Analysis Overview
SHA256
05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
Threat Level: Shows suspicious behavior
The file SKlauncher-3.2.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-03 17:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-03 17:25
Reported
2024-05-03 17:27
Platform
win11-20240426-en
Max time kernel
84s
Max time network
86s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
C:\Windows\SYSTEM32\reg.exe
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
C:\Windows\SYSTEM32\rundll32.exe
rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2c513cb8,0x7fff2c513cc8,0x7fff2c513cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11689482572888017770,5629316707642343777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Windows\SYSTEM32\rundll32.exe
rundll32.exe url.dll,FileProtocolHandler https://discord.gg/BdCcpDZ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/BdCcpDZ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2c513cb8,0x7fff2c513cc8,0x7fff2c513cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,1130366626203679729,3300363449099735022,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,1130366626203679729,3300363449099735022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,1130366626203679729,3300363449099735022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1130366626203679729,3300363449099735022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1130366626203679729,3300363449099735022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1130366626203679729,3300363449099735022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j3477823215768615456.tmp
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | files.skmedix.pl | udp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | 12.50.21.104.in-addr.arpa | udp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.21.234.235:443 | rsms.me | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.167.233.64.in-addr.arpa | udp |
| N/A | 127.0.0.1:50671 | tcp | |
| NL | 40.126.32.76:443 | login.microsoftonline.com | tcp |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 13.107.246.64:443 | lgincdnmsftuswe2.azureedge.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| GB | 184.25.204.18:443 | tcp | |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| GB | 51.132.193.105:443 | browser.pipe.aria.microsoft.com | tcp |
Files
memory/1832-5-0x00000259B9020000-0x00000259B9290000-memory.dmp
memory/1832-15-0x00000259B9000000-0x00000259B9001000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 77b377ab2ead35988dbdad319b258082 |
| SHA1 | 91340995a9149a59b1eba04b6f4dea4e79bd9838 |
| SHA256 | 115d20ef996497418b91fda0a984ceb48e5a6661939dab008baf041e56007b1a |
| SHA512 | 1d382d121167c7c814f03ab1a51b9623770627ebdf764ab4689168431475a71bbcff25cdfe0b0c17a96b565475cc38553354a5acec938870708d540bbcdac4dd |
memory/1832-17-0x00000259B9020000-0x00000259B9290000-memory.dmp
memory/228-20-0x000002356A880000-0x000002356AAF0000-memory.dmp
memory/228-30-0x0000023569090000-0x0000023569091000-memory.dmp
memory/228-31-0x000002356A880000-0x000002356AAF0000-memory.dmp
memory/2300-34-0x00000000032D0000-0x0000000003540000-memory.dmp
memory/2300-45-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-49-0x0000000003050000-0x0000000003051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4478265552000.dll
| MD5 | dcd68a87b7e6edbcfde48150403b22eb |
| SHA1 | 28e4839a29725075772fccc39b44e194eb91e477 |
| SHA256 | ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c |
| SHA512 | ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71 |
memory/2300-81-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-121-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-141-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-165-0x0000000003050000-0x0000000003051000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar
| MD5 | 5b0bfa78154b1c57ab68574af285fc6f |
| SHA1 | bf9f6b357352f81a2e4427c4e5d839b89b32d3b7 |
| SHA256 | 0e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f |
| SHA512 | 95dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26 |
memory/2300-210-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-219-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-218-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-221-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-220-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-235-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-240-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-243-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-246-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-249-0x0000000003050000-0x0000000003051000-memory.dmp
memory/2300-255-0x0000000003050000-0x0000000003051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\+JXF4365981949466568038.tmp
| MD5 | fdb50e0d48cdcf775fa1ac0dc3c33bd4 |
| SHA1 | 5c95e5d66572aeca303512ba41a8dde0cea92c80 |
| SHA256 | 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123 |
| SHA512 | 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53 |
C:\Users\Admin\AppData\Local\Temp\e4j2B56.tmp_dir1714757142\SKlauncher-3.2.jar
| MD5 | 4d653e61ba01a521c56b9a70a9c9814e |
| SHA1 | de855dc3dbc914b497b58da92e0c21fff660796d |
| SHA256 | f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350 |
| SHA512 | e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def |
C:\Users\Admin\AppData\Local\Temp\+JXF5017051016646028222.tmp
| MD5 | 8f2869a84ad71f156a17bb66611ebe22 |
| SHA1 | 0325b9b3992fa2fdc9c715730a33135696c68a39 |
| SHA256 | 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1 |
| SHA512 | 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834 |
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna8918732717286866522.dll
| MD5 | 719d6ba1946c25aa61ce82f90d77ffd5 |
| SHA1 | 94d2191378cac5719daecc826fc116816284c406 |
| SHA256 | 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44 |
| SHA512 | 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b |
C:\Users\Admin\AppData\Local\Temp\+JXF8866635845767583784.tmp
| MD5 | ff5fdc6f42c720a3ebd7b60f6d605888 |
| SHA1 | 460c18ddf24846e3d8792d440fd9a750503aef1b |
| SHA256 | 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1 |
| SHA512 | d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ffa07b9a59daf025c30d00d26391d66f |
| SHA1 | 382cb374cf0dda03fa67bd55288eeb588b9353da |
| SHA256 | 7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb |
| SHA512 | 25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a |
\??\pipe\LOCAL\crashpad_3408_MUDZDXLKFIEZWFNW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8e1dd984856ef51f4512d3bf2c7aef54 |
| SHA1 | 81cb28f2153ec7ae0cbf79c04c1a445efedd125f |
| SHA256 | 34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7 |
| SHA512 | d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d85dc3ba4365deb9d7383ef9f1f007f |
| SHA1 | e76818e25e3ac93bbd1e5db4cdfbd91fcc779fd4 |
| SHA256 | 4ce8b5ed41e4e92aead5947b5be1f7ddf7a28a232e4c95ec6c87314300637ea1 |
| SHA512 | d6774ebf2afb073c430da318f6aa22e80b85497202f5222befec3daa7b845f6848fc496c20147b172311efb1a5a26e5b8d54075126f04b25cbc10133b716a729 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/2300-965-0x00000000032D0000-0x0000000003540000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9baf17c8c9a50dbd8a6d3950a78db428 |
| SHA1 | 7e47e1327125c58cddb5c54620a301ed5ff769dd |
| SHA256 | 4857b7a68d0149b1d9adf1685687a00c81d6bfd6d0fb42d939643bca549edc18 |
| SHA512 | c346151896affe601f70231dea61f1727da0e523ea61f0243e47d6f2b2eb7720f9103823aae0192cf06325dbdc8aa89f94650136f22e0dbe0137a47f366a8379 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 88b34b6244017f9b7a3937f16d54a3d7 |
| SHA1 | db5d0959b71cdd89df0074647c7a74cbada99c17 |
| SHA256 | 365978021105e2a79078a4a16c6eecc888101f4a940f34200d6734ddf57e6987 |
| SHA512 | 67e4553a3ac3c10951e1da893b7b0c531ef4f5cd67d36be606d1de49e2187796850f6af861e826d0e6a76567705cd509f83c09c54639ddd923c8052b87bccd45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 192057d7bf3009946bc437db3286f5f9 |
| SHA1 | 9faf91a7d58ce43c0f3738e2aa560da5f2cae4d7 |
| SHA256 | 2a0405ea604e5f0d2e5194b60df1cc31945c7ada73646046257d5f509cbe09c3 |
| SHA512 | e98edfe4439149419eb59efba89c4f324f97dbb05b1b8041257b21176a1782f25084aab8ce01eda3d4d5705c5816a447c44909f35bd624b4e2d866a380c0c16b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 73025cb0adc7e797436358dfa6bb9425 |
| SHA1 | 6409567e882bf9d3df734cea9276a6885e0509ba |
| SHA256 | 67071c62dafe83222a4757032c95b4ecbadf34b870dccda8610bebc2a26319f9 |
| SHA512 | 325f12028e9a8aa41d9dcf10747db7e709106ebc46c8dac489d7644c2360a87a327eb0e6276cfa77a3435021f86bfdd4cd58d6ba128ada94128904ea0e81ebd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | ea5693814d02a33656d58e5b8494ea06 |
| SHA1 | 02c810c74861e2f7d59b3c6fcddd48b6a6bb10a8 |
| SHA256 | 142294e1ccd69bce97c50c43defd0e4f149b3aef2aaafbcfbe10a28192b4ac05 |
| SHA512 | 608d0bc320650bd7a91ba8ac97a084a55c556b335587421fd81379332d2874f32adc1f3935f665c7bc95b61d972f195919a6220e386d0771adbefbf9ecd1485a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | c1bf8d2e60646bf66db8e9f1722ee821 |
| SHA1 | a82644e4a7e7878d518fea4e1497c5c308bb61b8 |
| SHA256 | 4d5d42f524607e1ce9e6451346e7c31aac05f3e5c6fba28f308e277315f03334 |
| SHA512 | 2344fd6ec2c53edc33d918ec923da358ee2932a09468a90f8c3a10934f8ab132664107ad034b6c11ec44b65d49ecb4c3f9ffb6ab6bdc850fe1e85b540e82ec8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | ce1bddcbec722e4e20e54dc538c59e8b |
| SHA1 | e8080a4d2d57c26adebd0ef0aeb558fd6b7dc9cc |
| SHA256 | 00b633ba77b57446fa089ae0b12e28f4988cea4b866ec7c68411268b8e3d2278 |
| SHA512 | c41788eec460cdae0a0ff6bcb1aeb2b1c34758d1be58031b00f43d75c5b203ed34c6548213cc2dffc04414c52bdf6d98bfd97cd34fa875d1d55602cfc2f2300e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | fcfe28e4e8c0b2b9b4b65658e10937ad |
| SHA1 | 535942f91c6208514b9a3821a2f7a837c57f730a |
| SHA256 | 4c1100f82dc50efd16a1b9a74f34e313e60004e6230dd8205c892310f248edff |
| SHA512 | 0d690db1d0d923efbddedf31167313dac8fcb95727d2289cee90da83db4e208f32036dd863fe20f1a67ab1827de4a690337ee8347442ef5b39ca3dfc5c28d044 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | dfa52dda1f464d91abb2d3ba9fa78de9 |
| SHA1 | 3ffc99c60fc3482e453b26a983927ccef4a0f506 |
| SHA256 | b0e031405b83272e248276ade7ba91f3badf41d884ed4271222d04c81d62cf09 |
| SHA512 | 6a612aa15ccac7809639690ad31a5bb8104bc459b4f3313b4bfd95db6fb0eb2338476861c2ebe6cd62a38eaf08517d533a949f56c8d983b3fab67974a77f9729 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 24daa7e2b3f0b2ac329fc370f6091097 |
| SHA1 | 1de0b1a78a62dee8605288ab275a053ca661d3d2 |
| SHA256 | aebef6327813cb1128362cadff206fa49a0d24b29f66decc734c3ed10d3e7019 |
| SHA512 | c22f0462ed56884f3ad6471e79de1772e3033118168aefd0e200131a69b29e6fa7c215c685b53e0fe4f589b11fb05c3b815e86d97939d78d5ef1feb0c5cd23be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359230768121485
| MD5 | 047392d138279310ae67884dce07d7f1 |
| SHA1 | 9197eeaeaea2a3eef5cb5eb55544940b050b41fa |
| SHA256 | b61578446c1648fd4ecdbf1cc3058fb6a792d1f4d8c33dcf9ce00478c76ec7c3 |
| SHA512 | 0f5718d46e5dbc754dd1e56792250108bfe79b8ad4a0503430cb77d4426586e6be081504e93e32621cee62937c56a81fcb37d697211b49fd4dac2fe981ddbb20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | d19cb8eaef580501140689d54760e2b0 |
| SHA1 | 9ff1ee3c60ff0af2b149b4cea07c7eb1db1e6b86 |
| SHA256 | 4b0f8226731201c47c5d539877cd2f3158d4d16533a2d55f82dbb3fd93b32e83 |
| SHA512 | c36c2f70a07cdfa4b2aa5507f3fee21c0f573394c75cc1f3b5e74e973c90380e95f46c1c9200a6a7a7fd987413d4d5649fb42937c2ec0fc945ce3912b8935664 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 041e874a26bc72b1c0dcc8f884b69fea |
| SHA1 | d254bd60d2b8d11ed7f789abf0afa6f57fd3a588 |
| SHA256 | 5ea49e0d195c5b651041e3c5c2ca4cb09bbe09ef5188d85da235dfcf8c2d7b7e |
| SHA512 | df5feeb2ebbd36415db268855260d7d42f20164831ff958e1389e5c9df7e5bd2506c30b2bf2a138050222cf719209068ed285372700f642b17a7d1db3d4dfe53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 73064fb7183b5b1e3906e3123d7048bb |
| SHA1 | d561608625600754f3e91f36b6e814159d2a7813 |
| SHA256 | a94e7b1b6bb48a3876071e290ca252e78f52d632d0e50a718c7898f0466503c3 |
| SHA512 | 9c9a494b93d900b8241067c000400d503d9e0eeb73906a6cd53f0465ab22401475c6371250d313f3e8123d6e2ac96330294d73aaea412e0a5e497d50f3c9f4bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 173528e26ab908de0dbc3acd5269b307 |
| SHA1 | 7655bfc53d51fe2c84e4a065be3d28189678b989 |
| SHA256 | dc0a34e279389907601e24a7c855b3cc1bf412e866b43fd37e479dc5543bf1e8 |
| SHA512 | 44e876acbb57ebf310764864501682028d751a935f02ce36c206475bd55dcdd575f9991ff79a54de9d0fc6c6ec21e80cc2125150f2fa39d89650f3c631c4d623 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | 888c724b4242c0100e271d5542633ed9 |
| SHA1 | 212f33a619976a623eb327827bed9acc2ab2e429 |
| SHA256 | e03c1ce9fa22f29843629738f59b4dc8f90fab8dd26e9d70a3ac734709bd1c14 |
| SHA512 | a85ad3dee6acb311afd9a54ec226bf8781673aa3281d012904128fb12450ea6592855002ebdcef3964a32a56ca3096eb24c7bda440c2e7c787b2d7cf5ab456ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | fdcefbaef189e15343f16ebba950016b |
| SHA1 | eb65ba22c2404eea1181fbdf0fa87fb3ad28c6a9 |
| SHA256 | a6134b2f5472d800d332f38ed703e111e58c89f71441f25cfa25cb2bdf92d193 |
| SHA512 | f4dfaf59f31cf4b4e532575a15dba0f57dada65f3b4f805da770a55c9669710f47a9e7c5ca0553bb2848c6045360321fce5068e2fd2a348008e88b0b876d512a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 3b920f1aa41b4f9619e363ebbc439443 |
| SHA1 | e866cfbd7fda6fb2a9471f25bd6fb30346c74248 |
| SHA256 | 32a7edc424315d878f61dc19f952633c7977076f42fef03cb50b3460d146295a |
| SHA512 | e9797803ff65cdff8c35549d0427a1079f5260a9ba615b5baf62954e609609072b2fc4a9879d3e1757dc774b30d082b38297ba1ad11d6649bfd8d944f1ec19a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | fa1af62bdaf3c63591454d2631d5dd6d |
| SHA1 | 14fc1fc51a9b7ccab8f04c45d84442ed02eb9466 |
| SHA256 | 00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d |
| SHA512 | 2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 34d86ed9b7c9d18f05bc6f7e39e43cfe |
| SHA1 | 0fec180d2e42363e56e1e02b20a52d65c1356736 |
| SHA256 | 1eade9db273026cc3ebda8d1608a83d16b463735da2ccacf373a914f5373f225 |
| SHA512 | fb1538b664c4784274c29a8361d74eb24fd42ab712ed2073f77a3b4b89e84797b7bffd5753663f548dd9eb41f2d5bf554d4d83f3f34b04a5402f36249073b3e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ada88aec447be00ef3c27ff39bba68e |
| SHA1 | d81987ee232fe9c96374cbd9ec5cb5c54c49e25a |
| SHA256 | 3a0b24bb369c6bfff6955a3c3a99ec23a937c1b6694dcff9164814e5fdd38ed3 |
| SHA512 | abe07bbf7d2dbfcd3b0b633453832bada2edf9bf8545527279a7cb93b884ec73a4dbb11ea1035127c036b709d3e607d1dde5589691b9616aa46b643b7d1896fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 0407b455f23e3655661ba46a574cfca4 |
| SHA1 | 855cb7cc8eac30458b4207614d046cb09ee3a591 |
| SHA256 | ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7 |
| SHA512 | 3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | ccc05f49178f185ba027c63ba6c17ff9 |
| SHA1 | 49340714fc2174f4a4cf9fdb820746cdd9fb5637 |
| SHA256 | 21a1064616048b0bd37e559bf30df90c7260dc4621aca07d8cd42b68ee148bcb |
| SHA512 | 720abb26bdfdfda308a924eda0e282bab07ae991174bcea89d8caee30c94c95cac83ea8b6facb5896db3ee40f9147c4d08c7f6e6e182d8dcd1c4696ffb1a8c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | ff170da957e5075c03f4039d74898863 |
| SHA1 | a03548cb77d860ce466403ba5522365c1e55c52b |
| SHA256 | c544f63254c7b2cfd632c82edf38bc4f1826d1288798bdb2c2b4bfc7e3e01c39 |
| SHA512 | 58e6de59354bfa18b9dc95064c3ee593a929db3c3e7e1bd0394399eea27b06531f631c05a0296600712accfb185feb1188f24e8ffb7f474cc53009934579ac42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | ab3b7855c124ec45c4ef5d4b2929244f |
| SHA1 | b7c73cb61753d01030ce56e77aad3dcfaf2ee0a5 |
| SHA256 | 640ce8c2016bed06b4d3338fca71ba9e86c04c47626ccedcb3b74e64c46cd559 |
| SHA512 | c3072360bfe4c528026f372c439ebe2fa8d467c20d5374c74b3ae185fd90a9a8a8fdb2324e369bebed51789ba0bb945ae50ae93657f28a29076b7bce75fc5779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 7c2b9038cdeb652bfe22779b93b160fe |
| SHA1 | 1da71ca51aa54f40d33e6f487377028831e2dfa0 |
| SHA256 | 34e460e21d05bb320a28f0a21e270931c5dd11f2a8bb7c7af32e22031d9ee1f9 |
| SHA512 | 3da46d98f59a3fdcc1da132549b6bc01f970b052d81ee88e339b0a8d03f8762a88e5a283980c0eb17a2a1b4cc4b6c9ae36e3fecbe933b9289a4c3e19401ffc30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 3726d1845cd34814d6c9a0d5bd50da22 |
| SHA1 | a81d60d23e6e4af4ce4077b2c9df277168736e7a |
| SHA256 | 5f40234fba5014d17f0df77f46eeb18218e9879cdbfec09f894b646d418c9447 |
| SHA512 | 86f9b4d20536f8b83d6e7ba14c3f9e37f537d7f3abd8692b4a949006800ec37d65258b14cb4aedfbef4a61b3849420dd3bdaa8a7fbdd1dbf6c16d3d0eba4e91d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7e80b5ea94f573a967633430f3a907c4 |
| SHA1 | c3cae386b89e2490b1257b21bb8e97d9b336b9a0 |
| SHA256 | 1d68167c841fc31d2055bca277889b03cde1add85867224b68c0fbb60441ac09 |
| SHA512 | b9c61f6a0662c02150fb7f81accc3714b86a68bb8b9b886b7b9465cb9649877f0f82e1bb1f16fb1b5d6f34e4f64e55e8cabff6ea2757a2af135b5cbf253a242e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 7a7f8e00ce628a59b7f87302ed9be610 |
| SHA1 | 3836d74689259354fb04b09c6cd3849b2dbc94a3 |
| SHA256 | 50799d4e35403a10a6feb3a2cf97cf91755188a5f5d5851e45f9daec4a3022b4 |
| SHA512 | 04a16b8e996ae81e293c915e239157c8d79e18a174f00c8db27c113ed039a2f7b52b011b8959dfa927d18e24cb9e518dcf377dfed6e41c20e3062fc6d3c47ac7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 62a41d0363f678e9f7ceef72aeb09b37 |
| SHA1 | 1f3488617693cdd92d79e92a2e063d896e9fb103 |
| SHA256 | 60c677a83fd53c28dd1d2ea3d45e01b92d2c6fb11aecc31a96367f60d7e0fbd6 |
| SHA512 | 958be71600f511a7e6f13512533458a4aa398630d8a4480ff25b379d72b1f8b7067cf0e25afe8dd9f8068ca3e555a909038e719d62fa2c364b919dee4bba6f78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 86cb4ae0c6573a7832c03863fa1583f0 |
| SHA1 | f06b8102e2d2f1ebc4aabdce072bd59a52e44d41 |
| SHA256 | 739d1d12cf956b789f812f96b23284f1a1a3e096c167e73061798d35af903a73 |
| SHA512 | cd2dd9c25307850fe051d70416c0e36739559ded2869f00116eefeee9411c4307a7d1b1f5b40227e3aa702aab0e2472ec2e28a5bbfe778b85b7ce0d0093ffc79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 481e8881f21d7b012059a8acb2c35053 |
| SHA1 | 9764fb3f4436337e8c85e6cea4878910c3db0435 |
| SHA256 | e7d6ff6de9916dab284662a8cfc843da22a75adf1575263c126a6072b0ca8700 |
| SHA512 | a4a06685c1e8a8f9770edaff4ae053d1d798cdf68d0fa9e9f24fb69f3d6bd6ac09d27e0d144bac8461670a9dd7825caedb9c99c1d3c525c7211d8d904b8de983 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 50db9e43afe265f503d2aed4e59d09c9 |
| SHA1 | eb23fc2de8b9c590dbe1f0a75e9a30276be601d5 |
| SHA256 | a12fa04714c2c0a6149d3a86592aab9ca5f7925b35598c3d67d23b694cabc38d |
| SHA512 | 8db42a7ae388dd04ffdabd01f7e8f2ae337e3f54d6debb7c8daa6c563127daf5853c794316c6e322a988653858198ee524bed2aaa5078576691a734d7483a66c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 758d4805f98cad6c8ae6d27fa013e30e |
| SHA1 | ea28429356bb2b42da0602ac08fa7b6301c765fb |
| SHA256 | 28ce516d24731324716739644f9938827add3056f976c8b008bcded947e766bc |
| SHA512 | e438995cf57095af3568ed87fd12669c480f7e496083b46896e204ca18430bf312e9cb546eef7a0faa7bb6a18a936ab3abfa662566d05ec0a76c44d845be7961 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13359230767885485
| MD5 | cd352359e9170b70114c8829d2de3219 |
| SHA1 | d3b311b673909b6adae46e489e9a3c4ee0ad7137 |
| SHA256 | b1fadef85f6d8b4d2e057fd36e53171da805c3985f5e10fc92d5aa7a0ab3f6af |
| SHA512 | fc5c820572c8d7664e6f014b753048795701b5f5f47ddd13d1cc60946a2af5bf212f61415dfbb48dfaeca2ab2934c86ed8a12a7ae56eed2d2da6e086c56e40c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal
| MD5 | 531c074664cf6fb954e554e4b2c4c80f |
| SHA1 | bdd86b3e4bf5ee772354379e52ebee907f0e4d9f |
| SHA256 | 4c88c723efe8fe42347d7b0fa03714ea2ec703279236a9343104893ed7fea3dc |
| SHA512 | daa8dd016bd6b6899d3aaaa3072aa6c84e950c8e90d1e72186946ffce87170e2f8af04ac9dad4f48bd62b8fd87bdfa01e0d3a24628e6c74ad415b7c9f333f6fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 49f2234e0a18e0836a38f1cf4c9f279e |
| SHA1 | 72504e6388af020a7fcd90f7c1bc30079dcbde87 |
| SHA256 | 1a7f8d9131a6dd52167071b2aefb9f0e2146e77ff7d99476b91ad547d7b3caf7 |
| SHA512 | 4a52097f2349e20b3c4426d32af70876c24b0f84e2449d712f8ad5278d7990928d4122831c000d25875d84b479730b7246ea82146504d5841245b241e4569c48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7414b679a3ba926ff1ac4d818ebf1357 |
| SHA1 | 64eeadf4e539543d738972cdb7496fee3075fbaa |
| SHA256 | fcdac63aecb127d6e0c8b5bfaee0701debf5469db902f466ebd687ecc611f469 |
| SHA512 | 6e589d57d6b6011eba1530db54a2b2efde5819107f5761a6e745ab8a4ed079d64bc148d52df3d8a023c07a06c238590750fde74a692b7e95dc7d677bc7ca3647 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 13478de8a085da6ce00526bf309e52bf |
| SHA1 | 3b3ae2e281bf8f8eab0590a5a9d603dc491d4d26 |
| SHA256 | 8591f19eaa178b57f1d2e01f8ded5359a9a132f24f9eea4f2b18755d121d1dd1 |
| SHA512 | 6f6b2c6c320327cf3d08f8ccb57859ff0bfc174d0d1fc4b3c9260ccd65eebaa99b861dea3b50bc4f2156cf9d9745006514362536b78b5eff385cf1536c204f70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e29c2cbe9e382fad1c35bf81cda1dae2 |
| SHA1 | 772aa20fdec5ec3eb6df451f2360e13afa8eb0b3 |
| SHA256 | 975b58be7f1c7b83f1c8cc9922182259baadde0955e203da0c2f3134eb727f54 |
| SHA512 | b84edb12b39f29ccfc37073d4176ecdee4b71d86711f3c04eba480cbbc6a97bb1801fd4dc86411aaf19ac3cd9d86da28da5bae8ef8ed3e112e8542e2d32e9358 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 60bb6268824fc5b71e33c0090f65726c |
| SHA1 | ea47f392afb796d5328d41562a26a8df9dba8a1a |
| SHA256 | 0d98daf3244d6d2c2a56530bf86da3b30c8d807b25de2579178620bee43ab6c7 |
| SHA512 | 989cc59335b070b9cb8920c78738feb063258ef4034c97a4c58bd719f43851cde6a14de0c152fb148920e0feeefc1674606993641a60f7300c2d7ce6ccc5b8d8 |
C:\Users\Admin\AppData\Local\Temp\+JXF937494674704400634.tmp
| MD5 | b97f16379b4c106616f60f702733f5c6 |
| SHA1 | 85c472fb9a7f256643bc4bba10f158dfaa1d1e8b |
| SHA256 | 4c392dcc8ad916f0f9df7559ab5563b01dd94f9f3b2db34617fe392e00060339 |
| SHA512 | d124af2c705b97cbb307497f88c47a5f7d320174d48626ea14ac27d42bcf8016f32810cf7ecb6af1261297b8c331a6ea89e2e35c3e2536390d8d6e500ed8d61e |
C:\Users\Admin\AppData\Local\Temp\+JXF9054613190483715138.tmp
| MD5 | 4154321279162ceac54088eca13d3e59 |
| SHA1 | 5e5d8c866c2a7abfd14a12df505c4c419a2a56f7 |
| SHA256 | 6bdebeb76083e187c7ae59420bfc24e851edb572e1a8d97c1c37b7b2dc26148c |
| SHA512 | 04ca175774cbe3f2d83543c01cc388e2715ab7b1378143db41bacdc7e7eddf05d3beef476f6acbe7ddeb34861984efb5fd7f299ec1820697c440b372d258aee7 |
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
| MD5 | 802d1182a4685e1b86c0a9dcb3f2be36 |
| SHA1 | 3aea1c3d1925ec0e6c4e534adcccb1271c6a5f04 |
| SHA256 | e48ef14933f4eb6071497a5311ca0ac6e115f7a0d57a60e519296f8fd42ad4fe |
| SHA512 | ebde9d7c89fed73ea1766fdbaf716e5ba69068b5b0c913490c9ad8703540945e2cda248b0365d6a49acecae960a8fa846da53cfbf8e19b98a6da382267dc562c |
C:\Users\Admin\AppData\Local\Temp\i4j3477823215768615456.tmp
| MD5 | c729831a62b2ab7c5cac51715e1168b2 |
| SHA1 | c96d7ca9deff662b908826555b75b32cb1b394aa |
| SHA256 | f35d4a768f9ad6a885e690fe13b507ab2321d56815a50d5f255d08141556e382 |
| SHA512 | 882d199152012cb4e64f19761555b965c0341c418be32beab7ae2d772145bbdc5377fb50b49992d75d7a73b1e20dc073a4cb0aca94d53baac5845538905f8ed6 |
C:\Users\Admin\AppData\Local\Temp\+JXF8718362395179657356.tmp
| MD5 | a473e623af12065b4b9cb8db4068fb9c |
| SHA1 | 126d31d9fbb0d742763c266a1c2ace71b106e34a |
| SHA256 | 1bda81124d6ae26ed16a7201e2bd93766af5a3b14faf79eea14d191ebbd41146 |
| SHA512 | 1fbc2841783140fe54f3ab1fa84e1ded2534bcec3549ade2f513491b32178df515bd63a0a4a2c35017a6850ff9c3a24f8602357d912acf8ca92b8d68ba846d3a |
C:\Users\Admin\AppData\Local\Temp\+JXF8259229721569722105.tmp
| MD5 | 9a21378c7e8b26bc0c894402bfd5108c |
| SHA1 | 72bd9f3ca75ca691ce86fe1ebbdb269f5f737bae |
| SHA256 | 0d34f9588400a586b774be97e66ae8c076a8807b8455df0587b39d2a4a1a3b42 |
| SHA512 | 4a9d23a01f1a7474e0339d4d8b151d0269bfaf7d9e13ff6aa34d7f929002e8ff185f273e6f7afd2d40df3e0630a962dc7767d870dcf1766f3e04b8029a7b452e |
C:\Users\Admin\AppData\Local\Temp\+JXF2644122033018924957.tmp
| MD5 | c5c41f7587f272a4c43a265d0286f7bb |
| SHA1 | 916224c963d04b93ed54ce7c201108f398e7e159 |
| SHA256 | d549110689cdde0821ca2c7148f7b47a097166b4169786a4a9ede675f5ce87f3 |
| SHA512 | d4b4d01088d9f506368dc19d709b4ba6be764929b0dd05775841e14cbbec674f216b81515ae529e95abfd22ed2f3e2d2774363dd4284c8c8b57d203599555f76 |
C:\Users\Admin\AppData\Local\Temp\+JXF4115086226207091322.tmp
| MD5 | 12ec66b825b504d752e8c333bf81dacf |
| SHA1 | 56896d3e6011466b7e6631c714c57e20ee8366d9 |
| SHA256 | 5fc09af94a447fae6f82c00f15dfaef9eae7c560e6cbe46d3e84524019a574aa |
| SHA512 | 8cb838589ac4f9819b7e2204517445df94663d3217297212973e8b2d9fece162155130ddc783e7e89ef2832d38bace731b2ae3b73aff36ad782c707813bc52b4 |
C:\Users\Admin\AppData\Local\Temp\+JXF8687926872236185031.tmp
| MD5 | 4b1ffad3c0075af22674765ff1ee2f56 |
| SHA1 | 1f7b05d0ed1c6c15736115a59ad844adea5f1f66 |
| SHA256 | fe3714926082ac5764327e3b67ae52cb6f0cf6b8c4221c064a6cacf821079414 |
| SHA512 | 427db3fe5860676fab65a9b895d205620a1ec0aa172f45aa9ecef261820e25b84f3413bc5d0a9d0c1311422a8da1f5706ac4f6211a60aacc82974cf00ff036a4 |
C:\Users\Admin\AppData\Local\Temp\+JXF3805946246606655261.tmp
| MD5 | c4c47e3d7ed51a6bb67b7b8088a4b0e3 |
| SHA1 | b190f4e4e8f838c46ffe9507d966ea4d8b37d8ce |
| SHA256 | 5e606f805a71432d4875de7dab737bf9dea1187090f0a5190da9b1bbab09f57c |
| SHA512 | b4251618479c52398ca71cfc61ad88230a14145771ef1085ab9288486d7bfc841f0ea222909f8ba6882db6076df26bfe37e1c23917569270c86d6e7adee7cf13 |
C:\Users\Admin\AppData\Local\Temp\+JXF6256142419785496605.tmp
| MD5 | 118abbe34a2979b66d6838805c56b7cd |
| SHA1 | 7f320cb81660fc6dff9cc5751f8fcc0134847c77 |
| SHA256 | d054d998ae12be33820b100e0ed3923d513fa5c79c6d4e7ca1953afeb262ea9b |
| SHA512 | 5bcad4a03ced2ce76c5ebf78cd2c1328a4ee27019807f56a48bf8a0f936c57f351f10726c176952f0cf08776a5ce53d34c14d6a848925be2789408a61678f381 |
memory/2300-1372-0x00000000032D0000-0x0000000003540000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e4j2B56.tmp_dir1714757142\exe4jlib.jar
| MD5 | bd8451491a92b1aa5fe6d44bc9f3e1c6 |
| SHA1 | fe210263b4bdaa3719b00994e665839c8987094e |
| SHA256 | 8a416dab7b3028f3e79b41521b65432ab2d25dec9f85e220ade0157badc0dd41 |
| SHA512 | 3c1892e9f8812ed6e895936ad16f3f457f50283d88d37b45d780a1d5f0bb2751bb74585b03227d10367b9367c7c2eef68d88d914b8e3cbcca0b2dfca05ad0ebf |