Malware Analysis Report

2025-01-19 00:37

Sample ID 240504-x9k76age7t
Target SKlauncher-3.2.exe
SHA256 05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
Tags
microsoft discovery phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Threat Level: Shows suspicious behavior

The file SKlauncher-3.2.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft discovery phishing

Modifies file permissions

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Detected potential entity reuse from brand microsoft.

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 19:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 19:33

Reported

2024-05-04 19:35

Platform

win11-20240419-en

Max time kernel

126s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4276 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 4276 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 3580 wrote to memory of 3932 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 3580 wrote to memory of 3932 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 4276 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 4276 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 4276 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 4276 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 4276 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 4276 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 2776 wrote to memory of 2272 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2776 wrote to memory of 2272 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7ffb25f33cb8,0x7ffb25f33cc8,0x7ffb25f33cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9085458595010325906,6390995147713023742,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1808 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,9085458595010325906,6390995147713023742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,9085458595010325906,6390995147713023742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9085458595010325906,6390995147713023742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9085458595010325906,6390995147713023742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9085458595010325906,6390995147713023742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://discord.gg/BdCcpDZ

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/BdCcpDZ

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffb25f33cb8,0x7ffb25f33cc8,0x7ffb25f33cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,14382272188439668645,1668286555665347628,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,14382272188439668645,1668286555665347628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,14382272188439668645,1668286555665347628,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14382272188439668645,1668286555665347628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14382272188439668645,1668286555665347628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14382272188439668645,1668286555665347628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 files.skmedix.pl udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 8.8.8.8:53 12.50.21.104.in-addr.arpa udp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.21.234.234:443 rsms.me tcp
US 13.107.246.64:443 acctcdnmsftuswe2.azureedge.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
N/A 127.0.0.1:50650 tcp
NL 40.126.32.140:443 login.microsoftonline.com tcp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 152.199.21.175:443 acctcdnvzeuno.azureedge.net tcp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
AU 40.79.173.41:443 browser.events.data.microsoft.com tcp
US 162.159.133.234:443 discord.gg tcp
US 162.159.136.232:443 discord.com tcp

Files

memory/3580-5-0x0000025700000000-0x0000025700270000-memory.dmp

memory/3580-15-0x0000025771150000-0x0000025771151000-memory.dmp

memory/3580-16-0x0000025700000000-0x0000025700270000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 3efdebabd31dbc497891d22d1b6e3651
SHA1 f12dde43ee15f6d988049b35218171cb2f7159ba
SHA256 84c7bee7ac0b0d8e23184614600bdd233846304aee2114769acc99ecbcda2b3d
SHA512 d77d4518289479b673c1fc64a5315c1454bf5d71548b7fbd843a8bc57acaabc2eb1c24c29638fd8e5b3e0b43c9e66de7204ad018a7648e0f4980e4f3d25f9f52

memory/2992-20-0x0000021F0AD60000-0x0000021F0AFD0000-memory.dmp

memory/2992-30-0x0000021F0AD40000-0x0000021F0AD41000-memory.dmp

memory/2992-31-0x0000021F0AD60000-0x0000021F0AFD0000-memory.dmp

memory/4276-34-0x0000000003070000-0x00000000032E0000-memory.dmp

memory/4276-45-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-49-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4533932536100.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/4276-80-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-139-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-152-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 5b0bfa78154b1c57ab68574af285fc6f
SHA1 bf9f6b357352f81a2e4427c4e5d839b89b32d3b7
SHA256 0e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f
SHA512 95dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26

memory/4276-194-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-222-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-239-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-243-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-246-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-249-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-252-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-262-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-261-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-258-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-257-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

memory/4276-255-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF3038666398041453270.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

C:\Users\Admin\AppData\Local\Temp\e4j4C99.tmp_dir1714851229\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF7784045766774138336.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna1593988432813652013.dll

MD5 719d6ba1946c25aa61ce82f90d77ffd5
SHA1 94d2191378cac5719daecc826fc116816284c406
SHA256 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

C:\Users\Admin\AppData\Local\Temp\+JXF6908535837685672154.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

memory/4276-861-0x0000000003070000-0x00000000032E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b5710c39b3d1cd6dd0e5d30fbe1146d6
SHA1 bf018f8a3e87605bfeca89d5a71776bfc8de0b47
SHA256 770d04df1484883a18accb258ecfa407d328c32c0ccbd8866c1203c5dfb4981f
SHA512 0f868e4ce284984662d8f0ff6e76f1a53e074a7223122a75efa7bb90d0204bc59bee4b36c215d219a03707c642e13f5efce0c3c57f46659a0cb1e7fd2f4d3cf1

\??\pipe\LOCAL\crashpad_2272_WPQVNXHHCZKQQWUI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8d5e555f6429eb64461265a024abf016
SHA1 05a5dca6408d473d82fe45ebc8e4843653ad55af
SHA256 0344fd65882ba51695a10e1312e65f08d58afca83771c9d545e181829d6b5ed1
SHA512 be5edfdcda1ba0db9fbab48ee1b643f1b03821e24048892d18033094fec14171035179e987a08dd91a1c25d91d9256837a4105f6765afd225a868f3e95050b8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cdaf09208c981426c1c49db004573fb1
SHA1 95e8f3d0c0ccffcbe87c5704f041130ccdd3dc81
SHA256 78ad3e3cea0f2f9ed1e2572dab8fe63c4aa1b205602cf24f548ae2ddcb754706
SHA512 86cbab98fe6b725367718b132c638dccc6b7725fdb020c08bfee8ab6048238c1c48cef31173f3ee63245769e9ef92ede6d4565c2b07ac4d391ea2ae509df53dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 34b6baa3f5ea7e4ce2e38c7e351e84ea
SHA1 0f51545337509328dfc64b565e6ad4f386396abf
SHA256 db3897b985e22e38cd36fe3a131f888fb4e198b3b750d452145655c326e5d7e7
SHA512 047e096ff35bc5380d946989e888f544d56a1f1a4d49e088c791d5008d1fb259829ff68ef6b929edd5c800a0d7e3443fb54301e466ff24216d1d8a131cc02c42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 42d821633b75ec995d3818699c6837b5
SHA1 2e27126854a9db90d11cd8f3270122ecc230c0b2
SHA256 bbf737286d1e1d50b13972090fb5e2d884842f9579d70b3c08a49deff839874b
SHA512 5253d2b8ead378d3175e119da073cf11d66985e4d546d513260cf62cfbf447581e9e0d5226f7f372f8f9a51a85f20c0af7fc5411cc9a7bd199def0ca2a440f1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01b8c3ab700670eb3e91112f186ee3bd
SHA1 16374a5eb8a674fc998d0cad0efc62eab72b87e4
SHA256 3e2bf070aa13bb591bcb96783af4d4f367c825afcbd2ce7130aa05ee641af07e
SHA512 f7f9dc2ffa5569bf9917ec660cd81a88aa34a1962eac65eed637582571d8988791ecb7b0d5c5c5d6cb0e3b394df33284c38646f11018a16a39b554f5b27470b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c33849f1d16f9bcb08b7728be2c4ac5c
SHA1 21d3ead44eca20bcb715a69f48022c739701c359
SHA256 f70af94e82aa42025f86cc9d2ffe0973a2d0ec12f08f721a08c60f294ca797cc
SHA512 e89b0edec7126bc5f21853f339916c5dcf4636a89593a2a5c1e43ee8c9639364a07aff223110b41da50148c0a1c66e3bdbafbcc0313b4ff931365d96d783b362

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e577e02926dd7bf16de558f5130f37b2
SHA1 c5a4222186943129579edc33e4e521fbc7c49a0e
SHA256 df76ab5464f5e5dd650a0d366e4868d25bc838ba4a957e06ec8b880a50dc727d
SHA512 7faf17f3a7a3aa535cd9c9f5fed98b409498a70b692794b19449a2fbbed3f7a45af50af4b80511153d8504d0f717e2bab382c045e8e8067b1ad7b02bc4328f56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 16960e084082d0504ebbdc222d31de52
SHA1 ea70fd33d9588844b51bbb23d8e6b140ff0fedfb
SHA256 ad1389527f514fca9a8c4fef67134ca9d506dd476b42b203ad8aa7b86ef28712
SHA512 fd103366214886d7fa24b0124eaafc8b5ee387520450cce84a447497cd652530e08fb647d13a447c087fbc1e29ce71faf92c41b89e0c2539adbadb333dbe2b94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359324938334648

MD5 8e859506fc0929bc383554f10b0c7140
SHA1 3d5ed0c2946cc8a9a5e4b816c7b1dfe97642926f
SHA256 288d627c7e23ff97def195c8262a5854a6a00738e9341706f012072d657f8a08
SHA512 c63c90c94f854b792b41005633543f9ef3704983d8caafa865afa3d7ec95b89e321999b073313b441751cf1bb978d726c3a7474d8d7dacd8af7a31e8f71b750f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

MD5 8fba3b5706173c7b954357a525f05ee2
SHA1 a2f0a900db7822cc6bff5e0a277d6c6ac0c35317
SHA256 948754d2c2e8d11ee442fc3d923605f0491311c919673c09c06a36c6f0246d3a
SHA512 49357075b7f995c065cc935f5e3d6c0d0930fb3cb57f07c4a457a84b0a1c49a08fda86b1af00a7e62d5b898cc23224b7eb9e36a7437fd0ee8b856c8ff8a4f1a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 9c424a913dd951b3554c73631ba974ca
SHA1 a97612843b47328eff7d41aa4f4ff7d847364b82
SHA256 7c24fe5815f5f681e4b519a6e06fa413a2c68816f646b67a8d3cbb5943005240
SHA512 b864813c4db15ee4d4c895bdfb5a49ecaf43ffd46ddc86a892ed1141e89261949c6aecd978a13cea8fa12dfeccc612ec060c1033e2c6f49075915ee2e2bb7e56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a62d3a19ae8455b16223d3ead5300936
SHA1 c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256 c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512 f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 b97050aca39832d384fb3514687b28a5
SHA1 5269a50242f2ebdccf4b45d98b7980b745fca4d9
SHA256 006f9a0bbfcbb0918efd4d15282113c572a8e43cf098935a8b64dbc36202b258
SHA512 c4403d37b8ef2f0b2d85dadc36f2821937d4ab1e265a9b86b8c91db2539f41fc18d326fdb5f593c5c289a0f2f9bb5b17d13105678a69ba82748624248826d761

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 d80d90f1d79820939067a3999ed95abf
SHA1 4a268ae54c6766d93a152fb64a986b19962bd6b7
SHA256 3e2f418352ae8775449c64a5e85c21e1b43ee8f359ac674d2d3c21d3b86852b8
SHA512 5e6b49f70950eed608c29ff5028ceff85fb94694f350f110f44197cdc9f32c63c59d3aa08fff39e9eff497a31d3ba0866fe69945b55b12a48d90c6f701b9a28f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 7c2b9038cdeb652bfe22779b93b160fe
SHA1 1da71ca51aa54f40d33e6f487377028831e2dfa0
SHA256 34e460e21d05bb320a28f0a21e270931c5dd11f2a8bb7c7af32e22031d9ee1f9
SHA512 3da46d98f59a3fdcc1da132549b6bc01f970b052d81ee88e339b0a8d03f8762a88e5a283980c0eb17a2a1b4cc4b6c9ae36e3fecbe933b9289a4c3e19401ffc30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 b3fdfb0fef9405cbba0621fc2cf78b8c
SHA1 78812f8f6daf18d876e00b17b9616934cfe36b44
SHA256 5a3aa94d33b459ef75ca4eeca3fc174f1b6a425ffccdd3705b984c6ecebfec87
SHA512 5b32de0cb207dbf4d34e48f686a9542fbfdb142ea7da4b6a2927b735a9473914f64b3a3efe4107071b2c2ca588cf86436ed17b5ff4150ea54c264a69c63ff2fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 3d30ef14daf6490a6f26b694b8184e3a
SHA1 976f1a151114805e1920a739b0dff70cdbd43e20
SHA256 d7546ec474dfb2fd5b6722dcf6ad648c800828c88560030ae23897adcbf6921e
SHA512 d7c56926ee0a2edc3c283b3589d8b6947f8dfa27298510869796f99ca330e334c69552ecb465de89024673fb86daf705e9fe26848eb61c9499a2f5ba687537bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 565b3c4b829f97651e80f7469d70fd4e
SHA1 5fd12376ba74accee0d71bd5845a9757cb7c5947
SHA256 20fc2ecc773f733ba5f0ec57d2102b3102d4ab06261c8e1831e130ec75fa47aa
SHA512 37a00c08539c07c913b7b58aec31e09111242b36b244c36e79885c50e99a0b6927de4ccb13536f38bd7a58a6f4aadc295c85018aa7a8ca7a42321ae22e6285dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 93b8ec568db6dedb0ff56ae49dab1879
SHA1 5f165ad3332904b55d4bbaa7b39104a43cab39a6
SHA256 cc1dce92382eec766c6f87a2e995a5269dc81095e7cf8e98fba282074501c556
SHA512 5f6801fb1256255eda20c22f607ca29ea10ee9d4c1f9a1a0a24bc25bfc6af0e2088ff8e50fa67881bcfb1b6d2889c900f461445d04d06975551ad88de2da0671

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37a115dc0ac0b8040646f26840e2c473
SHA1 85f0fc2acbe766cfb5588dc755d192bcd0f101f1
SHA256 8fe22cd6be10ef4e3c289e5658360147e2c37467d7f8edcdaa547f66b09700c1
SHA512 b54d9ce005549e794802b8e7c286938da9169cac73a10bc5a6658f42e7f6f48ea5f4e4d52067b9299ee07a965d13973afe4f35b85ca8e662541d1abce894170a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 57ea2f8dd8644469959b732b50a3c9c9
SHA1 e81c26b9fbbd960fbcb88a113473a88c66c79652
SHA256 7d106d1e2d252573f8dfe25e0eeea1dd7ae3708c9c69565f210e391326b0eced
SHA512 0720b535be4d06c47f20a47385ccb34dbc4e1ecbbc1bc68c415d5aab5308f8301299b06a533e5c0d8ed5a973cea9f845583586cb4bb28599a1d9c475fcbf4ee5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 f53d6790819f6ce4a6fcbb7d2550b7a6
SHA1 c0939079ff524b9e10c2c584d1e3e5c34a61948f
SHA256 bf39bebecf1af30f3a1e978d9245700236b3ad95dc5b86088e9920ab05e89082
SHA512 bceb9ba6a9267405ee3679ae634d252d7e2dde1215a40c0769feddf3b5125f0ca62659775618a7ca1ec653d20f0f9739b0cba6eb5378374bc1d86df0e8e504ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 f89facc116cc6bc9a687a8157e43a684
SHA1 060fbec10dd1310483dcc0b0832a28138b7c079e
SHA256 2792e51a8d5839cc25644a086785ea9b5d64bffd4076423a228773323a69bf12
SHA512 a2e98379469e513c62188213e26009122849022cdb8e0d277e1f88f5324ce687b7fba8c22d67f25f0cd6ad306222acbbd9636a171ddd6df0560ef2ee2b09403a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2a94c2ae8213f1fc17133c2d20085654
SHA1 03581be1297aabc3ce8f30f04eea8fdfb4fc8904
SHA256 f1786e17af7df6fe09d12535374e8ec2f183c15aa50b5fcf3f8e0f52cc5cde38
SHA512 d269b8afd2dc4c5cb8b8d0b6fa67deb7a244d8102d76b83ed7dd7228e19a9b6dde6b589f86e9ad063e2ffe1e86bd2516c71851cdfc72f526266cf54f8cb60965

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 86cc26c6d16ffc434fe149ecb3297b25
SHA1 17171da2fe0fa6f3443bdf71ac3acc7cee210560
SHA256 38adef40afa33bd7e2ec2346d9053a7b39f0b4829c3dee7fee320952fa55c624
SHA512 a2836e47a432cb48fb4833e27c330c390ceac523dc203f1f75828f2ae0d13f6c2c96fd9f7d4627468ec78f8317e7cfaedce404d03b4b2c4f2c607ad4d8789486

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 424feb657f6660fbdf954ac66ba6f6b6
SHA1 96eabd5cdc53827943b22c828d9599a0b959d94b
SHA256 0bd48c1beca1c7ed8bd76b991cff710af7904fac717987bde05a429b0333a649
SHA512 39efb4ae0d3ca53e46bf4f02c160810787e64c240846b393b9d3dab93718de60cc7773e81f70b07cec53d8ae39e6d9212ea9beccf0e4bd46952fe3ea87a61f6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 2e5ebb509651b7108655c3fd44166291
SHA1 12b2b6d21970f386591463b7d636248601e6a806
SHA256 8b23f13a891c99885494bd21270d29a08984655c217615dc48bf39c39679202e
SHA512 c32f03f6b19897b1580c7d0ace98d058d748b2ff1930cef39e56b5d689fc1c9632b0cde48493eb3eb87a4e69216abc2d9d71ab4caf568c5ad14a2c5dc1046c97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 0fdd204f1d3198dba5f56d73d1e900c6
SHA1 786e86e40f1041085a53a2d9263afd031bff41ba
SHA256 94d294e9b2df75662e01cd5d2518667bd3cb56e65ed586aecc7b6df5ee6ed682
SHA512 fbf324c0e4b5307c30c569375df41bf875dbdccb51001c2a7d545fc385f33299607756fba9f3f2431a5705009c7b96d9d7618f8c04c8cb7496ad50eafde26e85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 5cf33793dc67ed19bd3dbcf2ecfc9836
SHA1 bf6fb56ef565368ee027a25e4393f65cee85dad6
SHA256 a95155fc3eb1edc6cb88212c7bb5bf1c477d2c540d77ca6da341230101eb773f
SHA512 b855e0c9c1d9e1dd20a1f5d18ba61759856be1d5e6668ad6c60216657d53d73eccbdfd3ee843847772413e1764a553a99e9f4f705214bb504fbeb8027195c9a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 b9e9538eb1c1e94610556ced296b90b5
SHA1 63be6fc9d175a14567185d52a33a7b11fcbdf897
SHA256 72ee44bdfbec7a24cc14c318eead39d66363b488046f92f65569e8aaae36eeed
SHA512 ca29b31ba9b3be18bedfa424163c9aae14417376b8e53299fb71aec55e9bb5d10e5004aa8e93bee15dcb7d7a9ca723ff46dcef2c8c35ed92fab6704bd18bbbe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 6da4ddaece7fb628ec7d927ee75d9614
SHA1 9d012bbacbd7499fc8b0d8b1e30e400b57f8aea9
SHA256 dfbc8c146faf5683e309882f481f130b3e8d9ec3893c655079a0dd06e976387b
SHA512 b840bada97cf7f7e6ddb2ba342631f162e336efe7c2ca6b539e4ac1aa1c194717293fd5754bb5aa6c766658993237dd0c791cd426bc4fa00e3d330d8124b5d50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 9d43a31daf90110fcef11e474eefc1e1
SHA1 e4fdcd793e62f719a56952d9d5f2b48ab8ab5c79
SHA256 bf655d9de694f34c96069b4524a387f1439d912069934eb93e8c447882f2e1d6
SHA512 30e1b99e5e51f99679eb801cb01ab1630f8123848804cf03c6ea422a4c92321d5543e648373a0c868f92c46b52dc0bd14cdf857734fe63efde5504f07272355b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

MD5 bbe521a48876d411cf16bfd0c900046d
SHA1 825454cb22bf7638e6117fd95fcabfb23acf5291
SHA256 a4d184b3201fff03d1f00b059e626f46a9ed0ae407600d11915d3077fe460e2a
SHA512 d5601794fbdc5cecd6031bd3e12c2047901ee725dab3afd240d063b4f9ffc49e2b48f41d4f8122893866adbf4e091ed1f35abf5943f1316ebfaa024e3691e15d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 cc050334fdd4b5d2df3ca4da6f26a038
SHA1 fd47da7aae6408b3e7f4c62a577f51e3e1738f2b
SHA256 c32954276b2972c5464ea136550413c9d0dc80a1e9e1fddedd3d3d68ff3a079c
SHA512 929bffdf048eba9624b51d055ab3dffe1eaecccdac2a0222f04419d6bf15be9bf2aff2ff8c073e4edcbdea0f31a212bde3c1fd4c23a00623ff79d4e372dee725

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13359324938065648

MD5 f2b8335a427f972ba66104b8fe8041be
SHA1 d54b30d9abb5db2034e2b7c6a8758382cb512929
SHA256 ae2c6c16ee534adf59a91dfb05b429867f384280e774de151fa14d782b6a56fb
SHA512 9f6fdf6459f38829745ed68cb70114400ac66c72c2fe04002d632a8e96c7113161c50c617534cf6a215fc491f88777cde02b2b96afb0511bc170d22e6e883ad0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a800c149981043508ba1c68eab86debb
SHA1 d5d38ee7756809a804a177e945285d05e4221c95
SHA256 18b9082242e0e4928ecfb4baa4da5664cf820a9e7ca8f494b0f318ff114fd8ee
SHA512 a035a16e63335a76f0ab7f2f17e50057d78d0af419e3753cf8895306b65c321583a2b2c7d018233c675111e4c9473792bc62c3d5ea22980f5446912a007b60b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

MD5 73aa864c82d4aa32920ab6756f4da5fd
SHA1 b96f29895536cff61ca8f158120b392093234c77
SHA256 cf91ef8b24c90894cbb7df438ef55d931e1e78c9361f81d6e55f2e0e690cd990
SHA512 8204a62a0d70cc8fbda9b7ca22fe6c7ecff6dd2728bb7e53a1c3dfa7361cf5582e89a3f60a9c8393c526f533a0bc41824511050e99eb583b25b4a52f4e3b2216

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 03f7a99ee8b76fb1bd8c85d0839e6e33
SHA1 89fdf09a7686b801775005395fa27fc4f7d11551
SHA256 8848bd1297b8a5c4d76d342fdef3ad770c965268517694aa628a5911d583508b
SHA512 e8497a93f7e8601825c7053438745431ade286fe34e0e67ca2ef0e819d22510801f267f22b30cb3c856dd1bf8a3abbd8b3c52221e46529308ba425fe35d33a87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c47354799d6d19cc93ad3475ae0b2bf8
SHA1 21044fce483d16686b5733f4fb3b4a37583f9f6a
SHA256 1bd57363df4124544c19c1fd3a863b4e4515ccc911f4f91f1efacf5e3af16ddc
SHA512 c21e7613ffd9cdec983d259a9b393f6c0dd1e856f626075a88a180c3d85049e9437920f10564c5c3c00aa2d9a903a7d96ff00df66082e600c0703f856ef55764

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ab0594a4179be521d0725eafb96d5dc0
SHA1 bc419bdc91826b5bd07bd8cb043552fcee3bfbd1
SHA256 72e84619baa3d4ff88343a28783907d6f6b904161e8e8a32180a35da36b5ed85
SHA512 76733933e90f03a4a458202e4cf3ccd5454b49a1cf2c8c729a352d660ae06560de27cddcb874a3eca72340d5d1eafd2330c44fd6349bfb5d182e14f3bba73f0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 bcd79590e6cd75eae43c4ac46d81105c
SHA1 e677f2ebd09a2645dfa752a4d4f2ee8482a8dfb7
SHA256 1bdfbc80e31d26eb4226464e8124a5b3079d9d2e7f1b81c55ea73b0958dd8989
SHA512 b3ba37e1748bcbc798560e1f661d65baa0b9b425d338d51cafc93983d335e788a0bb4990650338429aa5f0439398f933002372c7e97cbdbbaf60f3e30a4a2dbf