05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.exe
Size

1.6MB
MD5

b63468dd118dfbca5ef7967ba344e0e3
SHA1

2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512

007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548
SSDEEP

49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

SKlauncher-3.2.exe

pid process

3016 SKlauncher-3.2.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

2840 icacls.exe
Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3016	SKlauncher-3.2.exe

pid	process
2840	icacls.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

msedge.exemsedge.exe

pid process

3132 msedge.exe
3132 msedge.exe
712 msedge.exe
712 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

712 msedge.exe
712 msedge.exe
712 msedge.exe

pid	process
3132	msedge.exe
3132	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

SKlauncher-3.2.exe

pid process

3016 SKlauncher-3.2.exe
3016 SKlauncher-3.2.exe
3016 SKlauncher-3.2.exe

pid	process
3016	SKlauncher-3.2.exe
3016	SKlauncher-3.2.exe
3016	SKlauncher-3.2.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SKlauncher-3.2.exejava.exerundll32.exemsedge.exe

description	pid	process	target process
PID 3016 wrote to memory of 4192	3016	SKlauncher-3.2.exe	java.exe
PID 3016 wrote to memory of 4192	3016	SKlauncher-3.2.exe	java.exe
PID 4192 wrote to memory of 2840	4192	java.exe	icacls.exe
PID 4192 wrote to memory of 2840	4192	java.exe	icacls.exe
PID 3016 wrote to memory of 3192	3016	SKlauncher-3.2.exe	java.exe
PID 3016 wrote to memory of 3192	3016	SKlauncher-3.2.exe	java.exe
PID 3016 wrote to memory of 2428	3016	SKlauncher-3.2.exe	reg.exe
PID 3016 wrote to memory of 2428	3016	SKlauncher-3.2.exe	reg.exe
PID 3016 wrote to memory of 1756	3016	SKlauncher-3.2.exe	rundll32.exe
PID 3016 wrote to memory of 1756	3016	SKlauncher-3.2.exe	rundll32.exe
PID 1756 wrote to memory of 712	1756	rundll32.exe	msedge.exe
PID 1756 wrote to memory of 712	1756	rundll32.exe	msedge.exe
PID 712 wrote to memory of 2916	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2916	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2356	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 3132	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 3132	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2900	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2900	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2900	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2900	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2900	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2900	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2900	712	msedge.exe	msedge.exe
PID 712 wrote to memory of 2900	712	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
2⤵
- Suspicious use of WriteProcessMemory
PID:4192

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
3⤵
- Modifies file permissions
PID:2840

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
2⤵
PID:3192

C:\Windows\SYSTEM32\reg.exe
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
2⤵
PID:2428

C:\Windows\SYSTEM32\rundll32.exe
rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
2⤵
- Suspicious use of WriteProcessMemory
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9c6246f8,0x7fff9c624708,0x7fff9c624718
4⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3494441274038001348,12425045356750679881,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
4⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3494441274038001348,12425045356750679881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3494441274038001348,12425045356750679881,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
4⤵
PID:2900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3494441274038001348,12425045356750679881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
4⤵
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3494441274038001348,12425045356750679881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
4⤵
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3494441274038001348,12425045356750679881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
4⤵
PID:948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
2606049661ffeb3d50809b1a202a16c8

SHA1
c0bc63cdc49539265d0f999148f520823a763f79

SHA256
3b4dd40546d54ed630c087a0199f97f7609587fd127e27f8e454b5cc2d7e98b2

SHA512
ea31ef95a6e8b7cca1869e2f6c2a19841366490723f027102e9081822c7a2f9ef68e14c3211c76b5f969d4a1abde443db3cd93d02c79153733fe677ff6cc21dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
c9b76dfdea5fc6773b5e8c4c1f72f7ca

SHA1
587a5634e3ec39ada3e42e19c83b315834c64498

SHA256
bf152cefc9443974e7899c925f3b4918abb0774139ca6075e32c854fed2f29b1

SHA512
d9f1fa37607a0a88a5f36e1a26a92301cf7a0d0829e2c57524b00b96df221e068de7d76169cf7fffc457a2973a4e7a53184df01df76cdaa94873b7e81cec99e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
272B

MD5
c33849f1d16f9bcb08b7728be2c4ac5c

SHA1
21d3ead44eca20bcb715a69f48022c739701c359

SHA256
f70af94e82aa42025f86cc9d2ffe0973a2d0ec12f08f721a08c60f294ca797cc

SHA512
e89b0edec7126bc5f21853f339916c5dcf4636a89593a2a5c1e43ee8c9639364a07aff223110b41da50148c0a1c66e3bdbafbcc0313b4ff931365d96d783b362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1c97075916cae53d0a12bebbe1d88043

SHA1
cd3b1f173c1ed6de010ea77652833e622a3d978a

SHA256
6556a3e64e063f6e48ee45ca1d7fbeb1e19bad5c53ede5acdafa80b238ba1412

SHA512
c190f24126b752edc8a8ffe2c7bde4cb365e003537bd881dc6e5e38edda5b812431c345d3cd62105f857a495c2aab35f91a98fc095ac7ad11fc4590f21f98711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e3d379bf32317968f024df5e7854eef0

SHA1
022146b3b0e7c817a2326cdf797fb2c20da7d814

SHA256
52fd3b788c7f0c1aed6a30765f950095bbd0e4f627db6f865fe77e72f2a0edf8

SHA512
b81920b1e393cd481287773ffcf431cb30e18964e6ddba19dc9fd06225aae0a8ab3de268da792e7ef1d6a50337196b4d31778d3a3625be9529a3e6017647557b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
45cc49fd59b00f05e211e574e0f2aca6

SHA1
39f8a7037bdf3a784837957de992ec942f413353

SHA256
48a735a71ef1d21ae08e0bca6e8f48af6bd0acaa84839abb3775ad984f4907a4

SHA512
ed86d87a910844da4b80c0b7ec2dbb795d18ba935dee7134cf4832770ef70a6ed4d7a0cdbe11cd213a4eb96defff43a69e958f9fe48c47ce355cf260cd692e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF1638763344134314971.tmp
Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF2027664524910648248.tmp
Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF2265685706366582912.tmp
Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j6BF8.tmp_dir1717685697\SKlauncher-3.2.jar
Filesize
1.1MB

MD5
4d653e61ba01a521c56b9a70a9c9814e

SHA1
de855dc3dbc914b497b58da92e0c21fff660796d

SHA256
f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350

SHA512
e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4666490162200.dll
Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar
Filesize
14.1MB

MD5
9b59fa715db2f9f8f6ed9e14f3768ed3

SHA1
9d46c5898c653fb1785e399b74f26633107d0bde

SHA256
fab6dede2f59dc4b7b6be032fbce1209a93aca02b7d6c126e3f1584148230146

SHA512
e9e84b056e0f1d8be544194a275ca61b5e6820dbbd701dec5aa75b804705ab33cb826314c0f6edd527cffa84de80062c559f9fb49c53b5bbfda9481bd138be5f

Download Submit
\??\pipe\LOCAL\crashpad_712_GDFJSBQIXANAEQCT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3016-49-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-123-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-191-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-219-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-224-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-239-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-149-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-269-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-274-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-279-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-141-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-166-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-83-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-925-0x0000000002B70000-0x0000000002DE0000-memory.dmp

Filesize
2.4MB

Download
memory/3016-45-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3016-34-0x0000000002B70000-0x0000000002DE0000-memory.dmp

Filesize
2.4MB

Download
memory/3192-31-0x000001B380000000-0x000001B380270000-memory.dmp

Filesize
2.4MB

Download
memory/3192-30-0x000001B3F7CB0000-0x000001B3F7CB1000-memory.dmp

Filesize
4KB

Download
memory/3192-20-0x000001B380000000-0x000001B380270000-memory.dmp

Filesize
2.4MB

Download
memory/4192-17-0x0000024480000000-0x0000024480270000-memory.dmp

Filesize
2.4MB

Download
memory/4192-15-0x00000244FB390000-0x00000244FB391000-memory.dmp

Filesize
4KB

Download
memory/4192-5-0x0000024480000000-0x0000024480270000-memory.dmp

Filesize
2.4MB

Download