Malware Analysis Report

2025-01-19 02:22

Sample ID 241212-l62j7azrhv
Target https://rutor-24forum.at/
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://rutor-24forum.at/ was found to be: Known bad.

Malicious Activity Summary

discovery

Browser Information Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-12 10:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-12 10:09

Reported

2024-12-12 10:11

Platform

win10v2004-20241007-en

Max time kernel

100s

Max time network

104s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://rutor-24forum.at/

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3180 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://rutor-24forum.at/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8343846f8,0x7ff834384708,0x7ff834384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8235948973235790847,10330474877156574389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 rutor-24forum.at udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 172.67.146.49:443 rutor-24forum.at tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 49.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 168.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 image.limo udp
NL 178.62.207.180:443 image.limo tcp
NL 178.62.207.180:443 image.limo tcp
NL 178.62.207.180:443 image.limo tcp
NL 178.62.207.180:443 image.limo tcp
NL 178.62.207.180:443 image.limo tcp
NL 178.62.207.180:443 image.limo tcp
US 8.8.8.8:53 i.postimg.cc udp
FR 46.105.222.161:443 i.postimg.cc tcp
US 8.8.8.8:53 180.207.62.178.in-addr.arpa udp
US 8.8.8.8:53 i.imgur.com udp
US 199.232.196.193:443 i.imgur.com tcp
US 8.8.8.8:53 161.222.105.46.in-addr.arpa udp
US 8.8.8.8:53 193.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 i.ibb.co udp
FR 91.134.10.127:443 i.ibb.co tcp
US 8.8.8.8:53 127.10.134.91.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 plausible.io udp
GB 79.127.237.132:443 plausible.io tcp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 abt.s3.yandex.net udp
RU 93.158.134.158:443 abt.s3.yandex.net tcp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 79.127.237.132:443 plausible.io tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 currencyrate.today udp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
FR 216.58.214.67:443 www.google.co.uk tcp
US 172.67.74.83:443 currencyrate.today tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 uaas.yandex.ru udp
US 8.8.8.8:53 155.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 83.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
RU 213.180.204.98:443 uaas.yandex.ru tcp
US 8.8.8.8:53 98.204.180.213.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 172.67.146.49:443 rutor-24forum.at tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
FR 216.58.214.67:443 www.google.co.uk udp
US 8.8.8.8:53 dohuya.love udp
SE 95.215.19.22:443 dohuya.love tcp
SE 95.215.19.22:443 dohuya.love tcp
US 8.8.8.8:53 platim-dohuya.cash udp
CA 38.153.122.167:443 platim-dohuya.cash tcp
CA 38.153.122.167:443 platim-dohuya.cash tcp
US 8.8.8.8:53 22.19.215.95.in-addr.arpa udp
CA 38.153.122.167:443 platim-dohuya.cash tcp
CA 38.153.122.167:443 platim-dohuya.cash tcp
CA 38.153.122.167:443 platim-dohuya.cash tcp
CA 38.153.122.167:443 platim-dohuya.cash tcp
US 8.8.8.8:53 167.122.153.38.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
CA 38.153.122.167:443 platim-dohuya.cash tcp
CA 38.153.122.167:443 platim-dohuya.cash tcp
CA 38.153.122.167:443 platim-dohuya.cash tcp
CA 38.153.122.167:443 platim-dohuya.cash tcp
CA 38.153.122.167:443 platim-dohuya.cash tcp
CA 38.153.122.167:443 platim-dohuya.cash tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_3180_CJEPIFYSMCYWATPE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2419e563ab26346e79402e2baa48507
SHA1 2509ccef4b96b52c2c3cceb8ea4a640c583cbc8e
SHA256 761d90f64a2a0c703c48e7bc6708a974f655f4f0701f2f153769dddb65f51566
SHA512 600d98b78fc0d08d2e83e465aa34a6cbcd83604f39704e1bc06fed8bbbd8a524224ddc30136903ec8b7041a7dec442664ca1a943d69b488e0c7263f7f24d1dff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 13c3ee1af7336d2b985bdf4f5f269ffe
SHA1 dfe75b2da2c41bf8cc181c3a6380be26dffabf8c
SHA256 ee2ba15a3406f09b0b3ff1898f8514bf9bbeb5240fed838f91f13a5eec7b15ca
SHA512 b831432eb3519496604b51d1519a9788c4ced5883ef570d3e6ebc17baa38d1f33772ba873189e820f4c29ea125bb0ad781f1e9aab448038e98c799b66459c077

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd3933e325e72ec3bba9e0f97e37f63f
SHA1 43865bdf9770686598e82198bebd9140fd7ecd8d
SHA256 9eb933744e5c6471cd5cbc2fb9f9a3ca8d97aa13b8acd1a59808bacf223ab80c
SHA512 c6ed69db9e72f374b92f93f1ff632a13e032cf2318e13ff7dbb85db3e41f44854c4980aceb2ee71521c08c6295cdc72fd3d18b9197ad61e225d1b809316cfe74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 ffb0983b2d4c7c9cb86c92a37d6cf424
SHA1 23d463ab2c23c49f28389cdea07ba4ab0c8be59c
SHA256 5b6563e62cc707a905124101b870b51f3a6761470ac67057c0d82495575af860
SHA512 2f4fb681adb1ce828c15f32411dcc3b045b82da981f32274307a6264c7f3bbace275f0a6f5687a730a3d530aedfd11424ad87c0c5cbca5b40c9649f035b6a887

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60da4c7229da0d74888fe1c9994cd37f
SHA1 13e252ef26f256b2d8ee87cc67ee4a0ef639b199
SHA256 d3d6a3da1eef954d1dec77c1ddabad2f9706005aab60d8141e8457b179254ccc
SHA512 693124400b2176d71406e2c5a6aaef64a55e85d83f0ea78683d8e5262812545773ebc05af2056b00da52f5fd2ba4e120b1292de2a76da66a2a88fc6fe4dd9ced

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ea92ad8f1afa03892bc59a291680d75
SHA1 9a40f03ff8807f84b3017076cdcf0b67610ddf40
SHA256 47b93ec3742455a5973b63c782e3c6e56ec377e46f061c234010b296d0b6ebdf
SHA512 9f18a214e52370baf136eb3fda593385c04d8f44872faa00d7fb595007e5bf63337ca2b760a902ea6b472a5a9156462fba7d82094866bb492d04904b4657232e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581930.TMP

MD5 080426393f1d2002683d0b47d298e869
SHA1 80031b79a2324b67b6ecf2ab46833da759a38a2f
SHA256 4a4a8dc046079310d2273b3e3514299a774c925b2958b9c6c4214355c93377e9
SHA512 c5179ffdd08f75afc0403a28262581ee5d9b73b96f36b472404492314757f61982299abd48cf5e7e7951abe9142971eea40e3340417389500028afed8b036aad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7047b7383534aefae504879adb797037
SHA1 0b4772077cb868b11206b3c0f6abd1b219c0d33d
SHA256 14ec75e81e8dcd02d18e7db0698a7edb961ca2f81d5c3c7f36223a9a2fd81292
SHA512 974f7f2f21796f9d61763cba7e47a7a42cfe280ce41667b2729231409fb930f4cd09fcdfa354210d8bb850c0b16e87673103a92105847893cf7ffb2c2d6a4f5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fa417f79a8933d6a2ab0f0d53ba29a40
SHA1 6bafa30b5adb583e9909ed69bcd839dbeca44a06
SHA256 5141474d6e13314ad7d9ae40e8be7852e0432e09aab60b2a2c2ec00774fca95a
SHA512 fc2f9867203272a82665e7691dd666e15ed0aaa11bb8136b71d716bfed9131769159823d2bbab5b02dc460c8e4b3404bb305df466b273e96d2a1d919d2c409d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c352c1ae2170056b63d871d7f55fb3a8
SHA1 0d1788c2eeb248e1642401f989b3b7e1f8113b71
SHA256 99242a167a2accb7270514a309a088d78fea3f466f8772276583ef388eb50493
SHA512 2de0201c4124abd5564016e41cc18f47492fd63ff0e4df9f183a0312114335b51ac5371921338550a77d4713d3b15bf7eb55d4b2223dd832a5169f99b73b6991

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584774.TMP

MD5 84adc098249f1e7c809b06391f69901a
SHA1 b57aa17c6ca60c5f0f922c70a27223036bc207f9
SHA256 5a80d52b0b556c7517c1fa777fc22caeb7e52ac9d55822fc444548470a00e966
SHA512 8da0fd537b33aa38584d940c3d2d2b723a11cb2377e39aa85da77fc1d71a11a529444a2300ce57a01bcdf2407bc10233d3cb2318aeb1eb5f5728d98b25470e95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 36b88935be470527c1c0643d20b64e99
SHA1 b70f3ee84c02f464eaa3ce4906f8bdff7f344dda
SHA256 0312151c1554a764089befe7140cf6ecdf7f786a3abfe2c672cde4cf8dc55437
SHA512 106e9d62059dc7001c7853baee498fb47ea7877d044ff2bff608ce2034a526a0a4eb334b3b777aeed8a8fa10b006c18e3ad87ea0c10b85e853de275363c92c1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5e7bf54c0cf520d56b5862eea92b47e321c0688a\399304b3-770f-4296-a76b-f0df93b9a06a\index-dir\the-real-index

MD5 8dbadc8362b8c5a3514cad763249ecdc
SHA1 f074f54cad9bfa0a9aca3a20f2f9f6fe4ba1cdb0
SHA256 e93dc8bdd127c1c26b0c527e13e669f55aec3e5f609b7451abb3938ca4cd8ea3
SHA512 3f63fbd36feaca5ffcc3272203b781f5e3e64070cf8d5f33124778f16d81f5a9755dbc56790a986d5df8aaf6df7bc8c65ce312aa0a55c49527689c62408d5f60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5e7bf54c0cf520d56b5862eea92b47e321c0688a\399304b3-770f-4296-a76b-f0df93b9a06a\index-dir\the-real-index~RFe584958.TMP

MD5 9c3ce9138bae3f0a07afd711ba5fb474
SHA1 210178b6276fd30f832e6d64e16064e1f9ff1f40
SHA256 fe0377bfd1d113a8214eab018df3bacfd14309e580ed40d8a3d7217d1518f3a6
SHA512 b4dda7578dfbf1563cad7e65f8f426d45010af77531357ebcaa3df2e1770af8e31a304971186cc764710c45359aa45ef0d0f8f6a84893489dc82d70fc886f97b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5e7bf54c0cf520d56b5862eea92b47e321c0688a\index.txt

MD5 b75aa63d6c879a8634e08bf20daaa723
SHA1 e2d8ad221c1092e3825f665613dca48457ec21a4
SHA256 b5bc7d7aa8885adee795621ff6a61f6f6fd803e1016ebd5d75775afd55e5e720
SHA512 da5e42da5c243b22c8a8087a6e9c5be91f37b23d5d561695ebee32c998b44d11fb815b5a7e7b66e514755c128fb035d909c16ec2754c7e7cc450ce6fff765ea8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5e7bf54c0cf520d56b5862eea92b47e321c0688a\index.txt~RFe584997.TMP

MD5 e77233b0429dd7810ae7c72b1735e2df
SHA1 a79d12a86b93e46d71bd43f4f83efa70e8e658c3
SHA256 995c96df4a9a74185fde3a91643a64fa720d29f37a8d5b97f1a4693d31fcb2f8
SHA512 55361713e8671e3bb10db1408a82facabdc764f4bb64dbee9de927aae9ee1401f021404dd031ed83e8b45cb5d7888c215b86b7b9f65625ec4c4ef9d44ba944a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aa8642364b092899b716a476e5d6dc74
SHA1 4bf98d18bb1af139bc26a2378d74e697335622cc
SHA256 765afa0df83f4f649d5b7c64e1c75b7dd7164da74116ac5d618d674dd9d7d91c
SHA512 4e6634f88498baf04ff6b7827ba7e20c941fac94adc4c99a40af1b054236ac8665e343187b6a81f31216aab4921cc08bd8f4042b544c3563c6d6fcb8f3b144d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d40b95d2803eaa371043bfeb997bc95
SHA1 483ed88c64b8fee4d88b8e41ad64a55d28f9d297
SHA256 ec272fd0c36b8d4b0b0510b8dbb4e5809254eefd9f7f61dcf2bbfc8332815a18
SHA512 bbe4a733dea2069ceb092a4839a834052bfd7e4a70de569578f03a6a89c63980b9a9a9f3c7f9e8319d6b6a31e31cde27800a6786cf5ef8f27312338c7594f07a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 8380faa11c5b9577d28885178bfd8182
SHA1 aeeeebad34eedf8443c12468795ea1ed7de32952
SHA256 ff3ca90df45409679f171c67b1a2f56d751fd15932ce0dda0fa66511d63eb5f5
SHA512 fd73cc3771cf2f4136324043c37b7cf043c04bedbbbb014fbe0e6d0809e3a1118c7be4eb73886ae521c86b94788ae1f5938848f40fe411db5e9f67b80dc2949a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 8c4911c1619518ada6f58ba5cc1f74ee
SHA1 003d9624d202e7a3a31096d4f733f6e5218af554
SHA256 8ee9e50ad99a562cdb2a42b939b7388ee32d849a34d50e1b21ab38792fa2172f
SHA512 6731e0a6e34096d35b51fcf346b9473b487addc6dd1c3bd4edfeeed80c8b36fb400ba00c50956ea38a11ed51b41833c5a6ba17dbe13d397b013e6bb62d552396

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 db862e73971b0745cf1824d42043477d
SHA1 72c5c503ada9ba6a6db53c98d8a822bed836efec
SHA256 3895a0f5202922cab222e33b62ea19474e6e7ca70ef8e3c18dcee601050c11b0
SHA512 dc2cfcaa84f149abc836e608faadf229589de5222bac2d40b648228bf492652dd99cabd67fe35c6fcbc792cc2670f028e273fddb5caf9f95c11a0cc8f71ebb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

MD5 d67fd8302c0694b403c9605857a302c4
SHA1 a2faa1f9931efbc46b45a00f6a96b68d9c41d8a3
SHA256 5a12b48cf5d66950fd2ea7bdfa0e27c509326f8223421c021d3771aeb1898184
SHA512 1b279358faea15ce9e0522177a597804af9c86628a12f337547c03cc5467ea2319d2e48b7c6e79c832999cdc1931da186fbe20c7418fd49398992dc4a0b8c229

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

MD5 0b96bec1c7c95174cc56e4a51ca88aea
SHA1 bd285d38640c34e7f18bd5adab208aba3a01b695
SHA256 3cb0e57d0c46bfbbfaea71e53fb41fa5fc470381d36c3902e36059377393c3f3
SHA512 a12fdcf8b4fdc6a36ba8731e27cd85317045387e8133176567a26da8388a809247595e8e83b3f8b361d7effb914d8e84875ff70c807ce463ec08434cb06845de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 acfd9751a961e1623a0353198785d0c6
SHA1 3dfd2ada199566832693029c2605d68bb1a9bd6e
SHA256 5f867f790f5dfdf44cb31f649e2b94cf9c3597839faddb95d754daa2be7e9552
SHA512 f3450e23598355b56f2bd2d667ee1e411b020235ab463c3d557fa475f30123acde66af2c0cb7e87a6137326a02c150a4f4cb16321c540440b2b369cac6196deb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 25c281c6285e3f864b1396f4f0103d2c
SHA1 8617a18ee7caa339ef999351369e52c6ea16758f
SHA256 f8d0611ae6689fccdc882cdf677a9d6e091e3f1aeb230ab47d3474e6dd39a476
SHA512 879b3182af922bea0ce332ed84814ddc9598d37c6833cb9fa2f14a02ce36bbb0b85cb15b9e55aca7e9bb77d99ffda76206f9f386ac9c2d6faff559dead3da001

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 e2bd9d9d58b055a87f28f3eb1d27bb58
SHA1 646852db7f591dee31a7b12a6b48ff64415653a2
SHA256 2d4872038e1ae5cd1a2f2db1d84216895bf62d73eb266b7714d1f5ccf5dee495
SHA512 8b5feef8b76adf96528901963fd0bcd8b1927acf32424404722b22b02e56683a3df5d0e0c90dfb203ce026f76433bc899107b4d9d8587aa2788cd45c74e2dbb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

MD5 3b1b021e5afd93fd2ae7c46e4bf0d463
SHA1 272c60cdb94e3c26e60fa2b4e9fe1d581df98ee6
SHA256 af18a9f433aea258e14ab485adf014f513f342afb34ecca02e47de583dc69ed4
SHA512 b7232568e577e8f5f389c5cc361ba1d4141548d342e04f15960a64a750173c3917b7a59142b00c434dd6a483e24ccbebe8cd54338a8659c3a3c0b6aee07b4138

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e91af90cb5015c96a26c7e6e7fae4e65
SHA1 829b7f1ef9acdd37d57a406c1c2f71825bf2add3
SHA256 77be352f9b67dac55014aad070038f595ca45d8732a68c1871f27ce8445e9398
SHA512 316a3a5a0c47ba3e396537cc5d7269dda0076990aa10f99ccdeaa3be018be3cf1eaac04d20c4e625b5ff940f9755d81e7b25689c863be515cac80b194523a2df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d61dcc0134b9c73174166cce94e483b3
SHA1 f8da2c27bd2d67f3f27a1cfbd2efe1315af48b3a
SHA256 b0c2154debb684cde6e8050d9de8c73c5bbb26bf5f59d51d92c5f94f3a6748fa
SHA512 cef5f432b9eebaced4318483a78db7077be46cd9566c8483ed68f414c356068b8ceb7cedd4ee5c61ca903db692448bd352d914aa643797fa51d0ceaf72a45c21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e3b10b77a6047be3a8b49b2398186d1
SHA1 278cd5063932212df9a272a4c289701aefa8ab39
SHA256 f0a7ad95c99ffb67988c84ad1ef3d71515e5eee78263b87c70db82997d39dddc
SHA512 b9e60f8fe18024e9def9a495e041e326456832f59a98fb11f6665c9555f863e17ec8270c2b39c5fcbe14ae8533e52d3f27e9b7c8ce806cf8b4b310cca9480555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eeec5a47473022052a9fb5e2dd729055
SHA1 fa6f42b58f223036af2ff2e2b50cc7c883be9ea5
SHA256 88cc8cf03e13d65741274017db2a8748d93027b0ea33e77689886ea576e65a91
SHA512 e2dd93037ee32c5b0e6f01987ef4f104f23aa7d3da326d0e9e85d743cc44713a09b632df232237dbbc27791175b99b8b0aeb8576ff7802e3ef441c33c941fe25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c46b66fd0be498c8ebc4babb84748dad
SHA1 191904d11df7754d48be183eb33795f0322ded72
SHA256 4ee7d4e82c9ea082ab151943ddf3c157bcd2529449e4ee3d15b446c2bbf0bf84
SHA512 69b8038409245013479a4f3243f00878dbddcc5cc3766fcf7b03aa0feca731e5648c688664ce492be9ba418193f9f81521ee316ebf31fb1bf5e3b4d28eb2e20c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc994f740d3d7a2bee06762ed661263d
SHA1 662b7b507033ffe59ff9d11d81ae534e094b2b78
SHA256 8cdffc9fd67009ba5ed0cc6c3c8c1672db33d2cefadcb65e755aaf0ca2412319
SHA512 0f4462e640a7398b1d182d9d8f4e1c55b20a1762884e9e8692088085777b5704bed2328e6d1d64ebcd86bfede802a760afae1310798a8ca4ab8d3ae59aef70ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4eb6f2ba6b3eb9471c8d0b5279e0293d
SHA1 300f79c4cd45d97eb4519a371dabb6bb17072110
SHA256 b6d697a969e5c619b21e6a53803d3081de8bd111933030a9cff332c1abd62144
SHA512 a4ab1c4404aeac40227aa334b33c903b375c5904bff584d1c39246ee2596e9c40fa5d15746416a26d17de01a296d2877fa0d28a9c85d23ca3a1007c2e79aba9f