818517d7f161a0acc7b01ab9ea7c91ffc60a
SHA512 e18e40004505259cc1cce6753d17bd95c4c548484554d5b75183cd7efc52d881516724b2f18854f065b24785ad148bc649ab70264f09285dd9f60b83ee36b718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

MD5 a2b67a025c06e3010985ed07ecb236e8
SHA1 9a3a915ad7a2edeaab18e2c0996ee8a34eaf9af8
SHA256 049f3eecd6bb27dd6c0f7a21a7443c5fec05ba310984bb834146466e4c714089
SHA512 35e1f09b4c33111a1f9533843b4a3161578ac55296d34b6de6515ca10557551d6a66b17682df2c408bd0e6be9909b1647b5b8d24d4f00945e0b5cb75fc299c35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 e68c49fd30b218d571e5435773c46d89
SHA1 0107595579b3d17c8cc585b8a3b08ca7ad1814b9
SHA256 d1fc73a52c9ee2f44fe2bb46b0dce37af0a9709bb1c1c2992bf435d3aad7bda6
SHA512 ebf8476180427406119f6760919be8983f1fa322df3982a8fd7d81bd0b26ebc4505048d4e4cc281aafeb5046211c458637f11e8911a8fcd277019ab7e1c9e247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

MD5 a1b272fcb0dcd5516b7b19880bc94eff
SHA1 77ec09fa90451d396853b55b7aa703583da99837
SHA256 3f079637dc81e2bf14ecf6193402027460da4ddfa8ceae9490c21277639ef86b
SHA512 5dd2acf030846682aa99921d71f5af82843c53c2d7e947a000a95d75aa89b18cd8ba2656ef9fb9a8cdd5ac70ad969b68483293b4b1c3343daffb5cd5145ef004

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

MD5 e9fff7583b03f6884389c3054950b87c
SHA1 7ea5081df9b9a58521ce2d7756d9f6cca2e41e37
SHA256 dad510102c6ec52efb2a949b8334c4bf47671d8110aa82e00b1b5cf7658aef3b
SHA512 db03d11ac8206151047ed771f94bebe82b3349cb4e03f521ef26151e798ae3693e55f0b344a1376f51354dd479f410ae40b9681b75893140397fe1f772a12c7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 b715a5dd019d1b8771a3031ff85c972b
SHA1 5768744eb85d3137d094458e4b7842c1c5c526cd
SHA256 e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a
SHA512 22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 f1cad4800853bba09a023250de102801
SHA1 76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6
SHA256 e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b
SHA512 4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a9d5ce4198b48142782fd86e5fa747db
SHA1 1cb0b40cc878bd38987ad42b97e60ee1a813097d
SHA256 0eaa406804fabd94ced81a4a0b59085fb0d78195118715c5253d75435da112e1
SHA512 552a34eaf5bd88116310b4852d05514791c4b34684e04d75571d923e806327f77b47278b81494434a0ec400ddbf36e76ca13a20bf4addfc6ad126edfb2ac34ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55f02281cf2e2191109edec869b34194
SHA1 6d6b87a6504fe7ade3a249346818c33d56d4d531
SHA256 adf9ca437278a284416a42b821b41c1267aaacbed4dae32aa95d0d1d3d91bfd3
SHA512 801acb17f7dc55922b56996da85babbb6f92b37a0e59402ed55a04cfe14aebfba0b017a7a47b6cf68018ebc816266befd4b78d5098c5fa059ec7a7e899403110

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f4bbdd58-22e3-476c-abe2-7ef82262008e.tmp

MD5 e438862b80661a8ba0db21b0e92559b7
SHA1 2530ac564469fa15e0aafcf4b98b0180e9daff10
SHA256 033e9fbd730a316e88b91964e2923e819354b51d2e4e07666677d9b8fc65b63b
SHA512 330eeee91db4d5edf860d1f28d8e6e82cfbfb7ebdcd420762bc58b13adbbf8125f74d9dbba879b5858a0f4f9acc0a82ee176ebe0f266f0eb1e2c90353cc191a1

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.acl

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5ed7f6d2dfbd5b0bf44eebb50e251956
SHA1 515db6a589436b003a1591ec19a80e0cd5063628
SHA256 13a5d21c40a0a451dc79bc5aa47fb0106d6a68132a1767986fe1dac39da6d4a4
SHA512 bd489c01c7bbc7cfd04c9ddcdaee759b75055543053d5d8260b2857d9ad00b53ca7bb374bcc6566efcbf7b56f94353e1ff8c8f8c770f0b06741ef0995985eadc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 180c35ab10e7fb8b1982ca818fc959b4
SHA1 bd539d6d71c6099e4c8f40e1d5131b64271fd4b5
SHA256 66e00cc4ee37ae29cbfd1c7d76a35e08e2d33b096affd0eb9c847208daa84a21
SHA512 74c1928bbf91f0717d78abdbc32f9499e24a5095ee5a5ce6cc9867d0e81ac798874b625cf9c8675aa583e967dfcb08b9c8d76ed5506b18b82f76894ffa6c0e41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b5693a50121661393bb62a3afb950bdb
SHA1 c6de7f76774de50559e9e4ffdbd2c208397c3564
SHA256 4c7b16fea0736d2ccc3009909f090b065e873e0e55a8639a266ca6201bec281e
SHA512 34a8cefead52c548b4fd6b277e5cce8885f698d90800602ab0a1a3ce95e0ec54c88014f7e94062900a7d19745b02803073dc82d020241ccaba792d77f13878a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a7996300a5a5a67dca956c039f0f9578
SHA1 d295d49a34b86a02add62acb03dc0dd5b90ee8fb
SHA256 f8c2b333056bd38b0cef1dac512c593060453e2c8360c2a2e88b124b4bc9ba31
SHA512 557e54b7b0be333d620a2c5ef30602dc0776a57086300d1faa1862af17601c31a37daef863f7e187168493673374e4c64fa5e711f7bd8290892411ee6988f7e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dd3313f33363cd4cac83ca9f5602f514
SHA1 55a8f299e21850a7bb7fce3d40ac730e9589afce
SHA256 411f8eb7baeafab6e2aa1e012bd8d9c8198ec9a2e87f7edfc54242537eb56aff
SHA512 f7178b47273efc79d9581dc51fc82e4a9bf690042b2e068c289193fd0a0fcd9b52818965ce4028ee20e5cce904fdaf506f79ff63a694cc7a1d7b5cd403bfb8a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f85b8e9abfbb5c889ee7da2aefae662
SHA1 26ab3bb8da0129c8bd54a1fc605efe4986a76a1d
SHA256 dac55901c0fcfea3a001364d2d1303066c8f700227b5438a9366069630cc64e6
SHA512 822bb6be980e5fa69af4dd57803819285aa0f9d80fceaf443d2c645f6949aca1c64b060360458428365580829ab5f94b88fde126997a6179263f145ebf28030c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57666a788223fc679bb5f5f635c1b33b
SHA1 b7361fecfb75ebc178ed4839c830e83d34a4d19b
SHA256 cf6666d1b477b846e7f9b1e2133ecd7a0a855c29a199c1a93a7aa600ea4398b1
SHA512 84ec8eb47624bd944f0a78e4f6cd34481bdf1aea2eef4f2205cb08b5ba588d2cdedde5ee76409a54f07c6bc8657887a726c99f9433d41b268d0fd9e0f61d7376

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4d7907f2-2969-4360-b22c-946ef5b03649.tmp

MD5 a8785d54623b5d699c368dce42b6af41
SHA1 aa300824debce75bc7b3b6084bc3bed2e3e8f34c
SHA256 7455f932024dea43e13d4c92e14eb689ed26c18dfb632abe05e0ddee3f424cf0
SHA512 eb9e6ed57a95907d64ac9b08925c6a1d1290d7400789149b430298fb5a10501415e4a6dbcfd04b15d0d74ddec30712e24c87c3414a28ba9d4e74e116762f83d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b4

MD5 bfa80e308d40f4a9eef64f1172f6d161
SHA1 63661dc64469d3311ab8e5161625c4ec3827d8d8
SHA256 6e4da0415f0b7f3648e2993634db3b02cd0ba08e55003827cf9193dfeba89bc8
SHA512 953841ef0eb20a68ef40c2513d6db7fa3d530065b0d626c805ca3cdbfc9ac58cfc0d65b588968c21db07161f6284ac27953cb531fed3f090c92f1d4134db898c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 66a7854e59cee0a2f18ec44d878a2258
SHA1 c74703166d6093f5d69763da3c51c646c5948bdb
SHA256 abeac772be56afeb0e4048f7e37f9fd1a600331541f0a16d6d2d63472f2268c3
SHA512 b7578ae9b87c3e669fad0ad8bc81772fdf6257f39cd95a9d6b1f2664ac09c31cd67cf7ac65ea60f4f3e89da07bf5ff37e353e68b1afce454a4997519f2d267e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c25c62b3f9a94d28b7ca2e5a1e810644
SHA1 4ca6644c7fddcb0b8956b275b977aad66530579d
SHA256 52a139c8f4c7a78b2fa252174f450774646f1f5b01038ad72194fa1bada4fb48
SHA512 627f0ddb78a849de427a6feab9a5db2c16cd970dffb9f280a4cc66c3df74b58ccc5a27c693817b4f1197ce86264818f33c50f74011346c65f772c4c0fd14f97e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 630f9beec4d3026769ef47ab366c3d1e
SHA1 e8ff021d85d1b29e31beb0a73b71856bf5a3b545
SHA256 7ed43aef9991e15a6168e18d6cebbcd2457cfe1a80914593dca5198edafe3513
SHA512 94ab7b941c364e5c0aa5d5864bde4ca08f2535a5d824bec83034ebca21c8f93edede27247c1c4ed4b4539ae4bd1113a80149c153a3ceedea11ed9eeab4f85baa