Malware Analysis Report

2024-09-09 11:23

Sample ID 240618-vbyz9awdlj
Target SKlauncher-3.2.exe
SHA256 05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
Tags
microsoft discovery phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Threat Level: Shows suspicious behavior

The file SKlauncher-3.2.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft discovery phishing

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Detected potential entity reuse from brand microsoft.

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-18 16:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 16:49

Reported

2024-06-18 16:52

Platform

win11-20240508-en

Max time kernel

92s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "235" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4560 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 4560 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 5056 wrote to memory of 4176 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 5056 wrote to memory of 4176 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 4560 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 4560 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 4560 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 4560 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 4560 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 4560 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 4296 wrote to memory of 1236 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4296 wrote to memory of 1236 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 4944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 4944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1236 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef7c23cb8,0x7ffef7c23cc8,0x7ffef7c23cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1784 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2424 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j245619156751164253.tmp

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=335789

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffef7c23cb8,0x7ffef7c23cc8,0x7ffef7c23cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2036 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\WriteSuspend.mpeg"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3a2f055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 files.skmedix.pl udp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 8.8.8.8:53 2.199.67.172.in-addr.arpa udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 188.114.96.2:443 meta.skmedix.pl tcp
US 188.114.96.2:443 meta.skmedix.pl tcp
US 188.114.96.2:443 meta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.234.234:443 rsms.me tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 launchercontent.mojang.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
N/A 127.0.0.1:50476 tcp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
IE 20.50.73.10:443 browser.events.data.microsoft.com tcp
IE 20.50.73.10:443 browser.events.data.microsoft.com tcp
GB 184.28.176.107:443 tcp
US 20.42.73.26:443 browser.pipe.aria.microsoft.com tcp
BE 23.41.178.50:443 r.bing.com tcp
BE 23.41.178.50:443 r.bing.com tcp
BE 23.41.178.50:443 r.bing.com tcp
BE 23.41.178.50:443 r.bing.com tcp
BE 23.41.178.50:443 r.bing.com tcp
BE 23.41.178.50:443 r.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
BE 23.41.178.64:443 www.bing.com tcp
IE 20.190.159.67:443 myaccount.microsoft.com tcp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
US 52.111.227.14:443 tcp

Files

memory/5056-5-0x0000024B8BA30000-0x0000024B8BCA0000-memory.dmp

memory/5056-15-0x0000024B8A170000-0x0000024B8A171000-memory.dmp

memory/5056-16-0x0000024B8BA30000-0x0000024B8BCA0000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 0a9429a3287a8fdf32a7332def36e387
SHA1 bedfb3f64e6753b0d7c24deb337feb5fa4b4e6d0
SHA256 57fa8410e8abd9d5610b2a2ba83e7b842938066f08105ae1c6d420477c0c2b09
SHA512 d8a86d72700fcd3b9ef20304f2a18891669fd03eba9e7ae37b9b2d6e8680c39bb77cb796cc359c821d1adeffd49569ff9d4804f630b1e7ce64f40ed8e6ad6466

memory/4352-20-0x0000015A2BCA0000-0x0000015A2BF10000-memory.dmp

memory/4352-30-0x0000015A2A3D0000-0x0000015A2A3D1000-memory.dmp

memory/4352-31-0x0000015A2BCA0000-0x0000015A2BF10000-memory.dmp

memory/4560-34-0x0000000002530000-0x00000000027A0000-memory.dmp

memory/4560-45-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-49-0x00000000021F0000-0x00000000021F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4534763095900.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/4560-82-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-108-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-124-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-146-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-162-0x00000000021F0000-0x00000000021F1000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 9b59fa715db2f9f8f6ed9e14f3768ed3
SHA1 9d46c5898c653fb1785e399b74f26633107d0bde
SHA256 fab6dede2f59dc4b7b6be032fbce1209a93aca02b7d6c126e3f1584148230146
SHA512 e9e84b056e0f1d8be544194a275ca61b5e6820dbbd701dec5aa75b804705ab33cb826314c0f6edd527cffa84de80062c559f9fb49c53b5bbfda9481bd138be5f

memory/4560-204-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-213-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-216-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-222-0x00000000021F0000-0x00000000021F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF8724198934047048733.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

memory/4560-288-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-302-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-299-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-292-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-296-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4560-303-0x00000000021F0000-0x00000000021F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\e4j6A24.tmp_dir1718729416\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF5107927211275000330.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\+JXF4498721804147750030.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 23da8c216a7633c78c347cc80603cd99
SHA1 a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA256 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512 d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

\??\pipe\LOCAL\crashpad_1236_HKYSYFHZENATCNVP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e4bf11ed97b6b312e938ca216cf30e
SHA1 ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512 ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 babed9125fb8b8cd2fd57176c54d5817
SHA1 a15ac86ec5445c12d43aadf9d23263561884b12b
SHA256 40c9f7bc680d76a084b83a220abb22411aed8da9810e24651dda9ebef1685d0f
SHA512 aaced485dc8d172b92c4fa4e2dcd88e0df295e577dd8cbdd1d9a66afc22e40339ecc4c873da9a5f07bd24d06cbbc3d4cc161322f0921cdc92e80c19da127bfef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a1ff176ea474e81ad11f8637294c189c
SHA1 47e5de143fb67217450ee914128488d9dca6632f
SHA256 6cc4a9689343a6884da4ea2c15b558b927b08ee9be2229caaf0b4493ed0c88ef
SHA512 64b13c7f57eb36bb5ff844b2e61c571cff0aff14f6c993250f14cf9d0e870f979ea270da52a8927265baec8ca3c42491c05439f2698995531a86e7a1be066d72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 98db7c51a8a513b059de3369113ee18c
SHA1 a277bfa3908e0b5188008c50bec892ae5f24e3d7
SHA256 553fc3cab6bc74791f896a85c40a41337e6ceb98017a0749d22166629d0e8c36
SHA512 7f410b664c260ff9bd9c2fa2bc8ae568b7bad52447a88a4487bf2525324efbd48fc15e323c939acc312f716eae0bbd3f692b1e894a1dd71aae6c51ec134b543a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9618df8775e48da2aa380560adf659d4
SHA1 7eab93426b1bd0da46164a2983336f2fe7e1d293
SHA256 d79fc0b5b26291d9188643c546b43acc7427409e6317915f88c0bbb0e8d62cdc
SHA512 a47a285e7bf0592bf45437511fe177442de1a2fb6589c4c5420df6daae7304f74d8f66a433010baded60fb522b30b025bf55dc4b19cc0a2a1a4d1b2839f340e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 119b9326a3d87cf92a8e890d5bb2fa90
SHA1 c7456c480c5473a233b8e8e818ab98f4e30e1fa2
SHA256 75e2b144900db60104e0384f21393c1d99e211d8cbaedaba1a4e87c7b8540084
SHA512 4ca6654aa998491ef90420581291b8121c3c8b84653cd5806464dbddaba6ebe04ff970dc85be7428fb9879f03a02c8bc43488b278edf0b089862a0b9628b0a34

memory/4560-926-0x0000000002530000-0x00000000027A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF2258524562815390049.tmp

MD5 c4c47e3d7ed51a6bb67b7b8088a4b0e3
SHA1 b190f4e4e8f838c46ffe9507d966ea4d8b37d8ce
SHA256 5e606f805a71432d4875de7dab737bf9dea1187090f0a5190da9b1bbab09f57c
SHA512 b4251618479c52398ca71cfc61ad88230a14145771ef1085ab9288486d7bfc841f0ea222909f8ba6882db6076df26bfe37e1c23917569270c86d6e7adee7cf13

C:\Users\Admin\AppData\Local\Temp\+JXF1681859141366057259.tmp

MD5 c5c41f7587f272a4c43a265d0286f7bb
SHA1 916224c963d04b93ed54ce7c201108f398e7e159
SHA256 d549110689cdde0821ca2c7148f7b47a097166b4169786a4a9ede675f5ce87f3
SHA512 d4b4d01088d9f506368dc19d709b4ba6be764929b0dd05775841e14cbbec674f216b81515ae529e95abfd22ed2f3e2d2774363dd4284c8c8b57d203599555f76

C:\Users\Admin\AppData\Local\Temp\+JXF3715579769142660225.tmp

MD5 12ec66b825b504d752e8c333bf81dacf
SHA1 56896d3e6011466b7e6631c714c57e20ee8366d9
SHA256 5fc09af94a447fae6f82c00f15dfaef9eae7c560e6cbe46d3e84524019a574aa
SHA512 8cb838589ac4f9819b7e2204517445df94663d3217297212973e8b2d9fece162155130ddc783e7e89ef2832d38bace731b2ae3b73aff36ad782c707813bc52b4

C:\Users\Admin\AppData\Local\Temp\+JXF5788066354913604325.tmp

MD5 118abbe34a2979b66d6838805c56b7cd
SHA1 7f320cb81660fc6dff9cc5751f8fcc0134847c77
SHA256 d054d998ae12be33820b100e0ed3923d513fa5c79c6d4e7ca1953afeb262ea9b
SHA512 5bcad4a03ced2ce76c5ebf78cd2c1328a4ee27019807f56a48bf8a0f936c57f351f10726c176952f0cf08776a5ce53d34c14d6a848925be2789408a61678f381

C:\Users\Admin\AppData\Local\Temp\+JXF4427102538236886191.tmp

MD5 b97f16379b4c106616f60f702733f5c6
SHA1 85c472fb9a7f256643bc4bba10f158dfaa1d1e8b
SHA256 4c392dcc8ad916f0f9df7559ab5563b01dd94f9f3b2db34617fe392e00060339
SHA512 d124af2c705b97cbb307497f88c47a5f7d320174d48626ea14ac27d42bcf8016f32810cf7ecb6af1261297b8c331a6ea89e2e35c3e2536390d8d6e500ed8d61e

C:\Users\Admin\AppData\Local\Temp\+JXF3769075554211259755.tmp

MD5 4b1ffad3c0075af22674765ff1ee2f56
SHA1 1f7b05d0ed1c6c15736115a59ad844adea5f1f66
SHA256 fe3714926082ac5764327e3b67ae52cb6f0cf6b8c4221c064a6cacf821079414
SHA512 427db3fe5860676fab65a9b895d205620a1ec0aa172f45aa9ecef261820e25b84f3413bc5d0a9d0c1311422a8da1f5706ac4f6211a60aacc82974cf00ff036a4

C:\Users\Admin\AppData\Local\Temp\+JXF4282938065680346268.tmp

MD5 4154321279162ceac54088eca13d3e59
SHA1 5e5d8c866c2a7abfd14a12df505c4c419a2a56f7
SHA256 6bdebeb76083e187c7ae59420bfc24e851edb572e1a8d97c1c37b7b2dc26148c
SHA512 04ca175774cbe3f2d83543c01cc388e2715ab7b1378143db41bacdc7e7eddf05d3beef476f6acbe7ddeb34861984efb5fd7f299ec1820697c440b372d258aee7

C:\Users\Admin\AppData\Local\Temp\+JXF4728688028706290249.tmp

MD5 a473e623af12065b4b9cb8db4068fb9c
SHA1 126d31d9fbb0d742763c266a1c2ace71b106e34a
SHA256 1bda81124d6ae26ed16a7201e2bd93766af5a3b14faf79eea14d191ebbd41146
SHA512 1fbc2841783140fe54f3ab1fa84e1ded2534bcec3549ade2f513491b32178df515bd63a0a4a2c35017a6850ff9c3a24f8602357d912acf8ca92b8d68ba846d3a

C:\Users\Admin\AppData\Local\Temp\+JXF1378848144275358268.tmp

MD5 9a21378c7e8b26bc0c894402bfd5108c
SHA1 72bd9f3ca75ca691ce86fe1ebbdb269f5f737bae
SHA256 0d34f9588400a586b774be97e66ae8c076a8807b8455df0587b39d2a4a1a3b42
SHA512 4a9d23a01f1a7474e0339d4d8b151d0269bfaf7d9e13ff6aa34d7f929002e8ff185f273e6f7afd2d40df3e0630a962dc7767d870dcf1766f3e04b8029a7b452e

C:\Users\Admin\AppData\Local\Temp\i4j245619156751164253.tmp

MD5 1e7057e6b945169ea17e040fbdc9bbcc
SHA1 325fa92c00005530031b88dbd8feab8a38f5d6b7
SHA256 fe7ef643cddd7b6b60f451546d82ffb80822d8872e726414fee2c6672d4a1dec
SHA512 0a8f76977a860bfb911a83efa8d6caf73ebf9af4881197f230e33b55453ceb46fcdc9b0e1130580573d895f3438e4daf95b3659806ba60e2f8083085a82de408

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe

MD5 802d1182a4685e1b86c0a9dcb3f2be36
SHA1 3aea1c3d1925ec0e6c4e534adcccb1271c6a5f04
SHA256 e48ef14933f4eb6071497a5311ca0ac6e115f7a0d57a60e519296f8fd42ad4fe
SHA512 ebde9d7c89fed73ea1766fdbaf716e5ba69068b5b0c913490c9ad8703540945e2cda248b0365d6a49acecae960a8fa846da53cfbf8e19b98a6da382267dc562c

memory/4560-1001-0x0000000002530000-0x00000000027A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\e4j6A24.tmp_dir1718729416\exe4jlib.jar

MD5 bd8451491a92b1aa5fe6d44bc9f3e1c6
SHA1 fe210263b4bdaa3719b00994e665839c8987094e
SHA256 8a416dab7b3028f3e79b41521b65432ab2d25dec9f85e220ade0157badc0dd41
SHA512 3c1892e9f8812ed6e895936ad16f3f457f50283d88d37b45d780a1d5f0bb2751bb74585b03227d10367b9367c7c2eef68d88d914b8e3cbcca0b2dfca05ad0ebf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 de39b8ca21a62a293516e28e434ed255
SHA1 1b39322f7aae8d1f60780028a9356fd89e9b2ab0
SHA256 40848528732125f14417f2f09321387107f1b793afb0647a64e80830f301eac3
SHA512 cb78a034ac63022e627b0b6f6ce3e4ae791d25a0425ae85549987bd0163427b5c2328d43e64c6af0dc374acf31b5676bc55d1f7a6957f698dc777acb90caed28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 3b1c525f08a0ff18015f5131711e0506
SHA1 a258c3a5d21fcc0cc532265c92e0379bac2139f9
SHA256 6ffe4f8bc58f33108a66f6a9e4e4dfef29595d4ef5e4ecc483fd3c05e87fb4d1
SHA512 3c59dfe737244adb3e27a7440483a3173032e4f6be9ce5c57bec590e48125e441d4bd7dc6ce4e7c15f1df912f909797fe5f971863f1a0dba2f0408b6cda7e68c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 da353e592ab27c2504ffeccb6bd988a3
SHA1 0937ab4007668f8664357efbc9796b3208fc1900
SHA256 ab32cb4b6090c1ed75e77ce3643a89f069799f5d4def0796727df019cad61c74
SHA512 b9a86e3f8016e952bad46f22cfb736b302ee745a7251e8eed217efe2d7ba3bdb5b0578fb01d28ec90bef96dcae954e6b4cdd3466216ddf6bf49070a1685ead24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 046864a7f86254ea66d3a2e1a08cc045
SHA1 e5c708ba24e19627d0f6749bb8f870f313dd6db9
SHA256 07ccbf4b04a77d51c2417fdb6ecc1ac89e98e2a765dc8fc335512d301a2c09aa
SHA512 fba1a7e470c2214f59e8164aa6f9eb84c329602844a4fabe3dd4affe806bd6dda659a0ad8f5f7ed0e8e30b2daccae06219d5ea5028f6f094e93418f0b59bdda7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a62d3a19ae8455b16223d3ead5300936
SHA1 c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256 c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512 f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 16d2e232b12a40b0fe020a02ef2c7685
SHA1 2843d7d18de8dcb82b59dc87f1fb158b06106a32
SHA256 d909ab25b90c16759442fc17621d904f8b6c7d156943dd1d8a9bfac1a0a11963
SHA512 50cb323c8794d7fc6df262a68ded88a36872abeb759d4287f88d61c9d85f05084ef2e2aa72f290709cac2949db513e3cec75d33d9a6d7c55905f830ef91564cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 28c1646e9f0ba6a6e57f245225a38090
SHA1 c69d1beef59fb07748768698c482de5e3cef8eaa
SHA256 99fa4caba166fbf9031f45e2af9d419d2e7b0aabde99fc4c87f69b3a34d41099
SHA512 71550fe95716ece8e139d99b50425797a704697b76c1708615ee976c806a09ea8149466cb5727f5e2cd9ec3327a9335fd240caa36f16c1fcb707835d7fcff6f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 df037a6cc2d35aeb43d002b6d00d3de1
SHA1 60a15fa0bc05694fd078075e2fb218f4761ceb59
SHA256 34211d9c9090e9924036066577419199dbc25237cce091fbadd4d44ac4a23756
SHA512 8fc664a22106830735bc4425e40b7d9c6f92a0d4bceed7aaefc7d10adff33285e79b11e8549210191ce291c3f89b1dc381fa5d1b28f1811fe695e33c5480c65f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 4d3dc2ecc7bb339225a4b5b443f55208
SHA1 83365637a6970a75f3782bf7a405844eac0f8e4f
SHA256 1d3cece6eaf852d9272a4512c90c4ee9126a61bbe7949b6a22561286b9110086
SHA512 fcf8c1ad550c52857726f8b7246b9d8f839a2abfbb5019b832f898a72804fa2040589371173a867cf327fd139e6c5998ccd845ae697ef5ecc66cc890815f2029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

MD5 36a8089791882747bc6ede6d6302afd9
SHA1 f97856872f714a69c8e9813dcddf717b64b23e9c
SHA256 0ff6f92dae6a3d58b7d9a34425a55e893afd93f4375024a879203e0513aecb2a
SHA512 9f1a5f92ef9866dcf6c80d7d2b08b31ef71d2f0b17f393c327b6191c5ff2e73ee33e6100dc9787ae31e10762009ebcb9e89f698e60713bc1b867eee6831e8ea3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 31a1b08566d43ce7ccfd9b6cbcfaf49c
SHA1 c14c064870e198268e757c22303651691aeac14f
SHA256 c0d09250544644cc09d454e0d24a99d634f7a5cb6b6c9a704da4a412db5083b1
SHA512 a6b695598e94356a5ec70becf75a5b12ea88a84393ab298b4243ad13f6c3d6908ca71b7e87d117f35732b1b8b555bf3414339698204489bb52bcf9e331d776da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363203032316837

MD5 f95ce60f71b604c9cbd10aeecdf9e69d
SHA1 e0481598e2cff2860aedb07991f7afe3f2049bb3
SHA256 6a96dc1d1b5a49975bbdb68c56f7537096debddc591bb092a99deac0fc60e683
SHA512 af1d7ce479a87c3d340e4a0de2b9ab630604f7f74e02fb5d2e70f077566e1b055ec12b6a01857a2a3ad25f1e2c90c125989517e3e6b3e663a4233e77e586e4d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d1143ad89b151489afbee3c6eecc4d77
SHA1 fc7753a709f4720c48e12c2153db32db05314935
SHA256 3854285392d964d139626a5bd393565751ded72bfc434eca16bc12750455108a
SHA512 285d233bfd6e60f412bc3ef19cf5bfaa99ffaba5f89ae556558810b0ce76e2249f38d795f45c63c2f46caf4d78276e88aaaf632a2a0935463477594d9ff9c32e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 ab0f734de5a533487ea34800bfd6066d
SHA1 69514a562bb9524c1ab4e8f961753c309ea7a448
SHA256 a4d05075ec664779e7268cae116e48502e7ea4c974bd455e0d5e95f5d88f1991
SHA512 e2556e6fd398138f7bf2eb18f77dbe0b87df44c0a2db56089d94b3f84707a7c21233e3d3bdf5ca430d45eb756a3f3d94ac2a1288a0df40a4aaa527355818e01d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 ad1e58567c9d857727f26aa7f52d6b25
SHA1 c1b6465542b9c7dc2a984afb6156c35c3e60c79f
SHA256 40ba087967be60a0ab76baeb34ef848fa927a1af805b9158b18285df83b7ceb5
SHA512 2ae5cff54ea651120bf34919430148bf678c2c6b0bc4a73a2c45abe53feb741971bed1ef18183f0e94d2eb571617bea56be5744a7fe9fdddb55fef77ab8220d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 875970b06268404a7c72e11691a0b8a6
SHA1 5b19cb1dc1c9854ed077f3ca907afd55bc49010d
SHA256 e869ee883e45a9628ed589993524daba69657c2e6f4bc8e83642ea4bdcd0fc32
SHA512 52543d523a4389b78bde6f75c1cfb63d7e8fead0fbe5733aa35852ae084414d3fbb5135a84569adca444c25fe55fc8c684e9dc584caa03e949c18ca5bf076266

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 a3ccf02f1094e597e576b16b9e810cab
SHA1 18b81583cd12695840168be57314a9b4ca953a29
SHA256 3db12acd12e560c4a57585226b653443723cdeed95866b4fb80a2d946cf50748
SHA512 aa72e00b84064662203b7e0062cb7fb5b436df1985e984bad49521bfd7e44300a8604e7f03b87e5a787f0ace55fa74bb365409e794337097f48bd1026a136d28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 22cde73120e24d31a5d0878bb187adb6
SHA1 82c71155b28cfec082c76c938123148249d74471
SHA256 2137685044876f8bb9aea47befb482724d82c91e282d506a4f7ca01598dae917
SHA512 8fc9a51305895786c2b8e80eb7868cf75b780963adaf84314653ba32017f8b1e8e6e5ae66f0d2b539e37e000cffbe5af1a976c2543a719e121a861a76df50abf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 00b21df9b8f40d73d17b91e3cb802866
SHA1 cb81e68a61edd1dc1564d2247b4ca3f0bc7cca2a
SHA256 87fedddacb50fd927e242d48556a0b1d7e3b77393b224df6f6ed146bed62b0c6
SHA512 1a5a82db6ced01b15dbdbfa44a5ff98dedddf0f36037cec8da69b6dd2554130ccfbf1470fe74e09875dca07dcce47d189a4daaa0960d593c32beec5a3c303ab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 c822ce37a5eba32297f61394d078b2d9
SHA1 cb3ad242af649fe814421ff885fcf56192e5ef48
SHA256 0a9b5206a0c23e9e214bb1b9b7655fdea1cdc3a9a41e014288fba14911db113e
SHA512 17b95814014868d7ab8e43d89772497a6dc9fa2ec2d038b501e90fc2e56c4a508954ece67d9d939cdaab4bd801a6642fbfd81bc0b7645a8a7fa383c1667f93ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 7c2b9038cdeb652bfe22779b93b160fe
SHA1 1da71ca51aa54f40d33e6f487377028831e2dfa0
SHA256 34e460e21d05bb320a28f0a21e270931c5dd11f2a8bb7c7af32e22031d9ee1f9
SHA512 3da46d98f59a3fdcc1da132549b6bc01f970b052d81ee88e339b0a8d03f8762a88e5a283980c0eb17a2a1b4cc4b6c9ae36e3fecbe933b9289a4c3e19401ffc30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 650c3e1867c08cd8eb6971af2612d6b2
SHA1 9497a294eefe84a0b08c0abdcc3e4e83d9027944
SHA256 3031676d71c79d489caf3d263ec9a94ff48689ec1486682d61cceb82be9c7f7f
SHA512 17025f724a4fcdfda91e260491e0cc20e0f228840bd22664cdf963f1b7b45245ad589d021590062f33ef9c13193b0a643726327c07803aaae80b4c57fb0f8b9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 ec1641b0dd76743089cbcc55cf13a80d
SHA1 616b73d29cdea0fd29e9c161492346d1f4502086
SHA256 8d5898400daee26371842f2e77e02b8e29e9ad24b600226ec2cd84d4dda50a3c
SHA512 df28d52a6bd4434078246c49b2bacdc8ec63f237a2fba1e202d4f5e5500a87302615958ad49ae081465da636c607141a4964dd327441c0cba5595e3a90461de2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 c9466300dac77e85b1e5ceec766a1cab
SHA1 5c13f94554dff94dbe525256d4d5cb51abd0fc8c
SHA256 cdff9f9132cf614aab70eb97a625d266e4c8c043fae52ab955742b9a897f6f0c
SHA512 f841a3c04e081e69da4609c278db1af360dcba2c528ce4e1eecf88b68203940de9bbfd1cad4e1d5bb71c331a0ed5220659e94c22f86bcf8ad6c158444d8f05c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 9232cd08c28b56db9fe30a7aca459e29
SHA1 6507f7965e9ab30a429e1ddd70e643895620267a
SHA256 f9171c59fdd225eb5c4c4e891e00657556e8b9f77d69614eb80bb20636ee912a
SHA512 2c8321cb752ccaf250100dc4dfbad7e6ec51d1323a16c673e4e70493b0f1a3358957bc4ab4b1853f6d2bc6ed375886557e0b0d76774f9e21bb4886bfe4cd3da2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f1e6c5d44f8099311e827163e879980
SHA1 6f094eb26964b769322cacabc5bea4395fdd012d
SHA256 451cf3c32996f74e9daa7864388f54430b0e895d1c5e72d7afc375dccf2401b5
SHA512 662f22d0a7cc2fa6b0bbbd45812cf80accae78861e70e861d7302681794f4564a44f592969c6fc84abbb1f1ea2c875787174d8e53b57ae921cffa258761d415b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

MD5 394c8e932c5f5703d67d0b68873860ce
SHA1 de307b2bddcd6943bf4683a616a3dcdfa790c19e
SHA256 3dd17fb39cdee7c05822ac2f276d57b10cbe90157ec448d949462eff22ca5339
SHA512 9d65bd6adf180d6755caf5e08f88fc927616fb51de48513d364ed95ff56f7fedcb24fe1fe82952cf4df1c72041fbf1d73c800703dc74a23a9d9176264873b6e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 c869988351c5b06b88eed602066a85ea
SHA1 f380ed2dfa652cb09e40e00096f52b6f23c671d5
SHA256 d66c1ab82e389be3ab868a23b4ef9545694d4ca3fc30962be8120542f488bdc8
SHA512 249c8f59c846b72c43068c5313eeb51a30603f01f6eefe9768a22f693e7e64436742e0e33240d6d226af81c33d60fe2ca6d4dcc1117152799d51fab5419a4485

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13363203032076837

MD5 756a3adf416bd7ae519b167276d5727c
SHA1 6bc554339475abecd3a3c5fb3281bc65176b790b
SHA256 66bf87dc284d1993e23834ad40a7dcfc71d54140b84e8340ba2a95a45857ea66
SHA512 393886ba29ccfb49adb0c4dd940c39a506c70a5afe5851c0bd60b2ae60aa8d6e8b05feb920c75f1611412590c477ad7732a659560cb4a2fb8969b5dfb067718f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 95b53905a48ee5f6097e0c0fb590b909
SHA1 f45eeb67fae4737a9d0b050a13cecb9011854f3b
SHA256 1bc532b3668ad99151aab584c690cfe2bf62c61edba3df1863188be18eee1a41
SHA512 01424075ab0fe310526c31a4f17c5957e47ae0c2cdc45c9d42e21e61d2f676dd95d8bda750a0f14a82a233c32c1bbbba315492ba2ded1a3aafa529243503345a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 270517a18bc143da78aeb5954b0d0942
SHA1 562a03c3acace7fbe6b4bde94562b1471788f5d9
SHA256 e06bada6a8554faf73851008bfdc8539e67a9602ec6a5dac6e566d49ff0d3ed6
SHA512 30070629a19c022d0a2bc35238813c11a9a43c3c284a53330c44f4b6946e32ebd2532dcf9bdc6f33feb26ca7124b1ba66e92ac678a959eec7111141f29e1be63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1c1728fee447f61633b77b7dcd336be1
SHA1 13336afdedd6f2107cb7088db2f3fdd10b97ec1a
SHA256 b601deebdb2fdd4c844e910dc43c9799a4263ec3ee06f2982f8d81fd2e0a4c82
SHA512 c3b9fd1908177fa6836a8cc2bef000321571b8470a132e49839ca266326b62fc97962cf459f5d160dfd6d0f4edfc6853f4a47275440107ed9f32d52b2548babd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90c96b40323d26f4e9bd264ad491a3ab
SHA1 5e274879be79518f948b605c7caf72336bed7323
SHA256 94f54acbc1e8ed3f42e9bd50201ff399a16e5c4ce7cb8072cefe52f81aad692e
SHA512 52d2f4a9a3dd82bfe1d09078acc90139fc95d7a61bdd0f8994e053ec97f7979544cb1122fed2d73564e68aa6459113dc3cfeec9d7e5808773e763202c5e4c184

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 5219ac9cb060eafa0988f43ae549a98e
SHA1 f924d452a4121e0c808c1b756cabf43938109733
SHA256 64428d9fd613a9afaf525f4a38448804adb094f2e7ee2cdf6e15f8647cb58199
SHA512 beb8891ba27a77216351c2ac197662c0d9db4bb92d98b9a13e199f620c9ffba2b1efe9e34ffe5e1f97b35692fec0f19e3d16722a2dc8ed348c23330ce76eea3b