Malware Analysis Report

2025-01-19 00:32

Sample ID 240506-slg4dabb67
Target SKlauncher-3.2.exe
SHA256 05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
Tags
microsoft discovery phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Threat Level: Shows suspicious behavior

The file SKlauncher-3.2.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft discovery phishing

Loads dropped DLL

Modifies file permissions

Detected potential entity reuse from brand microsoft.

Unsigned PE

Enumerates physical storage devices

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-06 15:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-06 15:12

Reported

2024-05-06 15:15

Platform

win11-20240419-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4376 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 4376 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 3552 wrote to memory of 3536 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 3552 wrote to memory of 3536 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 4376 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 4376 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 4376 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 4376 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 4376 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 4376 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 664 wrote to memory of 2148 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 664 wrote to memory of 2148 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 3964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 3964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 3964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 3964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 3964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 3964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 3964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 3964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8406c3cb8,0x7ff8406c3cc8,0x7ff8406c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,139331942642707609,9714669473741933466,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,139331942642707609,9714669473741933466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,139331942642707609,9714669473741933466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,139331942642707609,9714669473741933466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,139331942642707609,9714669473741933466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,139331942642707609,9714669473741933466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,139331942642707609,9714669473741933466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,139331942642707609,9714669473741933466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://www.minecraft.net/store/minecraft-java-bedrock-edition-pc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.minecraft.net/store/minecraft-java-bedrock-edition-pc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8406c3cb8,0x7ff8406c3cc8,0x7ff8406c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,12530560606937941841,16363709295662623607,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,12530560606937941841,16363709295662623607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,12530560606937941841,16363709295662623607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12530560606937941841,16363709295662623607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12530560606937941841,16363709295662623607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12530560606937941841,16363709295662623607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://www.minecraft.net/store/minecraft-java-bedrock-edition-pc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.minecraft.net/store/minecraft-java-bedrock-edition-pc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8406c3cb8,0x7ff8406c3cc8,0x7ff8406c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,11528219109148912073,15596389077895707645,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,11528219109148912073,15596389077895707645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,11528219109148912073,15596389077895707645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11528219109148912073,15596389077895707645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11528219109148912073,15596389077895707645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11528219109148912073,15596389077895707645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 files.skmedix.pl udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 8.8.8.8:53 sessionserver.skmedix.pl udp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.234.234:443 rsms.me tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 launchercontent.mojang.com udp
GB 216.58.204.67:443 www.google.co.uk tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
IE 20.190.159.23:443 login.microsoftonline.com tcp
N/A 127.0.0.1:50627 tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 152.199.21.175:443 acctcdnvzeuno.azureedge.net tcp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
GB 51.104.15.252:443 browser.events.data.microsoft.com tcp
GB 51.104.15.252:443 browser.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 2.18.190.82:443 www.minecraft.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 23.53.113.19:443 assets.adobedtm.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 18.239.208.40:443 cdnssl.clicktale.net tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 8.8.8.8:53 40.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 19.208.239.18.in-addr.arpa udp
BE 23.55.96.141:443 c.go-mpulse.net tcp
US 2.18.190.82:443 www.minecraft.net tcp
BE 2.21.17.194:80 www.microsoft.com tcp
BE 23.55.96.141:443 c.go-mpulse.net tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 13.89.179.9:443 browser.events.data.microsoft.com tcp
US 2.18.190.82:443 www.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 18.239.208.40:443 cdnssl.clicktale.net tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 23.53.113.19:443 assets.adobedtm.com tcp
BE 23.55.96.141:443 c.go-mpulse.net tcp
US 20.114.190.119:443 x.clarity.ms tcp
BE 23.55.96.141:443 c.go-mpulse.net tcp
US 20.42.65.89:443 browser.events.data.microsoft.com tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp

Files

memory/3552-5-0x000001B1390B0000-0x000001B139320000-memory.dmp

memory/3552-15-0x000001B1378D0000-0x000001B1378D1000-memory.dmp

memory/3552-16-0x000001B1390B0000-0x000001B139320000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 d74480fe30d99e2a199d96fb8acf767f
SHA1 1fe7cf74a11b62aa906c5a718736c1196f696ba9
SHA256 e42546af6af387a5009b0fff3d6399e1b30db0a08b0f6968d12f492f2516d34e
SHA512 c2343cc899d8a0272916a604322ca04dbb5d3e630c2a2d6274534bbe2bb8e24a9583d5157ac897ead3c9e571bd28d7c0fcbb234c0ba6c5ecdeed8c11e451c0c6

memory/1032-20-0x00000220182A0000-0x0000022018510000-memory.dmp

memory/1032-30-0x0000022018280000-0x0000022018281000-memory.dmp

memory/1032-31-0x00000220182A0000-0x0000022018510000-memory.dmp

memory/4376-34-0x00000000027D0000-0x0000000002A40000-memory.dmp

memory/4376-45-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-49-0x00000000024E0000-0x00000000024E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4527662377400.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/4376-81-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-141-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-166-0x00000000024E0000-0x00000000024E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 5b0bfa78154b1c57ab68574af285fc6f
SHA1 bf9f6b357352f81a2e4427c4e5d839b89b32d3b7
SHA256 0e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f
SHA512 95dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26

memory/4376-180-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-214-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-232-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-238-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-242-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-245-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-248-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-251-0x00000000024E0000-0x00000000024E1000-memory.dmp

memory/4376-267-0x00000000024E0000-0x00000000024E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF8458504641244077408.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

C:\Users\Admin\AppData\Local\Temp\e4j4E10.tmp_dir1715008405\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF2552425710410063758.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna7501173109404679108.dll

MD5 719d6ba1946c25aa61ce82f90d77ffd5
SHA1 94d2191378cac5719daecc826fc116816284c406
SHA256 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

C:\Users\Admin\AppData\Local\Temp\+JXF4245564171753748570.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 22cececc69be16a1c696b62b4e66f90e
SHA1 b20b7f87f8bc64c1008b06a6528fc9c9da449c2f
SHA256 d940b85bc83f69e8370a801951eb6b8bb97efbb3aa427664105db76e44707258
SHA512 2b2e548f2c8f84d321ef2afdf31128065c3593b884ca8111b05800960b5378b99c7efa6165d02fba4c11e6e4b49b14e419d89f76d55ef574f4ac2b7d6ecb3d48

\??\pipe\LOCAL\crashpad_2148_VSCRFPWBBVEBFDJX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5a85ad170d758e61ae5648c9402be224
SHA1 e6dfce354b5e9719bc4b28a24bb8241fc433e16f
SHA256 af0da8b5ad8127ae0ef7773bc9c4b145ed3fe7fbef4c48278649e1e3aa5ce617
SHA512 641414d91c993f74b6b71654522359d606c7f94ac0fcca6478d1bc33c30f4a9fdb9ce6f8e281c79a2f9b9670fda8a4ccdd80e7d64347c1f66d8c9ef024bcb09b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b5c144d0717a80dcd0b7c6fb88b14257
SHA1 a5c59ed9690c879f3e1b7de6d67a3cb762510033
SHA256 4a80f51b8930adc316439e947d1d3607acba2fea07968f69664e3f99862ad3a3
SHA512 5727710004125709b2aa0275f0599b444d765f983c4a2f68b6613d4b83f3f9e9413a228292f734599e5c28eb25d0918f2f9acf515b2018e4f48fbe75ae0a3e5e

memory/4376-914-0x00000000027D0000-0x0000000002A40000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eff095ea929e3b4d2df9a12896f4d469
SHA1 13f918f3c4d1347d0422c855c30990de7104c591
SHA256 4a6d12f7867799cb7dd11c1cd43bb1b1e9afc379f6af244f9b02d9fb039cf9d9
SHA512 70cb0cece9dc4f1999d17644d019e7718e1aac2b5eefa4ed9b5bcda2eae5efe730ee6d68a04dc1b43d67747a0cd49bf095e7ea64950840bb108f936d1a60efe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b2b0af6431ff652b811b2e6af9537ae0
SHA1 05d814c7c16b2968b879db2081c4d66e201108ca
SHA256 96c5624739356e21f8f0c95ecca4098712f8d454320b046dbdd6645e4e9c9dca
SHA512 633d98af8c29ec48abcf098e50c93676a0c66425ec3c06cd4fcd239701ce04f84f3ce54aff38b4e22669c9a08d0d3b48f957a40fe3940a46a160aa64c238a98c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 119b9326a3d87cf92a8e890d5bb2fa90
SHA1 c7456c480c5473a233b8e8e818ab98f4e30e1fa2
SHA256 75e2b144900db60104e0384f21393c1d99e211d8cbaedaba1a4e87c7b8540084
SHA512 4ca6654aa998491ef90420581291b8121c3c8b84653cd5806464dbddaba6ebe04ff970dc85be7428fb9879f03a02c8bc43488b278edf0b089862a0b9628b0a34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd8229da8c21dcd45f498b717420c835
SHA1 e030d3fb2e2010e857c99e92725572cc6dab0d41
SHA256 c407b2fe97ae3bb57dcbe15011d5ab9e1dcdf4847070bb7215abddd6d9884ef1
SHA512 1736558a9c96e4990daaa38647687f7bf4bf9fdaa9e49a45131115d3ae87ea439bb84a06cff28a08f50f6166ae09f924257ac4121f9e0f5759cb9ececcc60110

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c22c30b9446a04798d3f6d04a3b4bdcf
SHA1 02b3b6e2b96e9bc9db3e3b6d3365ffd5463774f8
SHA256 afb6abbd470dfe384f4fc0c74a361cf01fd5046f9c38a378dc903c2d789dd6d4
SHA512 c4b41e0183fd2b15edb9fbb0abccbfddc4cdcec7aa2a3d39aba9ea71051d798ab7b0dea6f674e7b6527b895673ca3217f5c7c355c7e1199aaf6dec3bf2e28a49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 9078c27843fc830d0c1558feca15011b
SHA1 0e0c4441e4d88835321b3dc4dd93800e4fcd754b
SHA256 8cef722a45fe53923eefc3e3ac5bbea7026ee1c5daaa6623a0ee611e9d057b89
SHA512 446cf8e4e3633c79fed12f958e40c8edf388fdd18f0ce8dbaa4be624078f0601fcd5d0ebb9f8297557624cfc26a9ca8f41e885b2d5abfc9edad5a78636ae08dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 75120fe36948c6e06f0773bcf3becaf7
SHA1 2fe8d639559759a06ef8a642de21cf3d47d56ac1
SHA256 ec675dbfe035cbf25e1a741f0d67f28991e25d6172b6498eb5a86d8ac85bd629
SHA512 56cfdc09ae657a241de77510a06d6d67faad75a01cc82da1323a81987c6973099897a9dc1ed46ea19e58e0c161589a3b4267da208f919120897523ddd2052e7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 e3df407b8fd1329df597983acfa44222
SHA1 3b65f653470bb4f6ffb4f5d36a0419f734c238ac
SHA256 df80c27a0995b71a81fac0e8e89db70a744fdbc43357d5b13798897c9edfbea4
SHA512 0a0c94ff2080c9bd4de9fe08f654831421af6321ee035dacc0445ab624cc1efae2886b7fde77de988df437fa31226c00c39c074b4b3d86c151dcd8bae85e56a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 9a104c1bad06af84f065fc753b60810b
SHA1 bd568978407b29c744314c7ae901926aa7921b43
SHA256 6c054511ccf3277a88435d756579f7a4aa35d3caef9b77959d1e2e961a96245a
SHA512 e9d73257a893a2ee910bd7acb2a57558d01b4b5e234cf0bb7dbacfcd32f9edd11c48d9146eecc1d148228b74c38d43a0c34779ba48f4d001835de1f8ba273275

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 ddb8ebddad525bfffb0ba234ee8a2034
SHA1 62b47c7b26c106485c0a0a04b54f18ed3565e44b
SHA256 3e0d9ebe10d0e9ea9dbe742209124d476a3d80541653de7d2cb6410567e13756
SHA512 1899bd6b61d22f70e6cf466c2eb63f942404f0600f065c75023dc81014a205192ab241007b75efb20fe43faa78e60895d4eabf43a86fa0ae65f239aa7d6499cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 7fa34c6933b499165650c1e39e730a00
SHA1 999aa7490deaf37529d3f9baa3cc3dbab7b2deef
SHA256 2dbf245dca9fb5b412c36a0be6b12489eedefc52d73f4de739f0b340130ebee7
SHA512 7c6839576f42869f583cd5a295d14afc494c4bfa5d2929f41dce1a4ed0e2a52b494068f1c4f866ca206ae01b868e9ae1b0f364f8545ac8f4076f080e0159cfbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359482032857448

MD5 e25524b54fcceb4eef8be5ed73747290
SHA1 d4f636729563246bcc40cc44fc870855be9aba04
SHA256 1c73aa7ac0cc170b15d7560b73bbb561d071c58f4ec5f6c41fca353d5619c060
SHA512 3ba00922459895af140ae3463d0aee73e857ebec3d9bafd518fade4e7099416fb96cb01526d1ba69b17d559cc0fbaf0551822406fb00f75529ad2a5e57f58547

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 701dcacbd10cd56e33c1df8c394dae3f
SHA1 7847bbcbd902f493a709ec06a91f77147b25a4d2
SHA256 a98954f84914bd50b3f94301367e73cb6541a77b24cb8e697bf8b8a49a14d0eb
SHA512 5cb9e6ae007e5a64a340a4ba72aa91ed53059c623d1a1cc9bf3e8a3fc1d310e0edf1127ffd480169d3a4e5b4b521febdd74a4d9c8fe989d0a7c0f72424df4c43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 3f3c3d94e4f799d3b538d3991a1610e2
SHA1 58762d73ee951dc5e3b8932affa38db531bc9d46
SHA256 76f40ef826d870d73d2266fb5df9bc206750b8f6343dd13fe43867000474ac68
SHA512 c10eb8172483b2c8ee3eca9526d4072e171e6786d2a63a4ea23767221d620cb17a62b9e2b0d366fd37b24f0f4f2e8de17ff4fdda0ed5d31cab447e88b8041ff2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 9bdb04466aaafe2da4347ae6ee78fbbb
SHA1 5e7bd1518fcd8144dc15f1c18b4c046928673180
SHA256 9c8f463fc4597d2b705989b9671c2f1719e94a61b6deadb81e16734035544e52
SHA512 f58a3cde04e868ca217f5576c21e5ed76885f0de80d052e56cd0dce22a8b5a165c8a4cec2817a0e53f464fbeaf377737e55c3e02727f86dde3fdab6258795b7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0222db2101903ec984b029395efe06c0
SHA1 ec4b59937773fbbf2deb890860cbc143c0de922e
SHA256 cfab7dd7806462479beca9249af90b95d63c28372aae4a3d42c9f53a6c83476f
SHA512 5c7734accd97a70592fa3e738eba6be9341cbfe1deb75d3ca441edadd7fc43a45ee13d1521a61e13f790a0de969eb54e52445df7bbd56db32fcbc484a50cb05a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 00c8970d193b736111ab4ee52c76297a
SHA1 6ca396b35282827ee7747cd1754b679a3d607c93
SHA256 75ec8f4723c5145bb79657e503e50b574729b8ef7b3c4b01689417beb8229336
SHA512 05b3c32051b5e8d0cd20ce619db066fdbba35d6a0df450fd2d9a18f93ed21b0c8bb343ceed64111b5c08b10202b8566293f7834878c577f1768834f75b378117

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 0407b455f23e3655661ba46a574cfca4
SHA1 855cb7cc8eac30458b4207614d046cb09ee3a591
SHA256 ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
SHA512 3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 0a2df708b1752f9f309ad16b152f515f
SHA1 339c615789f9c8b32289a2fcc4fe109b8c034d27
SHA256 98393b327fdffc0b0ece0215ab1f53d2efe8e308d14a8d4dab7d727019d3b0b9
SHA512 be231a20b52c0574917017ba094f3c463404f58a4a4cddab0c790ed05ce8bba54b1828f5c314d6104c89d67fe18fc9bc1bf0ca50c15c79066382c05027191080

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 976c229ff58bde64e028e08ecdb518d5
SHA1 6da4b3d9c776f65cd76cac08145dd733a0b98399
SHA256 a9065113a31a540d2b28bbc4d11660f5bdc9637dda947d8d3a9858feaaeead7a
SHA512 354dccc7679f49f8ba2b53c764313c07fd30a4767027717385f3c8a20935ea45f1207548aabde07631b2f90ae06152dd621f48368fcb6346a5629b5b855b8c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 4a840228390bb31f2b79ab9084d58526
SHA1 703c7dc860cf7f25042de0bd4999c625a22f06e8
SHA256 e11fa4b388817e63dba9e14891c2bda86519c37f8dd5b6950292b0ec17837df7
SHA512 c78e9b9213575bc2ac96b992466b73a857d6813bd20e507ea098bf145be81573418989e501ae28dc145b291a3ef2ec97b5d6ae8654a0a975f2157a8c4e2b775b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a62d3a19ae8455b16223d3ead5300936
SHA1 c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256 c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512 f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 fe6f98400104ff55c535a52bbe619216
SHA1 1d45a96204299557446fe094128cace4dd8e0ff7
SHA256 f7d1aa9f0bdcb7620d3f23d15653bcb916c764e1b4de20b32d98b837f2d003b8
SHA512 b64f79ab55f40f0dd6760cd411ffe3fd497bd62ae27922a9ec7b88857ccc8e97ae394355e27860ee6d27e277dcb2ed4ce1d108e5c8b318c17d96e848ae04d241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0c38d6170c3bdd4f86fcf21414851070
SHA1 8d9d1964581761e04a3ddb2620e025eb596966dc
SHA256 d080267a26b654a3cc22e947e0798412b32d970aaac506b5ace303e7be0ad7e0
SHA512 b818bd2b58436fb9e46f57634487e32a8407d70e9e1c132432741200fb21844e72fdba4c2450c3f7a003343d0992daa15fb0c824795acc0b3978f4c4535494b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 3af35802d0a233d4d307cab2c011b5f8
SHA1 eddf0d463f3e824b7fdf359af264f8bc185a747c
SHA256 f43a7e1fb39c08729c0436e724990c858726b71df61c10881a319af5758dc576
SHA512 c3a5e7dfd6682c8df0275e440192a06e683e065af03e57c29301e34c5e48c9d46c5d8a58cd29afd25c3026a79be0cdf349a3e5cc91819ab014fc755f13578c68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 40fbcc4fae62e989afd9bf43bf6aa080
SHA1 99c5b35a68399fda4a156e8d366a66f578c0e4ed
SHA256 507591962a2daa156ecb7b15d61150bd4ed2848e7f9b589eb6c2969608ac27cc
SHA512 2d4ce0ac67a9c7c05d4d0296cf683c11e78b3b5e0bc1fa2395de9a6e0bc09e222039ccc6615fddad39b06a8c53dc038068f3faa1c23ba7d0c246dc95ce3e8120

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 7c2b9038cdeb652bfe22779b93b160fe
SHA1 1da71ca51aa54f40d33e6f487377028831e2dfa0
SHA256 34e460e21d05bb320a28f0a21e270931c5dd11f2a8bb7c7af32e22031d9ee1f9
SHA512 3da46d98f59a3fdcc1da132549b6bc01f970b052d81ee88e339b0a8d03f8762a88e5a283980c0eb17a2a1b4cc4b6c9ae36e3fecbe933b9289a4c3e19401ffc30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 616da89f336400628ffe00746e839239
SHA1 d3b4b2750603de4d0008b54c7ed03677f6098fbd
SHA256 20953ee2dad9cb15b303dca49ca2ba67bca8b072030893d35e1aefd9c98e17b2
SHA512 c4ce373b9fd94e87aaeeba11126a41aacfc2fef28b78943719b055c652520660e0cb3c43610c7a4ded234691f9c7735fc3138799ec4fd879564bad9b6bb66b7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 1ad3482b77f0698e307d32d32edb9abc
SHA1 4d7e2d6810a5e0d412a97ce45ef4490ae33d1d37
SHA256 a3fb27c260a3058602f61329e84cad4795ff6a521fe96733797dbd2a52c92e74
SHA512 73617b36f23ec3680a9fa06b98f8ded7d5594c687db288fe08e6e5a28e3e232654b92afd3491508b2efa2c28647a66e462b986ba78362bcc57fe262ce3d1112d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b77939cbd2c3b1a7456b187ca7460e3
SHA1 3591bc075f128d41b548828e5fbfd1d49a5e6ef1
SHA256 3bd56ea075f9df743e594ed0d9ae6096084f9942da9b8ab41046853dd831470a
SHA512 789718a9828d3dfcc921e8fe6ec9d64f580db1807157c4fadb8db09575c7fb790bd8c493aa90f1716f60969c62d3229798436b7e4b9352c268103d88641cd87b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

MD5 b880719133a1dea8246b231c63ea74ec
SHA1 128bbe7254f4e90c09ae3f83df30bf8aaa2e2fc7
SHA256 90de13e5748eb62bcf9c39ba3a540156f08d1355cf1d76918a2dfc9aba23c319
SHA512 23f7af6115dcd6b414d55b9ea2a1f65ef71e5ea31b97bd92dbe60fbdb9cc721235e4684def5179d2477534522592d5f78203b8e75cfa1f95887ff1eecb519e49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 445ef779f298da18ce017094b951612f
SHA1 79cc969054fdb90b044b9146ef760577099c1004
SHA256 d0434a61ead089a8f3d8a40394e1e769c5165ca7cfafd7ad23cacfa633ca890d
SHA512 7db085643fd151e5a6192195f44059c47bb2ec58b1cfe503ce19669f7803ce22fda7104da6a732b8bdf67d8d992b89351485dee5eee0fdeb33d5ae81646d345d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 439d05508d45d3807d7b89d585c0a287
SHA1 a9b83d8b3a8144f0b083df2c89a809c5a7679648
SHA256 6d8438861d353f2018bc8fd0c193956186fbf288cad12cd568f2763389d989e1
SHA512 22f3329bbf8698491bade63ba7f595499f854e146a6639a0d6f1d1fc6709df1f811efcca72dfe1d686879d0d647ec960f17d383e5be541d9d42d19a595cf607f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 568231ee5f81b414874d0a76cf8936f6
SHA1 e2cfe0dca18eb8f9b6f17f98b30ff1c51cb4adf6
SHA256 b3b1235668204c696e12e55128b22772c7cbd5aee459a84dbdee6faa302ced1c
SHA512 eb18aaacdbcc3a52fb8e71fbf5e6604fabda219b245dc7b004dc51f2fdb2457216ed7da784cbe9ae849578494b86384bba7fced6b257f0e41a67e5146882f0a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 40e51b09f1a8362aedb91fbc74780bf2
SHA1 035eaf4a15aae86e6965d36f92118c69592b95ad
SHA256 b8d2e93dccb8b6d8ea20c8adb3e36f6bd89bdc6db7984b0168ecbd467f66da6d
SHA512 d14ec4312fde7e03eaf9bee06c790811f2f6394028358e85c21ed297b2d154a0fe3bc9f30a051e6129903117f2d94fd9da561472499186ef0fe4a637f573ee86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13359482032662448

MD5 577e429f89fffc3d410842b87e448a02
SHA1 05232a15cae1d34b5ddac747d866e70da14fd6d6
SHA256 e42199e2b4cd23a7d3d64957df96f1e76b808d04f04619bff98959400c6be618
SHA512 17d3d114f48f234ab934b37ce3b264ca2b182b71079a1959216614990ea9c3376dc215bf25df97d32f98437666531172b528eb971a479e435bdf63247739d445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

MD5 9bb8048ed90068b634243f250cb6f448
SHA1 e3731f70a4c976f9fd94360b2db63588a23e74e6
SHA256 90509034a2e18a0417c4bf45b5323fe035bd198a4d8c7ff03efbb9d47ea0057b
SHA512 da57a30951c00e1f7c0dcf150454b01f49f1f75359acbc710b10bcb3c687d5a075a03fdde3a060a930815e28e0fc7f3d77dbe95358f5029e8d1178791a2dabea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de7419f1ab128c867a0775893862a86e
SHA1 3a735dc3670cc268c76cf1e7e22441db8cd28bec
SHA256 8fd438997fba7466bcadcc1a26f788d5a9ec8c0219674ace04891d92183f9c89
SHA512 1f10b6ee81b2beb806d6ee9ef74758f1eb31c04d9859d40fb3323b2145c6d9d6c212086b64443fc0d218959d40bfff50388c8acdc433da32c5973949f4894349

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b18f8f0177c3312951cddd15f35cee3b
SHA1 f0390c85ece57773efd90f94a73daac705acd900
SHA256 6a1916214c6b1d80851c0df7e0d017f32c31c34d55accc0f02b52b557cbe9196
SHA512 5d765709be02ad8caf45e1e932a6d62e3d6505c0fbd868b6b60d68d4e830a5052efa40ddae053aae8efb72a5b6d1b9c85ec34e686e2288c7c02e18311a93b513

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3c85a0f4002d1938a67b0e12a358d96f
SHA1 d43c4cd52ecf9261cfaf2a5d8c25cf02bb0cfcb0
SHA256 43003d55f3ada0c2c80f4c132198c1fc1b0b5f87dda8e7d56d9e452aa2fbe7b5
SHA512 c4d73bd690c6463524ca8b09fde7f9405d009ba09ad1ec603a6eb3556eb83432d8537aeef4081da45bfbec120171496d106edd8b6b1ce7ec6ab18222953e097f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25b2af9dfd3d372fa2ad4e4c879b4666
SHA1 853cf92d2bd30b7d8f987c0b57da949ef6480102
SHA256 4cd3f0b130d63030d19dc5341f681e85b81eb999744b5b28e1f69fe34c5efbb9
SHA512 bf0552831cf47c2cf1921ee869df39d2dae18b33a99fd00a9010aa8c9c7b8462374a50421f2fd59e8c9b7bc419ab62a7539a6d44e13f8b1739421e6c303f7f5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fd4223a96dbdf97821dc657965a7b64d
SHA1 2cded5f52e4d03104257ea8149703dc93187602d
SHA256 41fc6bd7a7090c4587ac357b63d870fdc55dd852e944d5fcc176e8a4fb7e6e65
SHA512 5e0fabc9982251f2e62553cca6479ff9d6a7b2834bf393d80a404850152d3d962593f0a307dda5cfa308ed8cd6e591f3b47042f3585149807364669263c8c1b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 eccce5791c52eb92e1ddff18397f8377
SHA1 ebd03a2a7b173d6cbc650b0a864e3057f8687966
SHA256 a7652619b2aa88acc6f7b1a27adc9a79bf4fd570efb1e10311510cd1bca466b4
SHA512 2106cb4613d9d6ea94621fa2971eb8abb7f41afe2697c13f89cd0f11d51ca0d7fc6c80a876396bba82a6605815134d0496c6f09387019a3ddb7c6660354d53a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\83c83337-269f-438d-8a35-2e5a1ea1ab5b.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 284f6b40e34922a9d56448daf3e75cc4
SHA1 43ee1474057dae7c922df69113e43f36884439bf
SHA256 f3cbd807c20a2e0fb29f2aa1de87d567be307d1c52a564338213d2408f3bc2a1
SHA512 0f24f64ae0ec7bf45acccd69c04b731a5eb7a2fe5f51bd8e7c73623ff5e5003a3fdc51a155e4f4b48d119f3b20b295a584b69902b5bc7b9ff935e56a40826a82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9444bf0a5fe21c18fafb9e5f23b3da11
SHA1 59d29d0baf95f132de705997b5281aa6f2d7c255
SHA256 8625e8a6c9c9147343c9c875e9cc8ea2573aa975b58d3c7c6b917bac6c76b7de
SHA512 176802123004fc0f0cb0189a616e01199a5511bd42349f242ae568d7b5c3bfdcfd2ce66a8cd145e02951f5f1f6aac5bb7fc9a0e71b740e847a893e621af1513f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a513a55d919d182ab528a8baa5fbf9bd
SHA1 e09767149f38b3af509e90e63a2df2831014370f
SHA256 9ad7511bf2e649d7b5382a37d22f3e4a34ac31f63ae065d5870eb962452e3605
SHA512 2a2126002d5366d350403862ecd1dd15700902349a4b746f405eec9fb2bf9753607e3b431cb267e76ae82d11377f05954a08deb04b18b1a277d292a3d9362718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\af0166cb-0633-4113-a841-8810ecad867f.tmp

MD5 50e1fe4a611e1f3f55cad13fa76b4e0a
SHA1 f243e1f55e1400b60e62e277e9db9f2c15033b1b
SHA256 9edf96db92ea732daca70ea902d8657a00bed0d7d7b07d8255125b5ff2c7e1d1
SHA512 9095140c4d96a54d8662b34f9c5a9fb40a268872a065a2af865df732e71b5e097c4ca23907109c5b515fcd7f6ccefcc5086f17672240468c83669689adac903c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 56f1fc96268c7581afcab0158d20ba5b
SHA1 d6d1ff5b0b72991455d0af223d82f7d4b53023c5
SHA256 cc3c70a9213dcff20fee29b21dfd785dea59c2114b1abd430ab305ff19bd04a1
SHA512 16246ec2a5dcf5f6d3bc7fd136fd9e924d9404a4055cc62d4ae622403a7dd36a8d8346dfc5746a8128ba0aef6167d515f014183df22788144b283d25331b8f75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e88c40004d5b491a99f490dcd934c3fe
SHA1 9d183fd3412ccaf9cd6a9ae56927d87949f208c8
SHA256 178fedccfe22b4c54f194ff7bee7f05ba97a52747fee4e9e654b0f8df6c77b89
SHA512 e14cb9fdd05031c6e8e78ee8530717943c0f535ec491cb2811be953d610c99d9708fc205cfb19e64539acdd71fbbbae3896875e29eef921017877c42aadf2a1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 13a903ca2381474bbd1e5845232ddbef
SHA1 53a0aabb15ddad924f0b7441a1c583d1d02d446d
SHA256 fdae16942128bf54622b1c3d4f306cb036a19d677ce75534df56962e4cd36730
SHA512 28bc4534d743c33e1ab95be8e42f4a824e94c742b6c20597911d43a85f920df294059a415e0a2b4a357158675fa55f09bc26d09602262e30ff5f34a01abf879d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9713f9f6d223cc4b396a730b5f855005
SHA1 56fe8066240008a2d81e17a9454a0189dd53e9f9
SHA256 d642ada2935d4a304f6228819c5c20f1f0ca8e11b24b0c918554368fc89b0ec6
SHA512 7794246e5be85e079633a665ce40f5e5787b9b028f4521e2999ac8fc58ff1b25a88af6553384436e77e5dc6fe33dab570b969f366ade81028b01516a0c34989e

C:\Users\Admin\AppData\Roaming\.minecraft\launcher_profiles.json.bak

MD5 fc780f88f66ca85c86812cb7a887f6f4
SHA1 c2bc17afa1b8bbe0e7116a9cc54c2ccfa48a8368
SHA256 87f2e7426e0e7a5e654b4e0e63191b1b74b86653e8e1ea01e194fd03558a2490
SHA512 d9bd5193073da0d1b929cd6920a784257fd958bad32a9e2d91f984b96f210d33328e7cbfbd783e149875a0d4c65f9e6897977fac0f08513de0d13c556d578413

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.random\LICENSE

MD5 663f71c746cc2002aa53b066b06c88ab
SHA1 12976a6c2b227cbac58969c1455444596c894656
SHA256 d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.nio.mapmode\ASSEMBLY_EXCEPTION

MD5 bd468da51b15a9f09778545b00265f34
SHA1 c80e4bab46e34d02826eab226a4441d0970f2aba
SHA256 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA512 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\java.se\ADDITIONAL_LICENSE_INFO

MD5 512f151af02b6bd258428b784b457531
SHA1 84d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256 d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA512 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129