hxxps://tlauncher[.]org

Resubmissions

19/08/2023, 05:00

230819-fnbm6aga82 8

19/08/2023, 04:55

19/08/2023, 04:52

19/08/2023, 04:51

19/08/2023, 04:47

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2023, 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tlauncher.org

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{B8DDD086-C68D-4871-9689-9FAF03E324F1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
2892	msedge.exe
2892	msedge.exe
4144	identity_helper.exe
4144	identity_helper.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4360	msedge.exe
4360	msedge.exe
2720	msedge.exe
2720	msedge.exe
3880	msedge.exe
3880	msedge.exe
2588	identity_helper.exe
2588	identity_helper.exe
2992	msedge.exe
2992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4444	taskmgr.exe
Token: SeSystemProfilePrivilege	4444	taskmgr.exe
Token: SeCreateGlobalPrivilege	4444	taskmgr.exe
Token: 33	4444	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4444	taskmgr.exe
Token: 33	4960	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4960	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe
4444	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 456	2892	msedge.exe	81
PID 2892 wrote to memory of 456	2892	msedge.exe	81
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 3220	2892	msedge.exe	83
PID 2892 wrote to memory of 1860	2892	msedge.exe	82
PID 2892 wrote to memory of 1860	2892	msedge.exe	82
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84
PID 2892 wrote to memory of 4508	2892	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tlauncher.org
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c64046f8,0x7ff9c6404708,0x7ff9c6404718
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12129342216855598514,9449798891137492239,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\LockWatch.html
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9c64046f8,0x7ff9c6404708,0x7ff9c6404718
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,1184283469761754270,1878561540976481109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\LockWatch.html
1⤵
PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9c64046f8,0x7ff9c6404708,0x7ff9c6404718
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4749423751382038723,17423132980485821014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,4749423751382038723,17423132980485821014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4160

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x424
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e64c26367269b72ec48d6f462c0da0f3

SHA1
ee34b5c722911361548215c6d86b51a87eee80e7

SHA256
e2a7c7d590c0094f82a4efede7ae04b254383d730c8ab8a0d64324a3dcf86492

SHA512
6befe6b55e7f6ea3b7fd2e557099c5400e6476408c429783be2c14eb2af9ef97695a75279c6c52d1b72669b8db1c3434784167559ea45f8d964bf3eb7d262825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e64c26367269b72ec48d6f462c0da0f3

SHA1
ee34b5c722911361548215c6d86b51a87eee80e7

SHA256
e2a7c7d590c0094f82a4efede7ae04b254383d730c8ab8a0d64324a3dcf86492

SHA512
6befe6b55e7f6ea3b7fd2e557099c5400e6476408c429783be2c14eb2af9ef97695a75279c6c52d1b72669b8db1c3434784167559ea45f8d964bf3eb7d262825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9b72437a0fd01c09ff1de41e41d6c9f

SHA1
62b90d75a2b2a37f50ce19f7b5e3fb97b1f4a657

SHA256
2551a2b1e860d6310717f8099371308e66be20c046044a25cf29169261e59548

SHA512
43bbe9af1a926673b38ff21a4d87fc3acf1c254b776b3e49a33d6305ace57b6db42e7bf315932e11fb847f2a9b61b3b40a2ce42fff858a658f867996e511b07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9b72437a0fd01c09ff1de41e41d6c9f

SHA1
62b90d75a2b2a37f50ce19f7b5e3fb97b1f4a657

SHA256
2551a2b1e860d6310717f8099371308e66be20c046044a25cf29169261e59548

SHA512
43bbe9af1a926673b38ff21a4d87fc3acf1c254b776b3e49a33d6305ace57b6db42e7bf315932e11fb847f2a9b61b3b40a2ce42fff858a658f867996e511b07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9b72437a0fd01c09ff1de41e41d6c9f

SHA1
62b90d75a2b2a37f50ce19f7b5e3fb97b1f4a657

SHA256
2551a2b1e860d6310717f8099371308e66be20c046044a25cf29169261e59548

SHA512
43bbe9af1a926673b38ff21a4d87fc3acf1c254b776b3e49a33d6305ace57b6db42e7bf315932e11fb847f2a9b61b3b40a2ce42fff858a658f867996e511b07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9b72437a0fd01c09ff1de41e41d6c9f

SHA1
62b90d75a2b2a37f50ce19f7b5e3fb97b1f4a657

SHA256
2551a2b1e860d6310717f8099371308e66be20c046044a25cf29169261e59548

SHA512
43bbe9af1a926673b38ff21a4d87fc3acf1c254b776b3e49a33d6305ace57b6db42e7bf315932e11fb847f2a9b61b3b40a2ce42fff858a658f867996e511b07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0ba6c815-ccf7-463e-be46-8d1626516738.tmp

Filesize
1KB

MD5
7c42578d601223eda4fff45a24ce6b7f

SHA1
187d4dbce3f102bdb53e87af5b808751ed3e5338

SHA256
3f41e294d9aea8b6ab207166786da6b2981039852ebec406bac4b1581b2b4976

SHA512
c35113ed5979220c3d9ec858da40898c33046b3d2c8881629cc2ad20832460897ed39763961472e83bdfa0989ff82a1b2a9e8794322868e389dd5ee0ed29981d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
96028af529360703393386f087f0b1e6

SHA1
be893d2cbcaab74a43ba7c2cc3243979e5dd8294

SHA256
2a5644af64f60635ab32cc8999c79cfcf1ccf7f9c278ddc716ebe6813bae1f32

SHA512
9c36ec159eabc1f3634bd3f9d8be1b8ed055772c77b44a7710b6b3f1f4659203f022d7a3ffd8cd74feaad6ccf2755792fedc2375a1312500194b990c90acd4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
0c68d7fe6f3f6cf5f8211d14cce44c27

SHA1
2a32d47db380d564f5a31ed29dbde92294fc6df0

SHA256
c59b6ec33a8e3acd19143aaa7fb4a9ae61048a519e9c0e8b6e053805a8350431

SHA512
42261bdc2444a91e87ab5fd5752a1a42604b155b95cc166445a6ea86ed35b7d2cd3222667023a1d0effb9b5b68bbefea092b4bf3f65420dfa4d83042e9397ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
9d25538f60dacae1151d4c41f9dedf87

SHA1
bc046e78c8cb500ebe4cd2da31446b1258704f3e

SHA256
8b13d1381919b15bad4477e70c05014c471fb648c32be57dd663517d4f45c924

SHA512
4446806fee013494b9638cc9d849211155669519f0c0c80c5dd2a3a1052136e728743647a0a2385350938810a2b88f08043c64c51120d5c1e71016e9273e0471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
46c4f248173ab07176726c798affe292

SHA1
11c4d7a6ecbd58130a56db6ef27f0052f97ad803

SHA256
de50b224fdce80354e32095d3eec24e27330ea48b7edd527abcc4132c1faa813

SHA512
8e11f33c2ab7bdebd81f7244ff1d9e924b760bd9112737c1822eca92d59ac420ba3fe5dbe34bb56980e1be2498afcd1899ba48280d7226629841058a7e5a808d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9969161b90200b33c67e1632d20876ef

SHA1
1973f25de84ab358fb6305d3649a30abac7773ac

SHA256
8c07c5682207e669dd9f92a24019d54acada574211e382db78dd66b5b255a546

SHA512
515afa329f581b999a4e0aeaea492811228a0c3186d01c25f06059a126c2fb15768d826adb7cde1ef21f213894350cb0a372b953477d7c4ccac524098bc272f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
195685167c01a709c331fef25d7aaaf0

SHA1
bda2eba4ce67d8251361e511b0837adc35fa9b2c

SHA256
33fd11e1d334a9cc54d5385874e2f3a8addcce72b1f96d541cd9e6229eb8a7ae

SHA512
b864a6097e616cf95136e80023421c283ceb4f0a9097181a9b391bbd856f16990fb5c48ffbe83c8d8bc4c590eb1954b7efdd7b3e1e32e2877c9b9398b8acd31b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
195685167c01a709c331fef25d7aaaf0

SHA1
bda2eba4ce67d8251361e511b0837adc35fa9b2c

SHA256
33fd11e1d334a9cc54d5385874e2f3a8addcce72b1f96d541cd9e6229eb8a7ae

SHA512
b864a6097e616cf95136e80023421c283ceb4f0a9097181a9b391bbd856f16990fb5c48ffbe83c8d8bc4c590eb1954b7efdd7b3e1e32e2877c9b9398b8acd31b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
f208794d929128549b032414833727a8

SHA1
2f3e8dfc6d4f9427c2d11cfd47d7686d32907ce2

SHA256
cfd1bdee922fca0bfc9e5c1cccceea6401a2eef7bdf7c7ff8e34fe48f826dc7e

SHA512
7323d069f50713978b3ddd9a07882ca5cf604ab79286100ddfad394e1ee0cd4370d13978ea31b8b4862934da560a231cc47257257df9b74c4f1aac499f3b8901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
9f3b78c66e76c57cfc8ecf563d88b5f8

SHA1
607a96da212e8072b61692b34a9dd63e13a88219

SHA256
9d6bcac6c7ffb77c994ddd862baebc297d29a02c705d9f79f46edb669511fdba

SHA512
e94192e2b9bc86e43e2c9e8fc163d797b6fb4da9ab63f2b34f159187550ff8a91d2a415117820da1de5a25feddf7f370f8d5ba4176f10615f94908761d75359b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
e3e652d420b96015bc29cc47e1ae70e4

SHA1
66b2a4576e247166a379be4950bc6fa4b4b48e75

SHA256
7af6013b856ef8614adc6f890ea79e5c0de18e8f32fd37f09e6700a9943b35f2

SHA512
2a9fa6a498c4bfd31d4f62541791fa5d2b19e5cbe9d10c43cc9fd7030740c938093512830b0da50ea64a985b63aa482c0eca651bedeb2e5f496eea5b47682ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
45b87886b8a9e00ff6ff36ec5408bf8f

SHA1
a8e9511c0dd9ad60b207d6e4a11ecedd80ffb176

SHA256
29ebe77840de9d5ddd3cf25b4a8616bd2df69e9bf4e8c2c7bd83a90674d83cf3

SHA512
f93f5e253bd8584979ba6dd8739832cca687468a2272de507f79d5e512b4138f7b9c7cf102dfa6807a787f640e241a1863e6eb11033859008cc71832f710336e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
36ac5479decbb8f481e7f6c96a574631

SHA1
58634262a13ad479dc1a9883395b954682a99a60

SHA256
865223298c8390cb94cbb1a7a44e6c3526b18cbd2f4115db71f888cb97bf02bd

SHA512
e9d0b00e7caf1024bbfc79c21a43a9353cebdf0ecf434df3ad23ee5da188f6290c002140e0cc14939ea87ed20dc5cbad603e3f9895fccca30fbbdea9fa463692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
663B

MD5
5d94cff5c0e164198126725ea2851784

SHA1
7e1866abf263532887dd873e1ee24f53407ab4d8

SHA256
058872fb9fa602bdf6a91bc636d342b7a06725030237e206922cf47a24f74f85

SHA512
edceb33090c9632019fd3b28dc8d9bc1d4b8845aac24b972499b3f8a2d54bb6b66cc9b0d7e3e30295e324f0a67993af124990e5186c544d07423ac69ae9ad85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
ceed2a0d6e06c0a20e53fcf2f543c8c5

SHA1
34e598e23fd5f16be2e3b4df48035ac2b8ad3fd1

SHA256
83dff9e1c0392c691c666ed13edb92e967cc439000957c7e7a9085cb75554a62

SHA512
abed08e30651eba799d7cbe7e51a4ebdd854d606d68a54725ec41cac580bcec3eaadec55144b6f4b451d6d5911d0caa612f002115f2b0855fc75928f780cdca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
4b1a536793b765c9aff72854e52923ab

SHA1
b8c7c06b5848b53eb357dd4efdd211935f27dac6

SHA256
6dca9a9c226ae0773ff1074a85b78af2269579c50ee32b485984f180c47890e4

SHA512
d764c364c310d13188ca45dfce4ba187c420c24c0143a9b903ae88702e6dcd23dae5a905369477d264921eed4605249990fb9228d5c5f8c5a19c6c317b9e3343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
00b68aa0cfbefef49c3c414f6e1d3c40

SHA1
6c481e6663c0a9b59b19d268b8446146fd58ed0a

SHA256
c823b33572b9a165204160d8dd8a27f9420cb02b6a920ad6e23f09fc24f564ed

SHA512
cfba9f0000e0014835cfde2f45d9f57b3340dae05cc7970c6e10bcbac3f246d2c3812219fdaebdc5d3a7bdb0f2da1bb71fbeb1c21ab68d3d0ea1c379e85cc075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
30960599c22490bf413239336929e5e5

SHA1
50516ba600b2de22bcf2298452f4c835a0685d5a

SHA256
31c3380e3f44903ca8b17b7ce3e797c361013491aaf92db6cd32aede8b62b57f

SHA512
81c47b659d76edc5709e5729ac2e535d82c6e24935ddfb3fbb60d27c64a478fd6567482ab7e785dc1d84392f62ad83fc20d3ae01e05886a629e71d106d486dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
30960599c22490bf413239336929e5e5

SHA1
50516ba600b2de22bcf2298452f4c835a0685d5a

SHA256
31c3380e3f44903ca8b17b7ce3e797c361013491aaf92db6cd32aede8b62b57f

SHA512
81c47b659d76edc5709e5729ac2e535d82c6e24935ddfb3fbb60d27c64a478fd6567482ab7e785dc1d84392f62ad83fc20d3ae01e05886a629e71d106d486dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
45e9e5fe1c40d79ece84a668b4d08817

SHA1
9aa14ae11c9e371bbfc5e715785af02688a3455e

SHA256
19e7022f351035dbde9176774eaaff5e14b195adaf39368e1e27fd922c999488

SHA512
dba3262fa1f000703647dc26b2a9b18d590c5b3bce9e0457cf882f143306356193127b28cce2cacd289a72f028f6a938e566cfdb645cd503dfb1093b71b3006e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f7bbb22d0b6786debcca62b7e8fb6dc2

SHA1
4f44d6e86ce5a022ca6f766bf42c00dc9e478fd6

SHA256
b15eaba881e9be88403f32fb038272c3165ae4dc72d32c13a2db1a53999832e8

SHA512
c4f1f8781ad173d769e6a6d43b0c5047395447a98769cd87d79756bbce31511cadce6b79f4f850d94f1329b2960f053a502814d11c46c3d77cb04cbf39d22ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55954c8c6675e16793fea3e1d8074019

SHA1
0b3d29afbfc8212d1ef4a7d7577ff9d92c1489e1

SHA256
e5485f7335393e25e8646667964634866ca6d2ce948303f26c12077d583542e1

SHA512
fd0be80e08a7697e243588b3d2cd7850bec1e61d08e65af90a1be41ef509fd577d35b29bed874907f366107243458ee88295308a692b4e4c6aa8cab2db38c02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5cee7f451cb96c6b8ec86588327e91a

SHA1
3713f869c4f817747d07185c4d31e763f2d48fb2

SHA256
c15092c68f9e35af0092288a3debc40f4468c0af7e47ae83546054bcde3de2e9

SHA512
e9d2720ff98cf2af71a9f0f65a7238fedda93ec839f4aa1488a4c821f2467c4d29a1d4db19bc2cda385745470b64664d9adce1157e4eae89ae07c65345af262c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5cee7f451cb96c6b8ec86588327e91a

SHA1
3713f869c4f817747d07185c4d31e763f2d48fb2

SHA256
c15092c68f9e35af0092288a3debc40f4468c0af7e47ae83546054bcde3de2e9

SHA512
e9d2720ff98cf2af71a9f0f65a7238fedda93ec839f4aa1488a4c821f2467c4d29a1d4db19bc2cda385745470b64664d9adce1157e4eae89ae07c65345af262c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
81ed27300862a8ce4634ed32b99a2107

SHA1
979eff2c4d42f6eb269d3b778756791e707667aa

SHA256
91ca4911c638f0767c77f1328cd5dfa5866c1a04d77aeb3d17cbf88a92e53648

SHA512
199095ba05e8ac3c027fb56845a86aa4b232be621136e3c3ca2389b5124b4db3ce07eb30c4373beafee449e8ef22a546aef3e72f531c926ecf122c9dd16d7ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
503a89cdd2683a8ef96561c0419eb2f0

SHA1
73cfcf8498b99070ffcb4f2b0ea1ab4b04cca217

SHA256
785b7dea753e051a30305b6239630ce4f8389e032d96594f365f26d324035dd4

SHA512
a8d611a202f863cdaf4f0cf31f77a4812b91d3438e2976cc1a3aca642d6b6071caa44553e1c2f08b0460f0399202af5d8a45506b3fb22c72536f785e7a9babab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f5b5ea5225919b375e81135d2ca2c6c

SHA1
6874192e1b24f8a080a5d9da9e268f3fbab12a82

SHA256
cc800750864d3d3591d371769d890c0d54c135517eecd43d94edf9bd3034eb27

SHA512
1da5752fd364c16ef54dfadd0afb0f0e06247e2b5d57f53a439b4b46168e1a54169c58f79b61a8a49bc4ca61c22a373044634f1264bb349b0ff0525f1eb31703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
08f4c75c570627e8350449a0ab1c5cd0

SHA1
a7f6b93982fa6be5ed035deae111767fd16ff0eb

SHA256
907bf21ae9d842f5873174cbbb759829dc463bca94cca3bda79864ae067e05a5

SHA512
33118680d9e18cdc1f8c790e12a78290a0f5377e6ad9255c0f127b1c05674b9c2d067054b7b9ef8a0f4250967653ccdf283f9cd93adfcdc7427a471ca1016e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
19861a3abd7b2807816404185db5026e

SHA1
b2d483942eac2d036bdf7f2bc1b3aad863961f5c

SHA256
8c29f4088add8207f6b6190d11f0d0f514fe610cb3ab4191ddfa9ee470805521

SHA512
80fb76a7d1a88c00ffb51424d2f979cdf3e5efe8d14fc55173163c72ec9ce0026c81e0e3b393007e86a1e8c5d354f21d542ced7304e0104d47fe15750d5049cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
32d194e46c3cbbe773044dc7005126fe

SHA1
d2a52943fd19cbb879899f3325f2806bcdfdc829

SHA256
5b5c2b8c3af312918a485fc8b1e506c4e8a0ecabf755412f2520ec893926bf81

SHA512
e3c7203f39ee3018efda38eb35654380a8966e5dcecaba671956b393140d9425926542254fcf0b171a0a6948c2cf295c4b30157382293e58e1adcebcdac3e13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
00d7ef147449b9d65f977d175dba11a9

SHA1
5934349f21e6a7c218a53ffdf4b2e48c378cee64

SHA256
9ac022e2dfdf2d6633f670f9e02e0f1176012dd25cc99b4bc14fcdf11f1bfae1

SHA512
a972bd29f73bbd4fee2708ada3423825778f63f1f445b9d2de935bd5ae511a143a392bbaa7c9a3ca7be48738fc7864b191d2f5124377cf3953d271b179f32cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a6ceeda956ca757de681a4c10dd860d1

SHA1
05a736e51bf9c1a52ac232f407d313c7bfc321b9

SHA256
47dd8bb6588a4e9ac0ae35aa4ce02136d72348d08aec4ce6729a539e0087d01a

SHA512
df7bb97b6f6961503c12c4e9a8518d631b39467a3d30d9e00100a3115360d2f62158ae9aebb43166ce449df8fe09a17a6feb2ad674e2bdaae3370ec36ca8c005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
277B

MD5
c5281bb6efce4cc5ad5134dbc9c1f17b

SHA1
95f10bcb3d5c7c1ae5a03f5065b0955076dfd68d

SHA256
ea19a48351fb4e4e6351e3339700e81421a848014670ebfc88f05164b30fa903

SHA512
2a05ed5154942eaf9efc21d0b2a406b403ebc4b58e071a8851db2269c8bd94fa1ca81484e68f8a66cfa2ddc84c05e4cdaba9415c3b3385df616852a8cca8c405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
42ca25908f0248ac677e26ec9e9f9a05

SHA1
7d50c13aac068f4dbd971cd75eea1af373ab127c

SHA256
0002901d977cd18f41de66c715ced49ed8b79c01b3a8d05adfa9f7aa86551d61

SHA512
87022d8bf194440e5e54a5a7c92588619c4e6682bedcb650a1147e014eefa927040d6b26455ee8f634246ab8348d5be31aedbcc2afe181a6b315745f8be3569c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13336894357983622

Filesize
4KB

MD5
5a2cbad0cb7a775ebff4417b1638aa98

SHA1
773e6bc601825d9b16dad9048a868c3172729f9c

SHA256
ba07dbe5e47b969501f0a76336383c70fd0149f9c1bca224d905d694d0b92a8c

SHA512
b7ccd6e6f61b67449f8cf4a2f14b88512bba6f1f120d4b2960e741c1125d605524422e7b571ba5446bd17001a46b6b4849aa16873c9e1689f331726ad4995c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
46dd0f659d49e494c0d81431a3d89fab

SHA1
944c249a2ac2b65865eb7e4afea78b08bcba5aa4

SHA256
f64602b009021ba2682db4e83c9f0c9c0dfebb602a29456a13aba5141f1645d1

SHA512
ffca281691023612d73da7b91cb352b459ba71f58a3030285abe5483be112be15ac1a361c4d7b4cbca850cabfb648a357ed4ffe8422c5620149af3f52e8b9fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f5cabad51cad3a3e0bf1e1d1eae73d53

SHA1
12f7b0896eb09bcc44d3d1c56087ec2e7285b79b

SHA256
57091689e8101df2384b49270011e97f5eb069d077b33074a70a689412ed5a3c

SHA512
6c51ed78be7e6444fc10b10287b96082c78399d0e4ea5f1a1e966b5a83559674444c3d5ed992b7ba59ef450f36e0f7355cb0f575fd74ea8a8fb4d23176f35c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6a3bb937b1a45cb867cbc37df0333167

SHA1
35a809edfeb25c373debf1c242e2cb860416d7e9

SHA256
7c33ade2958a2a75367528b8e7d52810aed7f6d21c9305922228b68770186526

SHA512
dee7caaeffcc943de224444ec7836a49a2c1ce9dab8c5a46faf823fab7cb1272ddfb4d025cd347baf41b94e3774568d5bf587724750f6965320c6c0578e0477b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e1a0b30771a25632d39579af16d538b

SHA1
6a6e887e50356679143ce2dfbd29d6e9deb8bdc4

SHA256
c72a94fd598be37e73e917d77bc6a7599db0313255b2ca173027ad94ff14bf9b

SHA512
352714c262b45a617bfa9c1a98d41f29f998731a80f3e64dc284273d3ca61902a9f31c1eace831ef54b86cca23c5108f7472cc0f58821d420f21625798f4311c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f836f7e47b6a50cb1c94bfccc274f3e3

SHA1
b473f2e2c6cce78e6b8851aabc500d44e3d0d507

SHA256
ad2af114950996fc829262ebf4767f5c03b613b941a1302002714c0a76a1111e

SHA512
b045d9b996a8f496ca92263e0a87e77c8ff4153625705a37dcb62e4ad2c6a1a7f7254ea09e4bd5eec1e014a0136476e951037cd967aaa855f8d37cca92a1a45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f836f7e47b6a50cb1c94bfccc274f3e3

SHA1
b473f2e2c6cce78e6b8851aabc500d44e3d0d507

SHA256
ad2af114950996fc829262ebf4767f5c03b613b941a1302002714c0a76a1111e

SHA512
b045d9b996a8f496ca92263e0a87e77c8ff4153625705a37dcb62e4ad2c6a1a7f7254ea09e4bd5eec1e014a0136476e951037cd967aaa855f8d37cca92a1a45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
04f44f9319ddfe8e5883e479c62c5797

SHA1
67b6de9a417dacc0fc2aad40f313ae75e741cb05

SHA256
319c996b2ecc18ec58260855b5f29df2edc4636827976ab4e4c3ff0202c7b0a7

SHA512
a366c891c2467e305e9330334c895c45af0587d52a9ff656b7d08cde7ce21567d0ee79b9dc1be4e2818e7ec560837b03c9a9f96adbdaa0708afe5e355f149689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
03e1352c8f5c140586e92f7980155c1d

SHA1
d4e16f1c59cf3b67f25fcbe1c7ab2d886add4a0d

SHA256
5508562a42544b4a65c6d632c601c699fb08c362dd9e84452b4ba53812eb8565

SHA512
6f567dc62388def09b35e96fc3e26894dd01a8b82ef9a54f45c3c20d51119fea4b4f4ded4a3affe23803581cc6bbec2640a7d36ad30f4079d3d70d2b89de76f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
0658573f773e2223bb028be93873e762

SHA1
381caef243a42d7ba64a23a1b7dd5e115e94a7d9

SHA256
cd4b1cbcc3fdf0edbe5bff94fb2acb2bcb0b6a55eb2c8090148fdb8c5a6adc7f

SHA512
938761242214fb8fd625eec4497a5e59d2279847a5b452a78b913a540098cd0d97402d5d40ec7a7570f7b30063025ad03a8ec9579e999d5a508bb65257c5c12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
6dd5f2be596534b773999cdfeff9e468

SHA1
6ab2043a241e3fde1311e0755e9f8d47bcf41939

SHA256
11aaa41632c0a8f7846d244a24f91782bb6398b80b5699924b56912ab07007f2

SHA512
84cc1b810d82374bcfaf768e0e9ae34d7133cab89bcdf16ee1c60a90eda842ef99b4c451167b247a42091fcf0c1481bc629b7af5b1940aa6bc62d00067def78d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
87ead77c23ab1cba7d29388f56f81017

SHA1
97fc49c7013bbf3a9d131308b0787be401044266

SHA256
35987d65babf87601174d9b4340fdd54d6b86601fd479edfcf7116673aa7e9f2

SHA512
a03424d5fcf8ecc23c0b3f09c37ddc24b7858de6930e69059b9c7c176f8187d1f4b40c0da732d69a8efc196a480b05a133fc3beb2b1fa4aeeab26855cca70dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
7f320b4a08b31a3f17a0a122b08c1817

SHA1
c165d827f09f8f4cfca9303d3ce20c936f09e1df

SHA256
1bfcba6bdefe17df2dc8bb53637a1cd90d6bbcb2e6882ed5501d54ba699a733d

SHA512
13e15beefe65c00a76d7dc75b6e8c748f83d5bfd92e32f92428670c72c332730dda13cd4ac4f9d38fe89f941f3497094ebd288da83ec1db234bf6d8a824e1a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
6f25797527a04afc448d7b31ce5bdeda

SHA1
59bac76fda5b9c5bb77b48818c97f5b2d13be574

SHA256
5ab25ac1cb488eacc5942c0a70eb590f38346d04028fc201654e2bc69b09d5e8

SHA512
29131a0fb39fe91c18773b6ff11264beca3a1a71e496a29ca1e5fdc7170293af9eb93790cfbc66b7395bd2bf5d7294c962e7d48054da2b4ea55b97ee85867e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7a1e166a7b23967494935f580d96a7c8

SHA1
aacb3885e11a2e9c1ef2df78153b0c43b5e1d817

SHA256
f3d9538d8eccb155494e4401562cf1b6f38e450ec0aec3393739cfb83b2bf5a6

SHA512
b2fb5693419caf883615607ea21b5a79c5f443432a86d4cc4d16aafd213343be1f83d6c7dab350bad483bbc78c7a883259c9fba12ef7594905b620393645894b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
71b30b952f1c62355cd1e2a66dacda47

SHA1
a784591f0fedc3af5685d1a77226e47b617c63ae

SHA256
da369527fa292239683c8e0402938463fc175bfc533153b9c6a45c40d2af8dd2

SHA512
82bb44ebbc3a77a8a483b37f2e3abe9ad9818b568d99f97825db808a0e1db8ee9e879fff1dcba72f7d6a38ea5e62a94824089cf95ed4a4ff304337eca48b0d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
80ddcf47843a43b5827b2c7bf526008c

SHA1
3448d7be62662a0bb525f09511fc02d2791d3bc1

SHA256
5d133403a802a853efb0cf39321ddbabaee9606cd2ed541a0c974f83b734852d

SHA512
ad8d58cad5bdd852cb5c0f3d7d5a36f77a2e0919d64cb096e443da7989ea88ad4b165dd02f19c6171cddb51bc89753e48aa2fa2cd3691baac454fcefcb24667c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2d7deaf28f714c29d0f006e1b2186acc

SHA1
1226ce87781e1332c28d12a1e9619ed15c5d2aad

SHA256
2caddbc762bc756c7fa7b2f4ea26cfaf0d36546d3d757b14180940b272067106

SHA512
f0163dfe7965024005b179b4f76e155627c6f2c470b3d118ce8c9bf93f4873403406152136ff7fd0d889e44d7878c2bb319fffeef97264a4ab530d466a13f302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b6521c42a2cfb99598debfa34de9d754

SHA1
325aa73a0980d419e9bbdfd2d51e30720cb5e687

SHA256
c4cb1d214c20d88a543d5f29bc28d559c51d0741434baabf9b27d16230b2d3c2

SHA512
f98af091f96b22be9cb134dfe4f969bb9fc13e2a218e46b5803a8dd8a9045dfd9bce14f0e9298232e31f9e6949fb9139a5a6694c89fbc1b5a6f474de9487b93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b6521c42a2cfb99598debfa34de9d754

SHA1
325aa73a0980d419e9bbdfd2d51e30720cb5e687

SHA256
c4cb1d214c20d88a543d5f29bc28d559c51d0741434baabf9b27d16230b2d3c2

SHA512
f98af091f96b22be9cb134dfe4f969bb9fc13e2a218e46b5803a8dd8a9045dfd9bce14f0e9298232e31f9e6949fb9139a5a6694c89fbc1b5a6f474de9487b93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1e4a3fb2f70885b824d7d47eb61d1b1f

SHA1
7234408535c70f6cd412f3a8c46ef46945af078d

SHA256
31aaa2409ba37a1701534660f53b5310ce32cbf1e6bb0fbaf3e927d3ccfc88de

SHA512
80e906c060b660456ef1a9b62529c46966d2a1cda65a0362163790802a2be582c1583e61f348c7896995c5ccdf79f0e25cda7d375ac41c2a3dc83585dfbf2968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
b44c4b4a6e62aa0baec9b6853241037b

SHA1
396959f031b31fe3fad309a2f4995f22b3c9634c

SHA256
12eaf4a9696ece96a495cbbeb8ef4fb6fb62e58680af68700cc5a7585c7764fa

SHA512
17ff643815e2e741399aab5adeee453887b1ab16a14e1f4e96be4b406566c40f5c0639a258a966549eea6c602016e14ad86002128308c5c4476706517fc4da14

Download Submit
memory/4444-263-0x000001BFFF8F0000-0x000001BFFF8F1000-memory.dmp

Filesize
4KB

Download
memory/4444-265-0x000001BFFF8F0000-0x000001BFFF8F1000-memory.dmp

Filesize
4KB

Download
memory/4444-264-0x000001BFFF8F0000-0x000001BFFF8F1000-memory.dmp

Filesize
4KB

Download
memory/4444-267-0x000001BFFF8F0000-0x000001BFFF8F1000-memory.dmp

Filesize
4KB

Download
memory/4444-259-0x000001BFFF8F0000-0x000001BFFF8F1000-memory.dmp

Filesize
4KB

Download
memory/4444-258-0x000001BFFF8F0000-0x000001BFFF8F1000-memory.dmp

Filesize
4KB

Download
memory/4444-257-0x000001BFFF8F0000-0x000001BFFF8F1000-memory.dmp

Filesize
4KB

Download
memory/4444-269-0x000001BFFF8F0000-0x000001BFFF8F1000-memory.dmp

Filesize
4KB

Download
memory/4444-268-0x000001BFFF8F0000-0x000001BFFF8F1000-memory.dmp

Filesize
4KB

Download
memory/4444-266-0x000001BFFF8F0000-0x000001BFFF8F1000-memory.dmp

Filesize
4KB

Download