Malware Analysis Report

2025-01-19 00:31

Sample ID 240506-t7sbxaad41
Target SKlauncher-3.2.exe
SHA256 05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
Tags
microsoft discovery phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Threat Level: Shows suspicious behavior

The file SKlauncher-3.2.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft discovery phishing

Modifies file permissions

Executes dropped EXE

Loads dropped DLL

Detected potential entity reuse from brand microsoft.

Drops file in System32 directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies registry class

Checks processor information in registry

Suspicious behavior: AddClipboardFormatListener

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-06 16:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-06 16:42

Reported

2024-05-06 16:45

Platform

win7-20240221-es

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-06 16:42

Reported

2024-05-06 16:45

Platform

win10v2004-20240419-es

Max time kernel

126s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log C:\Windows\System32\svchost.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings C:\Windows\system32\mspaint.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4008 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 4008 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 4668 wrote to memory of 1708 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 4668 wrote to memory of 1708 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 4008 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 4008 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 4008 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 4008 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 4008 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 4008 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 1048 wrote to memory of 1708 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 1708 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1708 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff46a046f8,0x7fff46a04708,0x7fff46a04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,16798271421621096563,3577354612830788463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,16798271421621096563,3577354612830788463,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1500,16798271421621096563,3577354612830788463,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,16798271421621096563,3577354612830788463,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,16798271421621096563,3577354612830788463,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,16798271421621096563,3577354612830788463,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1500,16798271421621096563,3577354612830788463,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1500,16798271421621096563,3577354612830788463,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j1007790867191101790.tmp

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\JoinDismount.rtf" /o ""

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\CompleteReceive.jpg" /ForceBootstrapPaint3D

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 files.skmedix.pl udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 172.67.199.2:443 files.skmedix.pl tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 2.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 resources.download.minecraft.net udp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 8.8.8.8:53 libraries.minecraft.net udp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 8.8.8.8:53 sessionserver.skmedix.pl udp
US 172.67.199.2:443 sessionserver.skmedix.pl tcp
US 8.8.8.8:53 textures.skmedix.pl udp
US 172.67.199.2:443 textures.skmedix.pl tcp
US 8.8.8.8:53 beta.skmedix.pl udp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 8.8.8.8:53 meta.skmedix.pl udp
US 172.67.199.2:443 meta.skmedix.pl tcp
US 8.8.8.8:53 12.50.21.104.in-addr.arpa udp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 172.67.199.2:443 meta.skmedix.pl tcp
US 172.67.199.2:443 meta.skmedix.pl tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 rsms.me udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.21.234.235:443 rsms.me tcp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 235.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.167.155:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 155.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:61832 tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.76:443 login.microsoftonline.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 13.107.246.64:443 acctcdn.msauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.65.89:443 browser.events.data.microsoft.com tcp
US 20.42.65.89:443 browser.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
FR 52.109.68.129:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 129.68.109.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/4668-5-0x0000015D44EC0000-0x0000015D45130000-memory.dmp

memory/4668-15-0x0000015D44EA0000-0x0000015D44EA1000-memory.dmp

memory/4668-16-0x0000015D44EC0000-0x0000015D45130000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 930e95069e058dd1a517214cad85201b
SHA1 5c4e12b17a52a055d0ccaeebe993ab2d5294a5b1
SHA256 3dc3e6031a0a13b2542999032c9a521c09f9a14227b32e83301d9f0e46aa15e6
SHA512 83afd3b37a74e7605a432766710e8a708f267345074413c9a934544206d8157227fdfc77a85f7ea8ac92ef4cca8f3fc33ef5e41865fcb2bb2e8fde2c76c0d829

memory/3536-20-0x000001CC31280000-0x000001CC314F0000-memory.dmp

memory/3536-30-0x000001CC2FA70000-0x000001CC2FA71000-memory.dmp

memory/3536-31-0x000001CC31280000-0x000001CC314F0000-memory.dmp

memory/4008-34-0x0000000002700000-0x0000000002970000-memory.dmp

memory/4008-45-0x0000000002650000-0x0000000002651000-memory.dmp

memory/4008-49-0x0000000002650000-0x0000000002651000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4541281346400.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/4008-84-0x0000000002650000-0x0000000002651000-memory.dmp

memory/4008-110-0x0000000002650000-0x0000000002651000-memory.dmp

memory/4008-134-0x0000000002650000-0x0000000002651000-memory.dmp

memory/4008-142-0x0000000002650000-0x0000000002651000-memory.dmp

memory/4008-178-0x0000000002650000-0x0000000002651000-memory.dmp

memory/4008-176-0x0000000002650000-0x0000000002651000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 5b0bfa78154b1c57ab68574af285fc6f
SHA1 bf9f6b357352f81a2e4427c4e5d839b89b32d3b7
SHA256 0e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f
SHA512 95dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26

memory/4008-201-0x0000000002650000-0x0000000002651000-memory.dmp

memory/4008-204-0x0000000002650000-0x0000000002651000-memory.dmp

memory/4008-202-0x0000000002650000-0x0000000002651000-memory.dmp

memory/4008-210-0x0000000002650000-0x0000000002651000-memory.dmp

memory/4008-251-0x0000000002650000-0x0000000002651000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF1689212120580374212.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

C:\Users\Admin\AppData\Local\Temp\e4j3A2A.tmp_dir1715013768\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF1716285016866995924.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna2530952690492754259.dll

MD5 719d6ba1946c25aa61ce82f90d77ffd5
SHA1 94d2191378cac5719daecc826fc116816284c406
SHA256 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

C:\Users\Admin\AppData\Local\Temp\+JXF399707320606434644.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

memory/4008-864-0x0000000002700000-0x0000000002970000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fbe1ce4d182aaffb80de94263be1dd35
SHA1 bc6c9827aa35a136a7d79be9e606ff359e2ac3ea
SHA256 0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51
SHA512 3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

\??\pipe\LOCAL\crashpad_1708_GVVRKCUOBUCLNNMT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2a70f1bd4da893a67660d6432970788d
SHA1 ddf4047e0d468f56ea0c0d8ff078a86a0bb62873
SHA256 c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561
SHA512 26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21fa850101843e3f069dad159b0c69ab
SHA1 c8aabcf329eb351a4cbb048c319cae426a96d91e
SHA256 2b3d017273fed39cff659645cce848eedebc18013c34ef85ca8ba99d29e19122
SHA512 cd62617d416f0f7b5d7ec4be24021b673d9b6640827851eba7d0f9968053684590f75df50b0a40afcdc4b496d09db3959c1d9b489423bd185451d3c4a3edf166

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e7083f3260ebf52211af3ee75b9ed772
SHA1 4cc364572cefc9310b62eabc46f2d8f47f8f6365
SHA256 a17924e6db7ebfd8fdb33d2d9a71756091eff7de5cd016ff90a6ee066ac15c9a
SHA512 9cd6a721d6049608b6fee0cd289a434853cc7b1cffb5cc90920755d4db8d55de373bacd945d377899790b4877b8b0011203994b7192bf420dc66b15918f3ee5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab9479f052e4d4d927d537db65b4d300
SHA1 c8d084920dbc20ef600ef7ccf64328b848448787
SHA256 ef6fd3c0351e94b73890294c15e82a66aa1e527aac5b34cf00b5dedc737d4124
SHA512 a363c82c2739cfe585047bc670414709147f977279b680855196f43aa10a9bb49758f3b74ff4e32a9f53627090a1f82b241a606fa74624f87bde3586dd0405e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 51a876fc45c026047b90afbf8d2812df
SHA1 6325e4fa06812ea0b723c3302a73a231db246b8e
SHA256 6ca2c2eef4bcfa55047e5c312818d61ced408452be3f466dc49469defa6236c6
SHA512 797247385b287ea5ac08cf89608743b51a58bca95e3e6932ba1ae804c367e93d62563db0f47082cc67604f56bc1b4c095aa680b33feb7b84031a36146c3ada62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\755a3a43-f12d-413a-9cbf-24966e2eacc2.tmp

MD5 73025cb0adc7e797436358dfa6bb9425
SHA1 6409567e882bf9d3df734cea9276a6885e0509ba
SHA256 67071c62dafe83222a4757032c95b4ecbadf34b870dccda8610bebc2a26319f9
SHA512 325f12028e9a8aa41d9dcf10747db7e709106ebc46c8dac489d7644c2360a87a327eb0e6276cfa77a3435021f86bfdd4cd58d6ba128ada94128904ea0e81ebd1

C:\Users\Admin\AppData\Local\Temp\+JXF6715639106916640547.tmp

MD5 c4c47e3d7ed51a6bb67b7b8088a4b0e3
SHA1 b190f4e4e8f838c46ffe9507d966ea4d8b37d8ce
SHA256 5e606f805a71432d4875de7dab737bf9dea1187090f0a5190da9b1bbab09f57c
SHA512 b4251618479c52398ca71cfc61ad88230a14145771ef1085ab9288486d7bfc841f0ea222909f8ba6882db6076df26bfe37e1c23917569270c86d6e7adee7cf13

C:\Users\Admin\AppData\Local\Temp\+JXF6601861685123735814.tmp

MD5 4b1ffad3c0075af22674765ff1ee2f56
SHA1 1f7b05d0ed1c6c15736115a59ad844adea5f1f66
SHA256 fe3714926082ac5764327e3b67ae52cb6f0cf6b8c4221c064a6cacf821079414
SHA512 427db3fe5860676fab65a9b895d205620a1ec0aa172f45aa9ecef261820e25b84f3413bc5d0a9d0c1311422a8da1f5706ac4f6211a60aacc82974cf00ff036a4

C:\Users\Admin\AppData\Local\Temp\+JXF6464235629903608965.tmp

MD5 b97f16379b4c106616f60f702733f5c6
SHA1 85c472fb9a7f256643bc4bba10f158dfaa1d1e8b
SHA256 4c392dcc8ad916f0f9df7559ab5563b01dd94f9f3b2db34617fe392e00060339
SHA512 d124af2c705b97cbb307497f88c47a5f7d320174d48626ea14ac27d42bcf8016f32810cf7ecb6af1261297b8c331a6ea89e2e35c3e2536390d8d6e500ed8d61e

C:\Users\Admin\AppData\Local\Temp\+JXF7302946346213397734.tmp

MD5 a473e623af12065b4b9cb8db4068fb9c
SHA1 126d31d9fbb0d742763c266a1c2ace71b106e34a
SHA256 1bda81124d6ae26ed16a7201e2bd93766af5a3b14faf79eea14d191ebbd41146
SHA512 1fbc2841783140fe54f3ab1fa84e1ded2534bcec3549ade2f513491b32178df515bd63a0a4a2c35017a6850ff9c3a24f8602357d912acf8ca92b8d68ba846d3a

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe

MD5 802d1182a4685e1b86c0a9dcb3f2be36
SHA1 3aea1c3d1925ec0e6c4e534adcccb1271c6a5f04
SHA256 e48ef14933f4eb6071497a5311ca0ac6e115f7a0d57a60e519296f8fd42ad4fe
SHA512 ebde9d7c89fed73ea1766fdbaf716e5ba69068b5b0c913490c9ad8703540945e2cda248b0365d6a49acecae960a8fa846da53cfbf8e19b98a6da382267dc562c

C:\Users\Admin\AppData\Local\Temp\i4j1007790867191101790.tmp

MD5 ee084e4c99b7fd9be7208814aa71b42e
SHA1 0565d047b05ee79422536f3e3d80cb0e16e06c73
SHA256 1f280eade9d1ae3af946df6cb272aab0d1a7d914ca0433e004cdbd2692865d27
SHA512 33deb5ba2510bef79ed1d792aa2d673d81583183edef0affc8c6b0f1b391c26cadc7ea597a9e9602be5f23dab3ffce9e0f9a48ed5c7933e36fd5e2e8630695ce

C:\Users\Admin\AppData\Local\Temp\+JXF8281777644235373465.tmp

MD5 9a21378c7e8b26bc0c894402bfd5108c
SHA1 72bd9f3ca75ca691ce86fe1ebbdb269f5f737bae
SHA256 0d34f9588400a586b774be97e66ae8c076a8807b8455df0587b39d2a4a1a3b42
SHA512 4a9d23a01f1a7474e0339d4d8b151d0269bfaf7d9e13ff6aa34d7f929002e8ff185f273e6f7afd2d40df3e0630a962dc7767d870dcf1766f3e04b8029a7b452e

C:\Users\Admin\AppData\Local\Temp\+JXF2983120253000783454.tmp

MD5 c5c41f7587f272a4c43a265d0286f7bb
SHA1 916224c963d04b93ed54ce7c201108f398e7e159
SHA256 d549110689cdde0821ca2c7148f7b47a097166b4169786a4a9ede675f5ce87f3
SHA512 d4b4d01088d9f506368dc19d709b4ba6be764929b0dd05775841e14cbbec674f216b81515ae529e95abfd22ed2f3e2d2774363dd4284c8c8b57d203599555f76

C:\Users\Admin\AppData\Local\Temp\+JXF5300075655308881382.tmp

MD5 12ec66b825b504d752e8c333bf81dacf
SHA1 56896d3e6011466b7e6631c714c57e20ee8366d9
SHA256 5fc09af94a447fae6f82c00f15dfaef9eae7c560e6cbe46d3e84524019a574aa
SHA512 8cb838589ac4f9819b7e2204517445df94663d3217297212973e8b2d9fece162155130ddc783e7e89ef2832d38bace731b2ae3b73aff36ad782c707813bc52b4

C:\Users\Admin\AppData\Local\Temp\+JXF6687856542498847321.tmp

MD5 118abbe34a2979b66d6838805c56b7cd
SHA1 7f320cb81660fc6dff9cc5751f8fcc0134847c77
SHA256 d054d998ae12be33820b100e0ed3923d513fa5c79c6d4e7ca1953afeb262ea9b
SHA512 5bcad4a03ced2ce76c5ebf78cd2c1328a4ee27019807f56a48bf8a0f936c57f351f10726c176952f0cf08776a5ce53d34c14d6a848925be2789408a61678f381

C:\Users\Admin\AppData\Local\Temp\+JXF8664309200582740819.tmp

MD5 4154321279162ceac54088eca13d3e59
SHA1 5e5d8c866c2a7abfd14a12df505c4c419a2a56f7
SHA256 6bdebeb76083e187c7ae59420bfc24e851edb572e1a8d97c1c37b7b2dc26148c
SHA512 04ca175774cbe3f2d83543c01cc388e2715ab7b1378143db41bacdc7e7eddf05d3beef476f6acbe7ddeb34861984efb5fd7f299ec1820697c440b372d258aee7

memory/4008-1130-0x0000000002700000-0x0000000002970000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\e4j3A2A.tmp_dir1715013768\exe4jlib.jar

MD5 bd8451491a92b1aa5fe6d44bc9f3e1c6
SHA1 fe210263b4bdaa3719b00994e665839c8987094e
SHA256 8a416dab7b3028f3e79b41521b65432ab2d25dec9f85e220ade0157badc0dd41
SHA512 3c1892e9f8812ed6e895936ad16f3f457f50283d88d37b45d780a1d5f0bb2751bb74585b03227d10367b9367c7c2eef68d88d914b8e3cbcca0b2dfca05ad0ebf

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 c2af3d95f110b00fb36f2f6253ecf1d4
SHA1 38965a17f83d7973be81f98ce1aedd54d1bdc9d3
SHA256 ddc36d4fed552390de86e8457a5513ecf88677a1e107992c64e2940b7514fd05
SHA512 c3e435e9066335162f8a880b047b7a486aef0b264080b15a10ebdb140c1f7393df19e1dda68fa76ee900ef0d55c7830d45b578d1061fd07b5f71690c98a78fbd