Malware Analysis Report

2024-09-23 18:03

Sample ID 240430-tpazxacf36
Target 1_R-bNQuTbgcQda15zyXeMpg.png
SHA256 2686676de2878920710d925c2a94afbd2bc9430f8f946190a5fb92425f797f72
Tags
qr link
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

2686676de2878920710d925c2a94afbd2bc9430f8f946190a5fb92425f797f72

Threat Level: Likely benign

The file 1_R-bNQuTbgcQda15zyXeMpg.png was found to be: Likely benign.

Malicious Activity Summary

qr link

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

One or more HTTP URLs in qr code identified

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Gathers network information

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-04-30 16:13

Signatures

One or more HTTP URLs in qr code identified

qr link

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-30 16:13

Reported

2024-04-30 16:33

Platform

win11-20240419-en

Max time kernel

1188s

Max time network

1197s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\1_R-bNQuTbgcQda15zyXeMpg.png

Signatures

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\SRU\SRU.chk C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\SRU\SRUDB.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474490143-3221292397-4168103503-1000_UserData.bin C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\NDF\{567F4AE2-2D23-4520-BD62-F1E36355D579}-temp-04302024-1615.etl C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\NDF\{567F4AE2-2D23-4520-BD62-F1E36355D579}-temp-04302024-1615.etl C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3b00ac6d-86bf-491f-a6f2-10aa51412b93}\snapshot.etl C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3b00ac6d-86bf-491f-a6f2-10aa51412b93}\snapshot.etl C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\SRU\SRU.log C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\SRU\SRUDB.jfm C:\Windows\System32\svchost.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-1474490143-3221292397-4168103503-1000_StartupInfo3.xml C:\Windows\System32\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk C:\Windows\System32\svchost.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msdt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\system32\msdt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\system32\msdt.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\msdt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\msdt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\system32\msdt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Windows\system32\msdt.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\msdt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\msdt.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial\Default C:\Windows\System32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" C:\Windows\System32\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" C:\Windows\System32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Windows\system32\msdt.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\sdiagnhost.exe N/A
N/A N/A C:\Windows\System32\sdiagnhost.exe N/A
N/A N/A C:\Windows\System32\svchost.exe N/A
N/A N/A C:\Windows\System32\svchost.exe N/A
N/A N/A C:\Windows\System32\svchost.exe N/A
N/A N/A C:\Windows\System32\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\svchost.exe N/A
N/A N/A C:\Windows\System32\svchost.exe N/A
N/A N/A C:\Windows\System32\svchost.exe N/A
N/A N/A C:\Windows\System32\svchost.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\sdiagnhost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\svchost.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\svchost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1504 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\1_R-bNQuTbgcQda15zyXeMpg.png

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff831643cb8,0x7ff831643cc8,0x7ff831643cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff831643cb8,0x7ff831643cc8,0x7ff831643cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff831643cb8,0x7ff831643cc8,0x7ff831643cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2040 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,16033194954692503989,982061481834814840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Windows\system32\msdt.exe

-modal "328200" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF364D.tmp" -ep "NetworkDiagnosticsWeb"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 /prefetch:8

C:\Windows\System32\sdiagnhost.exe

C:\Windows\System32\sdiagnhost.exe -Embedding

C:\Windows\system32\netsh.exe

"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

C:\Windows\system32\netsh.exe

"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman

C:\Windows\system32\ipconfig.exe

"C:\Windows\system32\ipconfig.exe" /all

C:\Windows\system32\ROUTE.EXE

"C:\Windows\system32\ROUTE.EXE" print

C:\Windows\system32\makecab.exe

"C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5736 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d0f84c55517d34a91f12cccf1d3af583
SHA1 52bd01e6ab1037d31106f8bf6e2552617c201cea
SHA256 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA512 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

\??\pipe\LOCAL\crashpad_1504_KSWEIHFLSLOQEEXR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f7286687664135dc43d93ba68d67b17
SHA1 b98255cd4e38eeb381a5e581a8915bdaba386878
SHA256 3ea2e921475b5d0868155518f4f55920fdeaf683595016fca178df9fc6922916
SHA512 1313ee74a1bbd8de7e582633d2ba9541e294f0e98f8626f794bcbe825ea0fe3ed8935fca05edc37627cf870cdf41778ac7199ed5467452ec336c28651d0eaede

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ade01a8cdbbf61f66497f88012a684d1
SHA1 9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256 f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512 fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 08a8355f8a975c81ba2ca027ed81ee82
SHA1 f6279d017e8e22f7bd7bb3a871c42533a4630061
SHA256 cdeac19c9821623f88d5b81faad5101dd86586cb22e18ed24abbbc8c33ffb4df
SHA512 ab64d4d90481a8fb4bacb66ba0b480cc2a7c716689cd877de455e586f10a64dbfc5ce7a29584ccf42fd8f9c809de4ba4be72c4d3b5de5ef205f852c13592217f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f2b3e6af294560eee29e92ed4c585cef
SHA1 aaf5473c1c95e17d54c344874796bf3a986f4ced
SHA256 3e5e77a1a0d61f2a352858c36bcc3863dc5917e1e41931f6a1f509b83cb15d61
SHA512 b7c000b2f9d7fefad670e384e078b29f88aecc8ec3c7ff32c01f1d6a509eec8e1004e42459073510828f97ea23923700bab501127ac7a3cba35ac2d3e8e3a77e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a91056e8cc64e16148ad8717cbd3fa28
SHA1 181e7a758986d2a49c5be5f8d96f56dca7a27234
SHA256 4ac31488dd0ea02111ae522ce2db7c0bc8a7d195ea6e9f92f319220699141812
SHA512 8a2e8813d46fd8a6d7a22192b21fbedd8207797c8f8087e6920370b8391e5af052a51594a22b2fce9a3870dbc9edf09ddf1d3a0413ad031446592b14eedd7b83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 e283842dcc20bf1975494132d8354522
SHA1 d312f7c027993a9303defd1631912be81cab95e8
SHA256 b7ef2539730b6975a98a25b4cae7d3517cad07708fedb21c835305c867c4b6c3
SHA512 146578273132a58c5b84b1625ee4dd1033f732886b2684852b68691e4fb8f0fde1b222a336667533a258eef75a50573b0ab74268455a115829a472b99782184f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358967235290933

MD5 f2de5eec93a3e355bab9dfb7c994c424
SHA1 c591844fa27e03127312f742f6884db08bca8dc4
SHA256 364382026ebf17e7cd2822cae87e8c34fec188a3940ab9e5107c3865802d6941
SHA512 f85253b13f301c6803be07d7ffa7145cbabf96be459ca1117e3a3867a517c9bbda481d720cd3769f0235b7f62a515f15f05caa258192bb20dd77816d016839c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fdfaa1d534a7dd776c4a6404080e89d
SHA1 5371aa7a7b02515837f0954448129846dfb6085f
SHA256 d6309f6cdc0108834e8b773160634a11111544ea31ec1e0deb79d9d6b9b53ea5
SHA512 485a1af99ed4c49fa666e83680de6fbbd379318848ae17f2143fc0ff8784da8cc9b35187a6bcb82133028bbb55a185c8011fe4b68c923d2704514fe67d8b315e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 c6f886444cfcfa046056b5ff59a81de8
SHA1 64997648a7dcfbc9fbf42c1813d8c0ba68a38d9e
SHA256 b6667f6e0629f3f8797809275271ae7d3cdcb6234b5c9802835aacd1621ba382
SHA512 15b463f8bed1c3e6b5ac0dfaba5be8a89cdb111e44a126fa9c1592049aba45017899100502cb99bc98875f6905d7a9e682a0dd664cadd674efdd46ad79addd0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 a5d413f75be2598334aef6c1931fdca4
SHA1 ba2311ff34bfab63baeb5b0659506ea1e09f7a00
SHA256 d6f6ebf99ed021cc734cce8c788414fca40453e1650dad4c8aeba0997e7f5550
SHA512 1b7f85fb9167e8c2e8a932f6163658a8dabd7be2b8ee920ad8f4352ed0603a39eed2b5866bf7cc218348e4dfc1f6930a6cc6d84e191cc6dcadede3e73a226e6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 a559499fb812572bab2b937525bb60b2
SHA1 c5c78608af32b3335e788b08a5a81432df7e76e4
SHA256 f418e9e0da4870a4c4d2136e57d910441311cf486646da910c38a589968dcdbf
SHA512 c2486b44eef0000ab6de02211db823409e08556645e0aa4c7165f5964d1be25c5d1d030d934a8e08cb1450fdd3f25d6ff15a93dcabbe728da6fd23d555630f4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 cfcde2ccdb46e49203598b87d60616b5
SHA1 be2ec443bc6627b2823c34e5b67d600fb607b373
SHA256 7868fc048bea92132315a9086a4ed91330f59fb9ab1b38eb992f8892a96ca945
SHA512 9a7fada268e8765d1860df97e1496619c9dc87d7cbc3269f4761340e8340f15b7d9861f43751bdcdfd6f036f3bc658ff38e6629328ce0276171979991b04a88b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 63ec18074268cdc1db07a3ac59f9af70
SHA1 51dfd14c684dbd3b054568b6fe99b7d45e2a9433
SHA256 7ac628c060ae081875ed8867c2fd36f99fee1be58ffc4a1e9e62057340e92213
SHA512 fcee79a3ed511099cc2b952ebf77f46b42e4e8258190916bc74bbe579289b20a212c3e3411654f399747c75416f86854d815af0bde96d7bc3baf243e95908173

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a66efaa590a0d16b1874a35836ba0a4b
SHA1 bb750c61e162420271f89a90f2b58f43587680e1
SHA256 b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654
SHA512 2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ca2ed81b874f610862c800b377ae71b9
SHA1 48e4641b23300488f30131c289e5a8c8e1bf53fa
SHA256 ec31efe9853df22a2a13822c82404ed97e3875933b785745e7c6f750c238e0fc
SHA512 67c525367864e621287540f2cdbd172cce1cbd4b2861e1809ddc8930a1e1481dd1052ca0b4f218031dbc1a1f13af04f649970744b606815364a9022322d4eeb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 a9851aa4c3c8af2d1bd8834201b2ba51
SHA1 fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256 e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA512 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 097401eda5e4e2449df7e40173402d67
SHA1 1beffbc20bf17b1bea264318e19e932bb0bf4927
SHA256 48478e5bd14697b2e1bc5bad7066556f8b0cd2cb20501558efba4f7111be81b3
SHA512 016f8309e1e18b0baf79710e0c8bf6306f90f0d2cb377a10c5536b2eae3ea8be73d4c8c52584ae1d92708723057d05f8169e691d0d16c8c9bc606dae5ed0b7da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 f4d7def6888943714e679304e7bb93ee
SHA1 853c73c92910f2fba97724f1caf3197ec11d2ec4
SHA256 840bfd9cc485eb06274465dbea41b4c490b8604878bd5d6146162f4b5eb26529
SHA512 4a54614cae588dbc4035b2133ac3e792cc63e018cb22d1c62f3f56d6de6503742362c9d98c02670c1388daa15b7fa04c7ba3b8fb6e187ced791d6db2a559fa16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 9adac4bbc11a8a98c23cd2859330b6f7
SHA1 29d5345a7e09e2cb15131a4eaf145c8ed4778641
SHA256 c071931d93dbffe936a0498adadb145934d63152aa14618b2dbff09bba6fd3ae
SHA512 36591ed3913d42be2197df2777ec1a103307d0e1b4b421bff7da7f94a9fd76206661316d2e58631881aa40ba5d46eef021b33a2f06ee699214d9188168a6ad2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 51a2cbb807f5085530dec18e45cb8569
SHA1 7ad88cd3de5844c7fc269c4500228a630016ab5b
SHA256 1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac
SHA512 b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 450817a5ef8f58aa850f1ea2a9c2b474
SHA1 bdd704e550f448ce1ed6d05598d68f7e763f92b6
SHA256 8061b00bb065d8e921307e7c258e2ff1b2e18559a794d74518d30f582cd21b92
SHA512 e38d71f890dd56454187160ba79bc101d8732bbdbfa6418cba48f3bd1d964b0db64d2bc5d6dc9f4d25983d2c0330f6a4fae53395deb86ddef17c066e77a48d43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 bbc363292eb1d80aac9ee2ecc8acfac6
SHA1 d7e2fe322d563e765f1253b6f9f99adf568d2aab
SHA256 1cc4c8ffbc5ae1ecc4b69c62e3ad592749b570a5bbfca78a1d6b982fcd7d49e0
SHA512 c5d88a50f0413d27cabc0d8cf85158b7fa48208acce6df4a0dc73bc585a2300db60a33102bdb5cccd545ff077d747d04a91bc2c5e47db89ef25e819832ba370a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

MD5 ef9588ca82f853399e5968af99985e74
SHA1 80d9df4f75c3e789ddf10584d9ff9de2b6154cb0
SHA256 9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5
SHA512 a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 75a007699f8964c682046970b4157c3d
SHA1 349778a6b4a188418d44d7646a30a6d8f28ffafe
SHA256 ff1092b4bfa21f16fa4e3e28442ec5424870682219af0fdc4a06798a928ab859
SHA512 a5b5856d1aca386f9b48cc1058ea3cf2f7037bb1d3698d7c018d90ea7ea3e6032705ed5c20f9c2e62bd636f67a7bd66288b26b79e66cc27bb7f623c505916053

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 57818b6c7033b3229bc6fff1dbcd3e24
SHA1 26ca1a9f6d8078802e8cef64f4db13fe295aa263
SHA256 598a222b49879f517470b44b3a6ca1961f9ef898d6b22e71d27487caad11b535
SHA512 fa0b8b930eaac1824564c8a2797001c6b3dc3d4d8ccd92ed413320a3a74e005fe6530ee54661c4613e7aafd18c93a8551f08f15dcfcb9178f2c532e8bdc7f7ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 37ceffdba07562eb9b0afd547b614902
SHA1 1a7a9d49bd6eb5853446def94046d984fbe30654
SHA256 083bd88a9817f23a77d2c09a1a09b87df4add2def88a2bad2cb4a2b4d3adcbae
SHA512 f5303a7d78eee32b8b7446dd0207a7e03b4f936d8eaaf363f4ad3adc73db0b6a581460f50565da9627a38d2e8f84f3bc2dda0e5024894117845fb544ad13f18c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 d059efe6c20a18ba70c19c2716ae6bfb
SHA1 01fc38ede84a8f4ca46cb31c684fc133b2a75c5b
SHA256 7155f9ed16635786312a37337a1770af96cb8690274883110b60334feb007bc5
SHA512 164dca3a913b014c1e3f1af08116dd6ce16ca2e33e835bbee04d7f3f2be9a7b43f18bf59a31f5414442b8ca715516a2f122084a0ad4e6ce79a83c5e225002f4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358967235177933

MD5 efa81f9c05f96dce0e652f6f0f9fcc37
SHA1 070f580be9e228c0a3e6e1c1d294f68d7bca125f
SHA256 254bb44439d9e56c07b75a19f85f01852f763d203c44f0ce1f10b685bf425c88
SHA512 e7d2a77e8c97c9db06b7d84f729b2b418b204629700673631f33f51e6121b9fadd1ec492a09c921e423b3f636c383a29f253cec10446482699861a996add7209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 f3077a7b9750575bfdd7fbc26c34b11c
SHA1 0dcffd895c4efe075c72494b9a379f950b12274f
SHA256 b23e61c79971d9ac780c4d7f88bc72ee7c7c7caf6bbe5cf09535f7777be36f89
SHA512 b50eb77a209f6517b088900950126d70377ecb6729b60517c97b0691df2e33452d54610c2d776af0343a0dd412a14b53787593b27ea5dd274f9868323bfa808c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

MD5 1148e3119f5e0329f183fec12d49f6e4
SHA1 c0431f95cea8c92b7df2a3083ed4d560ce36fb56
SHA256 5e532a32bbcfefea21edc475361248d993633f51ad25a1698d51f9ab2178310b
SHA512 4df527c49d52ba8c1d22672e7169b297a9247c9f8e6d7a70a7cb193d2f877e5a7f4dcb4f8c00e8a61c4fddd621ff9f3436cfcd64cf1f883c73e7a2a355d19cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

MD5 031d6d1e28fe41a9bdcbd8a21da92df1
SHA1 38cee81cb035a60a23d6e045e5d72116f2a58683
SHA256 b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da
SHA512 e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

MD5 a397e5983d4a1619e36143b4d804b870
SHA1 aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA256 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA512 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

C:\Users\Admin\AppData\Local\Temp\NDF364D.tmp

MD5 a9e92c50084c7d056e4a6b76677aa295
SHA1 5307c3d356a57f1f074abdc0743ba9d33c5062c3
SHA256 fcec1b1431322148abc8157c8cfcaaa7da3d8df971e91a3ed26790813b877638
SHA512 70e78f42d4bc51c4b30d61c88ff5593da42c58d3cceb5c1082619a9ca0af460e600e496c41a0a6163e06eef853bcd51df19278c6e3409b7edbec50574ecb9e9e

C:\Windows\Temp\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\DiagPackage.dll

MD5 ec287e627bf07521b8b443e5d7836c92
SHA1 02595dde2bd98326d8608ee3ddabc481ddc39c3d
SHA256 35fa9f66ed386ee70cb28ec6e03a3b4848e3ae11c8375ba3b17b26d35bd5f694
SHA512 8465ae3ca6a4355888eecedda59d83806faf2682431f571185c31fb8a745f2ef4b26479f07aaf2693cd83f2d0526a1897a11c90a1f484a72f1e5965b72de9903

C:\Windows\Temp\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\en-US\DiagPackage.dll.mui

MD5 44b3399345bc836153df1024fa0a81e1
SHA1 ce979bfdc914c284a9a15c4d0f9f18db4d984cdd
SHA256 502abf2efedb7f76147a95dc0755723a070cdc3b2381f1860313fd5f01c4fb4d
SHA512 a49ba1a579eedca2356f8a4df94b1c273e483ceace93c617cddee77f66e90682836c77cea58047320b2c2f1d0e23ee7efa3d8af71e8ee864faef7e68f233bec4

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_haeh2vbr.hks.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4404-612-0x000001D9E8F60000-0x000001D9E8F82000-memory.dmp

C:\Windows\TEMP\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\NetworkDiagnosticsTroubleshoot.ps1

MD5 d0cfc204ca3968b891f7ce0dccfb2eda
SHA1 56dad1716554d8dc573d0ea391f808e7857b2206
SHA256 e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a
SHA512 4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

C:\Windows\TEMP\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\en-US\LocalizationData.psd1

MD5 91f545459be2ff513b8d98c7831b8e54
SHA1 499e4aa76fc21540796c75ba5a6a47980ff1bc21
SHA256 1ccd68e58ead16d22a6385bb6bce0e2377ed573387bdafac3f72b62264d238ff
SHA512 469571a337120885ee57e0c73a3954d0280fa813e11709ee792285c046f6ddaf9be5583e475e627ea5f34e8e6fb723a4681289312f0e51dc8e9894492407b911

C:\Windows\TEMP\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\UtilityFunctions.ps1

MD5 c912faa190464ce7dec867464c35a8dc
SHA1 d1c6482dad37720db6bdc594c4757914d1b1dd70
SHA256 3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201
SHA512 5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

C:\Windows\TEMP\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\UtilitySetConstants.ps1

MD5 0c75ae5e75c3e181d13768909c8240ba
SHA1 288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256 de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA512 8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 162e48a077c2f7900fee148472a38aeb
SHA1 fa99fec9d1ae4f7a18f32ef612b9368e34b4f8ef
SHA256 479a59a9787c8e5fabde5e97f0a0122bb690d2e5d98e67168731706f2d7f2a7c
SHA512 c8c79b5622fdc579b19c781f4c81645ceb29169367324a4e41dfffaa6dc931ba073c8e0f426a207f7ecba7f5ee0fb585c12ffefad51343319faef836c95d4ed1

memory/5308-635-0x000001A6DA1A0000-0x000001A6DA1B0000-memory.dmp

memory/5308-632-0x000001A6DA170000-0x000001A6DA180000-memory.dmp

memory/5308-639-0x000001A6DAD60000-0x000001A6DAD61000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 daa1f6f017f88511f5f663caf433280e
SHA1 232a392e8d3c240e5ea281f89bce58775bba3948
SHA256 64390d1bdb83944b24f34a589c887665794da8c63f95bbcf1507a55644cb64bd
SHA512 3f46024141c529d1b100229a456ba75782ad63e1789d045b1987cd5c8685c8f33843d47fb10382190401fb702692b2c6a8e1249c18e7f6807773c15ec48d3611

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a0b1c4ed86540cb906e9fd18ee392054
SHA1 9e1c74692316988a678faeefdfab355fb35873b0
SHA256 74ce43d529d43f36759b53d8e7e6cbd30558cedabb063e842763259d831c9ca7
SHA512 df7eecc6bbe01e0405d6d792d43a9278cfdb6c33dba6d464dfcf7233235cfbf185aa5e599accb29fc3ec0a2382ac5ab19fd7b70a41c41c1db25183efacac7899

C:\Windows\Temp\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\result\567F4AE2-2D23-4520-BD62-F1E36355D579.Diagnose.Admin.0.etl

MD5 af8a78bddabca87ec983cac9b53c3297
SHA1 1e78997177df46f4a72d3b16779d99462006bf62
SHA256 27c3c9dd8f1296ded9abaea969a852382ad808c0041cf7243e17267000eafced
SHA512 874c556459ae90d760d1ce557b12d47b3d97d4eb82026008d02c622313534c443dd7ebb44d943750d1135f7573801c2e2f29a7c2005f5cf7e21deaa7189ed1d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4bf1159e7614a3b7d61cd9774af7b2b8
SHA1 a9c5d19594deee649152b9d8cb5f9b078858560f
SHA256 18d7ef14fea1b91653ea630b4ce749c17cad850fef69bad014bd1d3f80ce26f2
SHA512 ea4f8d04efc7b7ebcb326d285db44175962f9ad6803a6802d734a9e274c19fa8eb89014a63902b923548420adbf75bb925b17c8e228a519d28335eae856657c9

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024043016.000\NetworkDiagnostics.debugreport.xml

MD5 65469c2b56ee68c587b21ae5970a424f
SHA1 57f594976a9c3eda1836aa9329e564467ee4a391
SHA256 30d172591611b2ca970306003d6488ef04ed4dad8ab14fe4c1c0301229814004
SHA512 f932a52d5a8f1a255813811efa9ac48bbf91c01c90838906f137d9e611ce40a461b640608d7f76fc267c39bfbd5a070092ac690f041df894e8abb35d43d1bdbd

C:\Windows\Temp\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\result\NetworkConfiguration.cab

MD5 caa36e0f5302c6f2ae8eaf54b0779143
SHA1 645bad7313dd47e17d78231d27b7bf2d52dee065
SHA256 0a2b29a018b87353f0fb3f8854dd8fbb595db45c1b0d5bea8af55d1330a88297
SHA512 df8e563c8faee2dd8068a251d541b87a307adf0cfe83035a33fe2e25d65e4d44002812268c93358ab5ecc855b6760d84597e13f3d02d3d948f3c845dc8e507ea

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024043016.000\ResultReport.xml

MD5 e0d504ccc4f5f5c5767561f0edbd9600
SHA1 97d4df5f0bd1493f61be2bd089ad41af2c554f7f
SHA256 f89f1d94cadc549e2d3536a5d1912eb2bc0e6dff9d7c2508255dacc1b9a187a1
SHA512 b303de3c29e3ba0464c5d6fd157bb249105391ef6211f97c990a2b5a9779a842c7186f38dccfd55078a68506fd74b02f09d99bcf9039325bfced241a0cd60a8a

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024043016.000\results.xsl

MD5 90df783c6d95859f3a420cb6af1bafe1
SHA1 3fe1e63ca5efc0822fc3a4ae862557238aa22f78
SHA256 06db605b5969c93747313e6409ea84bdd8b7e1731b7e6e3656329d77bcf51093
SHA512 e5dcbb7d8f42eabf42966fccee11c3d3e3f965ecc7a4d9e4ecd0382a31c4e8afea931564b1c6931f6d7e6b3650dc01a4a1971e317dab6c1f03932c6b6b7d399f

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024043016.000\results.xml

MD5 44b0d8d3e15140aded6a8008bef034d7
SHA1 b7a1ad2eab3fed4f5ccbb6edbfc96cc591378667
SHA256 4094471747b4b5bad9230666f383dc2542c81ce4719fd3fa7083aa3975c82ee7
SHA512 2669fa667f0c1052051cebd0a2d0dab499eba85d186e0ad22b79f2599a6ced195c6ed047be0f8edb1c942445f9c497c2638807c1599db643bc49aeafc57d35fc

memory/5308-926-0x000001A6DAE80000-0x000001A6DAE81000-memory.dmp

memory/5308-927-0x000001A6DAE70000-0x000001A6DAE71000-memory.dmp

memory/5308-929-0x000001A6DAD70000-0x000001A6DAD71000-memory.dmp

memory/5308-930-0x000001A6DAD60000-0x000001A6DAD61000-memory.dmp

memory/5308-932-0x000001A6DAD60000-0x000001A6DAD61000-memory.dmp

memory/5308-935-0x000001A6DACB0000-0x000001A6DACB1000-memory.dmp