Analysis Overview
SHA256
2686676de2878920710d925c2a94afbd2bc9430f8f946190a5fb92425f797f72
Threat Level: Likely benign
The file 1_R-bNQuTbgcQda15zyXeMpg.png was found to be: Likely benign.
Malicious Activity Summary
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
One or more HTTP URLs in qr code identified
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Gathers network information
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-30 16:13
Signatures
One or more HTTP URLs in qr code identified
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-30 16:13
Reported
2024-04-30 16:33
Platform
win11-20240419-en
Max time kernel
1188s
Max time network
1197s
Command Line
Signatures
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\SRU\SRU.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRUDB.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474490143-3221292397-4168103503-1000_UserData.bin | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\NDF\{567F4AE2-2D23-4520-BD62-F1E36355D579}-temp-04302024-1615.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\NDF\{567F4AE2-2D23-4520-BD62-F1E36355D579}-temp-04302024-1615.etl | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3b00ac6d-86bf-491f-a6f2-10aa51412b93}\snapshot.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3b00ac6d-86bf-491f-a6f2-10aa51412b93}\snapshot.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRU.log | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRUDB.jfm | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-1474490143-3221292397-4168103503-1000_StartupInfo3.xml | C:\Windows\System32\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk | C:\Windows\System32\svchost.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\system32\msdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\msdt.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\msdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\msdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\msdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\system32\msdt.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\msdt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\msdt.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial\Default | C:\Windows\System32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" | C:\Windows\System32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" | C:\Windows\System32\svchost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\msdt.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\sdiagnhost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1_R-bNQuTbgcQda15zyXeMpg.png
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff831643cb8,0x7ff831643cc8,0x7ff831643cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12189557126990791849,6224778892822248308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff831643cb8,0x7ff831643cc8,0x7ff831643cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff831643cb8,0x7ff831643cc8,0x7ff831643cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2040 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,16033194954692503989,982061481834814840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Windows\system32\msdt.exe
-modal "328200" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF364D.tmp" -ep "NetworkDiagnosticsWeb"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 /prefetch:8
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
C:\Windows\system32\ipconfig.exe
"C:\Windows\system32\ipconfig.exe" /all
C:\Windows\system32\ROUTE.EXE
"C:\Windows\system32\ROUTE.EXE" print
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5736 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6829047208515315034,3434423971017009855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d0f84c55517d34a91f12cccf1d3af583 |
| SHA1 | 52bd01e6ab1037d31106f8bf6e2552617c201cea |
| SHA256 | 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c |
| SHA512 | 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171 |
\??\pipe\LOCAL\crashpad_1504_KSWEIHFLSLOQEEXR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f7286687664135dc43d93ba68d67b17 |
| SHA1 | b98255cd4e38eeb381a5e581a8915bdaba386878 |
| SHA256 | 3ea2e921475b5d0868155518f4f55920fdeaf683595016fca178df9fc6922916 |
| SHA512 | 1313ee74a1bbd8de7e582633d2ba9541e294f0e98f8626f794bcbe825ea0fe3ed8935fca05edc37627cf870cdf41778ac7199ed5467452ec336c28651d0eaede |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ade01a8cdbbf61f66497f88012a684d1 |
| SHA1 | 9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f |
| SHA256 | f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5 |
| SHA512 | fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 08a8355f8a975c81ba2ca027ed81ee82 |
| SHA1 | f6279d017e8e22f7bd7bb3a871c42533a4630061 |
| SHA256 | cdeac19c9821623f88d5b81faad5101dd86586cb22e18ed24abbbc8c33ffb4df |
| SHA512 | ab64d4d90481a8fb4bacb66ba0b480cc2a7c716689cd877de455e586f10a64dbfc5ce7a29584ccf42fd8f9c809de4ba4be72c4d3b5de5ef205f852c13592217f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2b3e6af294560eee29e92ed4c585cef |
| SHA1 | aaf5473c1c95e17d54c344874796bf3a986f4ced |
| SHA256 | 3e5e77a1a0d61f2a352858c36bcc3863dc5917e1e41931f6a1f509b83cb15d61 |
| SHA512 | b7c000b2f9d7fefad670e384e078b29f88aecc8ec3c7ff32c01f1d6a509eec8e1004e42459073510828f97ea23923700bab501127ac7a3cba35ac2d3e8e3a77e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a91056e8cc64e16148ad8717cbd3fa28 |
| SHA1 | 181e7a758986d2a49c5be5f8d96f56dca7a27234 |
| SHA256 | 4ac31488dd0ea02111ae522ce2db7c0bc8a7d195ea6e9f92f319220699141812 |
| SHA512 | 8a2e8813d46fd8a6d7a22192b21fbedd8207797c8f8087e6920370b8391e5af052a51594a22b2fce9a3870dbc9edf09ddf1d3a0413ad031446592b14eedd7b83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | e283842dcc20bf1975494132d8354522 |
| SHA1 | d312f7c027993a9303defd1631912be81cab95e8 |
| SHA256 | b7ef2539730b6975a98a25b4cae7d3517cad07708fedb21c835305c867c4b6c3 |
| SHA512 | 146578273132a58c5b84b1625ee4dd1033f732886b2684852b68691e4fb8f0fde1b222a336667533a258eef75a50573b0ab74268455a115829a472b99782184f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358967235290933
| MD5 | f2de5eec93a3e355bab9dfb7c994c424 |
| SHA1 | c591844fa27e03127312f742f6884db08bca8dc4 |
| SHA256 | 364382026ebf17e7cd2822cae87e8c34fec188a3940ab9e5107c3865802d6941 |
| SHA512 | f85253b13f301c6803be07d7ffa7145cbabf96be459ca1117e3a3867a517c9bbda481d720cd3769f0235b7f62a515f15f05caa258192bb20dd77816d016839c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1fdfaa1d534a7dd776c4a6404080e89d |
| SHA1 | 5371aa7a7b02515837f0954448129846dfb6085f |
| SHA256 | d6309f6cdc0108834e8b773160634a11111544ea31ec1e0deb79d9d6b9b53ea5 |
| SHA512 | 485a1af99ed4c49fa666e83680de6fbbd379318848ae17f2143fc0ff8784da8cc9b35187a6bcb82133028bbb55a185c8011fe4b68c923d2704514fe67d8b315e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | c6f886444cfcfa046056b5ff59a81de8 |
| SHA1 | 64997648a7dcfbc9fbf42c1813d8c0ba68a38d9e |
| SHA256 | b6667f6e0629f3f8797809275271ae7d3cdcb6234b5c9802835aacd1621ba382 |
| SHA512 | 15b463f8bed1c3e6b5ac0dfaba5be8a89cdb111e44a126fa9c1592049aba45017899100502cb99bc98875f6905d7a9e682a0dd664cadd674efdd46ad79addd0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | a5d413f75be2598334aef6c1931fdca4 |
| SHA1 | ba2311ff34bfab63baeb5b0659506ea1e09f7a00 |
| SHA256 | d6f6ebf99ed021cc734cce8c788414fca40453e1650dad4c8aeba0997e7f5550 |
| SHA512 | 1b7f85fb9167e8c2e8a932f6163658a8dabd7be2b8ee920ad8f4352ed0603a39eed2b5866bf7cc218348e4dfc1f6930a6cc6d84e191cc6dcadede3e73a226e6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | a559499fb812572bab2b937525bb60b2 |
| SHA1 | c5c78608af32b3335e788b08a5a81432df7e76e4 |
| SHA256 | f418e9e0da4870a4c4d2136e57d910441311cf486646da910c38a589968dcdbf |
| SHA512 | c2486b44eef0000ab6de02211db823409e08556645e0aa4c7165f5964d1be25c5d1d030d934a8e08cb1450fdd3f25d6ff15a93dcabbe728da6fd23d555630f4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | cfcde2ccdb46e49203598b87d60616b5 |
| SHA1 | be2ec443bc6627b2823c34e5b67d600fb607b373 |
| SHA256 | 7868fc048bea92132315a9086a4ed91330f59fb9ab1b38eb992f8892a96ca945 |
| SHA512 | 9a7fada268e8765d1860df97e1496619c9dc87d7cbc3269f4761340e8340f15b7d9861f43751bdcdfd6f036f3bc658ff38e6629328ce0276171979991b04a88b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 63ec18074268cdc1db07a3ac59f9af70 |
| SHA1 | 51dfd14c684dbd3b054568b6fe99b7d45e2a9433 |
| SHA256 | 7ac628c060ae081875ed8867c2fd36f99fee1be58ffc4a1e9e62057340e92213 |
| SHA512 | fcee79a3ed511099cc2b952ebf77f46b42e4e8258190916bc74bbe579289b20a212c3e3411654f399747c75416f86854d815af0bde96d7bc3baf243e95908173 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | a66efaa590a0d16b1874a35836ba0a4b |
| SHA1 | bb750c61e162420271f89a90f2b58f43587680e1 |
| SHA256 | b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654 |
| SHA512 | 2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ca2ed81b874f610862c800b377ae71b9 |
| SHA1 | 48e4641b23300488f30131c289e5a8c8e1bf53fa |
| SHA256 | ec31efe9853df22a2a13822c82404ed97e3875933b785745e7c6f750c238e0fc |
| SHA512 | 67c525367864e621287540f2cdbd172cce1cbd4b2861e1809ddc8930a1e1481dd1052ca0b4f218031dbc1a1f13af04f649970744b606815364a9022322d4eeb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 097401eda5e4e2449df7e40173402d67 |
| SHA1 | 1beffbc20bf17b1bea264318e19e932bb0bf4927 |
| SHA256 | 48478e5bd14697b2e1bc5bad7066556f8b0cd2cb20501558efba4f7111be81b3 |
| SHA512 | 016f8309e1e18b0baf79710e0c8bf6306f90f0d2cb377a10c5536b2eae3ea8be73d4c8c52584ae1d92708723057d05f8169e691d0d16c8c9bc606dae5ed0b7da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | f4d7def6888943714e679304e7bb93ee |
| SHA1 | 853c73c92910f2fba97724f1caf3197ec11d2ec4 |
| SHA256 | 840bfd9cc485eb06274465dbea41b4c490b8604878bd5d6146162f4b5eb26529 |
| SHA512 | 4a54614cae588dbc4035b2133ac3e792cc63e018cb22d1c62f3f56d6de6503742362c9d98c02670c1388daa15b7fa04c7ba3b8fb6e187ced791d6db2a559fa16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 9adac4bbc11a8a98c23cd2859330b6f7 |
| SHA1 | 29d5345a7e09e2cb15131a4eaf145c8ed4778641 |
| SHA256 | c071931d93dbffe936a0498adadb145934d63152aa14618b2dbff09bba6fd3ae |
| SHA512 | 36591ed3913d42be2197df2777ec1a103307d0e1b4b421bff7da7f94a9fd76206661316d2e58631881aa40ba5d46eef021b33a2f06ee699214d9188168a6ad2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 51a2cbb807f5085530dec18e45cb8569 |
| SHA1 | 7ad88cd3de5844c7fc269c4500228a630016ab5b |
| SHA256 | 1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac |
| SHA512 | b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 450817a5ef8f58aa850f1ea2a9c2b474 |
| SHA1 | bdd704e550f448ce1ed6d05598d68f7e763f92b6 |
| SHA256 | 8061b00bb065d8e921307e7c258e2ff1b2e18559a794d74518d30f582cd21b92 |
| SHA512 | e38d71f890dd56454187160ba79bc101d8732bbdbfa6418cba48f3bd1d964b0db64d2bc5d6dc9f4d25983d2c0330f6a4fae53395deb86ddef17c066e77a48d43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | bbc363292eb1d80aac9ee2ecc8acfac6 |
| SHA1 | d7e2fe322d563e765f1253b6f9f99adf568d2aab |
| SHA256 | 1cc4c8ffbc5ae1ecc4b69c62e3ad592749b570a5bbfca78a1d6b982fcd7d49e0 |
| SHA512 | c5d88a50f0413d27cabc0d8cf85158b7fa48208acce6df4a0dc73bc585a2300db60a33102bdb5cccd545ff077d747d04a91bc2c5e47db89ef25e819832ba370a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | ef9588ca82f853399e5968af99985e74 |
| SHA1 | 80d9df4f75c3e789ddf10584d9ff9de2b6154cb0 |
| SHA256 | 9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5 |
| SHA512 | a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 75a007699f8964c682046970b4157c3d |
| SHA1 | 349778a6b4a188418d44d7646a30a6d8f28ffafe |
| SHA256 | ff1092b4bfa21f16fa4e3e28442ec5424870682219af0fdc4a06798a928ab859 |
| SHA512 | a5b5856d1aca386f9b48cc1058ea3cf2f7037bb1d3698d7c018d90ea7ea3e6032705ed5c20f9c2e62bd636f67a7bd66288b26b79e66cc27bb7f623c505916053 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 57818b6c7033b3229bc6fff1dbcd3e24 |
| SHA1 | 26ca1a9f6d8078802e8cef64f4db13fe295aa263 |
| SHA256 | 598a222b49879f517470b44b3a6ca1961f9ef898d6b22e71d27487caad11b535 |
| SHA512 | fa0b8b930eaac1824564c8a2797001c6b3dc3d4d8ccd92ed413320a3a74e005fe6530ee54661c4613e7aafd18c93a8551f08f15dcfcb9178f2c532e8bdc7f7ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 37ceffdba07562eb9b0afd547b614902 |
| SHA1 | 1a7a9d49bd6eb5853446def94046d984fbe30654 |
| SHA256 | 083bd88a9817f23a77d2c09a1a09b87df4add2def88a2bad2cb4a2b4d3adcbae |
| SHA512 | f5303a7d78eee32b8b7446dd0207a7e03b4f936d8eaaf363f4ad3adc73db0b6a581460f50565da9627a38d2e8f84f3bc2dda0e5024894117845fb544ad13f18c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | d059efe6c20a18ba70c19c2716ae6bfb |
| SHA1 | 01fc38ede84a8f4ca46cb31c684fc133b2a75c5b |
| SHA256 | 7155f9ed16635786312a37337a1770af96cb8690274883110b60334feb007bc5 |
| SHA512 | 164dca3a913b014c1e3f1af08116dd6ce16ca2e33e835bbee04d7f3f2be9a7b43f18bf59a31f5414442b8ca715516a2f122084a0ad4e6ce79a83c5e225002f4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358967235177933
| MD5 | efa81f9c05f96dce0e652f6f0f9fcc37 |
| SHA1 | 070f580be9e228c0a3e6e1c1d294f68d7bca125f |
| SHA256 | 254bb44439d9e56c07b75a19f85f01852f763d203c44f0ce1f10b685bf425c88 |
| SHA512 | e7d2a77e8c97c9db06b7d84f729b2b418b204629700673631f33f51e6121b9fadd1ec492a09c921e423b3f636c383a29f253cec10446482699861a996add7209 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | f3077a7b9750575bfdd7fbc26c34b11c |
| SHA1 | 0dcffd895c4efe075c72494b9a379f950b12274f |
| SHA256 | b23e61c79971d9ac780c4d7f88bc72ee7c7c7caf6bbe5cf09535f7777be36f89 |
| SHA512 | b50eb77a209f6517b088900950126d70377ecb6729b60517c97b0691df2e33452d54610c2d776af0343a0dd412a14b53787593b27ea5dd274f9868323bfa808c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | 1148e3119f5e0329f183fec12d49f6e4 |
| SHA1 | c0431f95cea8c92b7df2a3083ed4d560ce36fb56 |
| SHA256 | 5e532a32bbcfefea21edc475361248d993633f51ad25a1698d51f9ab2178310b |
| SHA512 | 4df527c49d52ba8c1d22672e7169b297a9247c9f8e6d7a70a7cb193d2f877e5a7f4dcb4f8c00e8a61c4fddd621ff9f3436cfcd64cf1f883c73e7a2a355d19cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
| MD5 | 031d6d1e28fe41a9bdcbd8a21da92df1 |
| SHA1 | 38cee81cb035a60a23d6e045e5d72116f2a58683 |
| SHA256 | b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da |
| SHA512 | e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Temp\NDF364D.tmp
| MD5 | a9e92c50084c7d056e4a6b76677aa295 |
| SHA1 | 5307c3d356a57f1f074abdc0743ba9d33c5062c3 |
| SHA256 | fcec1b1431322148abc8157c8cfcaaa7da3d8df971e91a3ed26790813b877638 |
| SHA512 | 70e78f42d4bc51c4b30d61c88ff5593da42c58d3cceb5c1082619a9ca0af460e600e496c41a0a6163e06eef853bcd51df19278c6e3409b7edbec50574ecb9e9e |
C:\Windows\Temp\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\DiagPackage.dll
| MD5 | ec287e627bf07521b8b443e5d7836c92 |
| SHA1 | 02595dde2bd98326d8608ee3ddabc481ddc39c3d |
| SHA256 | 35fa9f66ed386ee70cb28ec6e03a3b4848e3ae11c8375ba3b17b26d35bd5f694 |
| SHA512 | 8465ae3ca6a4355888eecedda59d83806faf2682431f571185c31fb8a745f2ef4b26479f07aaf2693cd83f2d0526a1897a11c90a1f484a72f1e5965b72de9903 |
C:\Windows\Temp\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\en-US\DiagPackage.dll.mui
| MD5 | 44b3399345bc836153df1024fa0a81e1 |
| SHA1 | ce979bfdc914c284a9a15c4d0f9f18db4d984cdd |
| SHA256 | 502abf2efedb7f76147a95dc0755723a070cdc3b2381f1860313fd5f01c4fb4d |
| SHA512 | a49ba1a579eedca2356f8a4df94b1c273e483ceace93c617cddee77f66e90682836c77cea58047320b2c2f1d0e23ee7efa3d8af71e8ee864faef7e68f233bec4 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_haeh2vbr.hks.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4404-612-0x000001D9E8F60000-0x000001D9E8F82000-memory.dmp
C:\Windows\TEMP\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\NetworkDiagnosticsTroubleshoot.ps1
| MD5 | d0cfc204ca3968b891f7ce0dccfb2eda |
| SHA1 | 56dad1716554d8dc573d0ea391f808e7857b2206 |
| SHA256 | e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a |
| SHA512 | 4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c |
C:\Windows\TEMP\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\en-US\LocalizationData.psd1
| MD5 | 91f545459be2ff513b8d98c7831b8e54 |
| SHA1 | 499e4aa76fc21540796c75ba5a6a47980ff1bc21 |
| SHA256 | 1ccd68e58ead16d22a6385bb6bce0e2377ed573387bdafac3f72b62264d238ff |
| SHA512 | 469571a337120885ee57e0c73a3954d0280fa813e11709ee792285c046f6ddaf9be5583e475e627ea5f34e8e6fb723a4681289312f0e51dc8e9894492407b911 |
C:\Windows\TEMP\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\UtilityFunctions.ps1
| MD5 | c912faa190464ce7dec867464c35a8dc |
| SHA1 | d1c6482dad37720db6bdc594c4757914d1b1dd70 |
| SHA256 | 3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201 |
| SHA512 | 5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a |
C:\Windows\TEMP\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\UtilitySetConstants.ps1
| MD5 | 0c75ae5e75c3e181d13768909c8240ba |
| SHA1 | 288403fc4bedaacebccf4f74d3073f082ef70eb9 |
| SHA256 | de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f |
| SHA512 | 8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 162e48a077c2f7900fee148472a38aeb |
| SHA1 | fa99fec9d1ae4f7a18f32ef612b9368e34b4f8ef |
| SHA256 | 479a59a9787c8e5fabde5e97f0a0122bb690d2e5d98e67168731706f2d7f2a7c |
| SHA512 | c8c79b5622fdc579b19c781f4c81645ceb29169367324a4e41dfffaa6dc931ba073c8e0f426a207f7ecba7f5ee0fb585c12ffefad51343319faef836c95d4ed1 |
memory/5308-635-0x000001A6DA1A0000-0x000001A6DA1B0000-memory.dmp
memory/5308-632-0x000001A6DA170000-0x000001A6DA180000-memory.dmp
memory/5308-639-0x000001A6DAD60000-0x000001A6DAD61000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | daa1f6f017f88511f5f663caf433280e |
| SHA1 | 232a392e8d3c240e5ea281f89bce58775bba3948 |
| SHA256 | 64390d1bdb83944b24f34a589c887665794da8c63f95bbcf1507a55644cb64bd |
| SHA512 | 3f46024141c529d1b100229a456ba75782ad63e1789d045b1987cd5c8685c8f33843d47fb10382190401fb702692b2c6a8e1249c18e7f6807773c15ec48d3611 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a0b1c4ed86540cb906e9fd18ee392054 |
| SHA1 | 9e1c74692316988a678faeefdfab355fb35873b0 |
| SHA256 | 74ce43d529d43f36759b53d8e7e6cbd30558cedabb063e842763259d831c9ca7 |
| SHA512 | df7eecc6bbe01e0405d6d792d43a9278cfdb6c33dba6d464dfcf7233235cfbf185aa5e599accb29fc3ec0a2382ac5ab19fd7b70a41c41c1db25183efacac7899 |
C:\Windows\Temp\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\result\567F4AE2-2D23-4520-BD62-F1E36355D579.Diagnose.Admin.0.etl
| MD5 | af8a78bddabca87ec983cac9b53c3297 |
| SHA1 | 1e78997177df46f4a72d3b16779d99462006bf62 |
| SHA256 | 27c3c9dd8f1296ded9abaea969a852382ad808c0041cf7243e17267000eafced |
| SHA512 | 874c556459ae90d760d1ce557b12d47b3d97d4eb82026008d02c622313534c443dd7ebb44d943750d1135f7573801c2e2f29a7c2005f5cf7e21deaa7189ed1d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4bf1159e7614a3b7d61cd9774af7b2b8 |
| SHA1 | a9c5d19594deee649152b9d8cb5f9b078858560f |
| SHA256 | 18d7ef14fea1b91653ea630b4ce749c17cad850fef69bad014bd1d3f80ce26f2 |
| SHA512 | ea4f8d04efc7b7ebcb326d285db44175962f9ad6803a6802d734a9e274c19fa8eb89014a63902b923548420adbf75bb925b17c8e228a519d28335eae856657c9 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024043016.000\NetworkDiagnostics.debugreport.xml
| MD5 | 65469c2b56ee68c587b21ae5970a424f |
| SHA1 | 57f594976a9c3eda1836aa9329e564467ee4a391 |
| SHA256 | 30d172591611b2ca970306003d6488ef04ed4dad8ab14fe4c1c0301229814004 |
| SHA512 | f932a52d5a8f1a255813811efa9ac48bbf91c01c90838906f137d9e611ce40a461b640608d7f76fc267c39bfbd5a070092ac690f041df894e8abb35d43d1bdbd |
C:\Windows\Temp\SDIAG_741f915e-8429-42ac-a567-5cde5a457f91\result\NetworkConfiguration.cab
| MD5 | caa36e0f5302c6f2ae8eaf54b0779143 |
| SHA1 | 645bad7313dd47e17d78231d27b7bf2d52dee065 |
| SHA256 | 0a2b29a018b87353f0fb3f8854dd8fbb595db45c1b0d5bea8af55d1330a88297 |
| SHA512 | df8e563c8faee2dd8068a251d541b87a307adf0cfe83035a33fe2e25d65e4d44002812268c93358ab5ecc855b6760d84597e13f3d02d3d948f3c845dc8e507ea |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024043016.000\ResultReport.xml
| MD5 | e0d504ccc4f5f5c5767561f0edbd9600 |
| SHA1 | 97d4df5f0bd1493f61be2bd089ad41af2c554f7f |
| SHA256 | f89f1d94cadc549e2d3536a5d1912eb2bc0e6dff9d7c2508255dacc1b9a187a1 |
| SHA512 | b303de3c29e3ba0464c5d6fd157bb249105391ef6211f97c990a2b5a9779a842c7186f38dccfd55078a68506fd74b02f09d99bcf9039325bfced241a0cd60a8a |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024043016.000\results.xsl
| MD5 | 90df783c6d95859f3a420cb6af1bafe1 |
| SHA1 | 3fe1e63ca5efc0822fc3a4ae862557238aa22f78 |
| SHA256 | 06db605b5969c93747313e6409ea84bdd8b7e1731b7e6e3656329d77bcf51093 |
| SHA512 | e5dcbb7d8f42eabf42966fccee11c3d3e3f965ecc7a4d9e4ecd0382a31c4e8afea931564b1c6931f6d7e6b3650dc01a4a1971e317dab6c1f03932c6b6b7d399f |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024043016.000\results.xml
| MD5 | 44b0d8d3e15140aded6a8008bef034d7 |
| SHA1 | b7a1ad2eab3fed4f5ccbb6edbfc96cc591378667 |
| SHA256 | 4094471747b4b5bad9230666f383dc2542c81ce4719fd3fa7083aa3975c82ee7 |
| SHA512 | 2669fa667f0c1052051cebd0a2d0dab499eba85d186e0ad22b79f2599a6ced195c6ed047be0f8edb1c942445f9c497c2638807c1599db643bc49aeafc57d35fc |
memory/5308-926-0x000001A6DAE80000-0x000001A6DAE81000-memory.dmp
memory/5308-927-0x000001A6DAE70000-0x000001A6DAE71000-memory.dmp
memory/5308-929-0x000001A6DAD70000-0x000001A6DAD71000-memory.dmp
memory/5308-930-0x000001A6DAD60000-0x000001A6DAD61000-memory.dmp
memory/5308-932-0x000001A6DAD60000-0x000001A6DAD61000-memory.dmp
memory/5308-935-0x000001A6DACB0000-0x000001A6DACB1000-memory.dmp