Malware Analysis Report

2024-07-28 08:34

Sample ID 240607-thysdsag7y
Target SKlauncher-3.2.exe
SHA256 05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
Tags
microsoft discovery phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Threat Level: Shows suspicious behavior

The file SKlauncher-3.2.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft discovery phishing

Modifies file permissions

Loads dropped DLL

Checks computer location settings

Detected potential entity reuse from brand microsoft.

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Enumerates system info in registry

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-07 16:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-07 16:04

Reported

2024-06-07 16:07

Platform

win10-20240404-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Windows\SYSTEM32\rundll32.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "124" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\live.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\live.com\Total = "124" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b64d3075f4b8da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cb52e56ff4b8da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\live.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\login.live.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3416b76ff4b8da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6ae3c56ff4b8da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\AskToCloseAllTabs = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3652 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 3652 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 2568 wrote to memory of 4600 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 2568 wrote to memory of 4600 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 3652 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 3652 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 3652 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 3652 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 3652 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 3652 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2348 wrote to memory of 3164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 files.skmedix.pl udp
US 104.21.50.12:443 files.skmedix.pl tcp
US 8.8.8.8:53 12.50.21.104.in-addr.arpa udp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 8.8.8.8:53 meta.skmedix.pl udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 188.114.96.2:443 meta.skmedix.pl tcp
US 188.114.96.2:443 meta.skmedix.pl tcp
US 188.114.96.2:443 meta.skmedix.pl tcp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 188.114.96.2:443 meta.skmedix.pl tcp
US 8.8.8.8:53 beta.skmedix.pl udp
US 188.114.97.2:443 beta.skmedix.pl tcp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 rsms.me udp
US 188.114.97.2:443 beta.skmedix.pl tcp
US 188.114.97.2:443 beta.skmedix.pl tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.21.234.234:443 rsms.me tcp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 analytics.google.com udp
US 216.239.32.181:443 analytics.google.com tcp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 181.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
N/A 127.0.0.1:50596 tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.1:443 browser.events.data.microsoft.com tcp
US 20.189.173.1:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

memory/2568-5-0x0000015A12F30000-0x0000015A131A0000-memory.dmp

memory/2568-15-0x0000015A116B0000-0x0000015A116B1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 8f25a71c23fca1b52e2e2e9563a4e2bc
SHA1 3a5192ec4810eb8d70b09521c13c22d05354451a
SHA256 907d00a9c860835409066ff470059508157dbfdfaf96e04ba5bd37b76ea3cc87
SHA512 d08cdddc0e07b70cac4877c31ea450e031bc3c6635de1d8463da387e4f880faad1ddd52a23623c7d32d18f27bff31ca30bb8ad31af6a351a77f5b04a0a0b5984

memory/2568-17-0x0000015A12F30000-0x0000015A131A0000-memory.dmp

memory/800-20-0x000002A8553E0000-0x000002A855650000-memory.dmp

memory/800-30-0x000002A853B30000-0x000002A853B31000-memory.dmp

memory/800-31-0x000002A8553E0000-0x000002A855650000-memory.dmp

memory/3652-44-0x0000000002370000-0x0000000002371000-memory.dmp

\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4611447509400.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/3652-48-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-119-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-125-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-135-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-161-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-162-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-164-0x0000000002370000-0x0000000002371000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 9b59fa715db2f9f8f6ed9e14f3768ed3
SHA1 9d46c5898c653fb1785e399b74f26633107d0bde
SHA256 fab6dede2f59dc4b7b6be032fbce1209a93aca02b7d6c126e3f1584148230146
SHA512 e9e84b056e0f1d8be544194a275ca61b5e6820dbbd701dec5aa75b804705ab33cb826314c0f6edd527cffa84de80062c559f9fb49c53b5bbfda9481bd138be5f

memory/3652-179-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-189-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-218-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-223-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-236-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-238-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-242-0x0000000002370000-0x0000000002371000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF4136294583969107988.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

memory/3652-305-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-313-0x0000000002370000-0x0000000002371000-memory.dmp

memory/3652-310-0x0000000002370000-0x0000000002371000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\e4j5748.tmp_dir1717776270\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF2135438270896616684.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\+JXF2196687816913011078.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\V7MQC9R0\login.live[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5Q5T7Z0E\favicon[1].ico

MD5 12e3dac858061d088023b2bd48e2fa96
SHA1 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
SHA256 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
SHA512 c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\7pjcu16\imagestore.dat

MD5 26935e2d7b84185b8b1a0958084300ce
SHA1 18dad998754c8b57601c32882154f4912c886128
SHA256 3396374c7d017cc5587ea9c7c7110883bae011b5a693fe5ca27f9406fcb9def5
SHA512 a4f2d76c7cf02785aa61832d12fabe3376a251c9ef369ef3c55f2f788a18b9abb7707962fbe18fb1e8c3f0b12e69fc7ba3dc0122b7031af488bc4ce9701c3977

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF5060ED032687044D.TMP

MD5 f8a123c7389c65954b9e53682e91ea8d
SHA1 e196ec628df7d5132226d855e519396448cf0b23
SHA256 2d5e188b0fc917634193f7c4a9945e48a3cb1ebcfe29002c53d3eb42e34ca912
SHA512 e05445579e94d525d2f15f9ef129d8c8f7955eaee6f45249a11fe4f00a850a08b9d7f87aa0b96b9d5677103102d1624f0fd8d6faf450c81e3c12cfba4302db90

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-07 16:04

Reported

2024-06-07 16:07

Platform

win11-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3744 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 3744 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
PID 5116 wrote to memory of 2120 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 5116 wrote to memory of 2120 N/A \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe C:\Windows\system32\icacls.exe
PID 3744 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 3744 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
PID 3744 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 3744 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\reg.exe
PID 3744 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 3744 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe C:\Windows\SYSTEM32\rundll32.exe
PID 1912 wrote to memory of 4040 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4040 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8378d3cb8,0x7ff8378d3cc8,0x7ff8378d3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1768,5610360938856219458,4704012660843053862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 files.skmedix.pl udp
US 104.21.50.12:443 files.skmedix.pl tcp
US 8.8.8.8:53 12.50.21.104.in-addr.arpa udp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 13.107.253.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.234.234:443 rsms.me tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 216.239.38.181:443 analytics.google.com tcp
BE 64.233.166.154:443 stats.g.doubleclick.net tcp
N/A 127.0.0.1:50581 tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
IE 20.50.80.213:443 browser.events.data.microsoft.com tcp
IE 20.50.80.213:443 browser.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp

Files

memory/5116-5-0x000002A385200000-0x000002A385470000-memory.dmp

memory/5116-15-0x000002A383980000-0x000002A383981000-memory.dmp

memory/5116-16-0x000002A385200000-0x000002A385470000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 6381f1d3e6a3687c30039689990b371e
SHA1 d7056ddf7e81ce37015533ae4ae4c270e923a2fe
SHA256 0de5d0e9d040e5ec3de08ebc3da9c3e57c6286ab5f936d678173a29137dce626
SHA512 1a9d3519fad1e5f6f7f387468409db794f37433266ed766bfc9ec0cc2406968feb8315d9e384f482dd589ab3b4fc4af64fe503c0df140f2d2bbf3ee2d22c48b3

memory/4136-20-0x0000021F60F30000-0x0000021F611A0000-memory.dmp

memory/4136-30-0x0000021F5F8E0000-0x0000021F5F8E1000-memory.dmp

memory/4136-31-0x0000021F60F30000-0x0000021F611A0000-memory.dmp

memory/3744-34-0x0000000003110000-0x0000000003380000-memory.dmp

memory/3744-45-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-49-0x0000000002D40000-0x0000000002D41000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4627739501000.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/3744-81-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-125-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-136-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-165-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-168-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-167-0x0000000002D40000-0x0000000002D41000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 9b59fa715db2f9f8f6ed9e14f3768ed3
SHA1 9d46c5898c653fb1785e399b74f26633107d0bde
SHA256 fab6dede2f59dc4b7b6be032fbce1209a93aca02b7d6c126e3f1584148230146
SHA512 e9e84b056e0f1d8be544194a275ca61b5e6820dbbd701dec5aa75b804705ab33cb826314c0f6edd527cffa84de80062c559f9fb49c53b5bbfda9481bd138be5f

memory/3744-186-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-182-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-221-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-231-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-251-0x0000000002D40000-0x0000000002D41000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF4434826303408237218.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

memory/3744-285-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-284-0x0000000002D40000-0x0000000002D41000-memory.dmp

memory/3744-287-0x0000000002D40000-0x0000000002D41000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\e4j6F83.tmp_dir1717776269\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF3523490309705857666.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\+JXF2982863697862352209.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

memory/3744-777-0x0000000003110000-0x0000000003380000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8294f1821fd3419c0a42b389d19ecfc6
SHA1 cd4982751377c2904a1d3c58e801fa013ea27533
SHA256 92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a
SHA512 372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

\??\pipe\LOCAL\crashpad_4040_GLHSVMLHLYUKRDHL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 390187670cb1e0eb022f4f7735263e82
SHA1 ea1401ccf6bf54e688a0dc9e6946eae7353b26f1
SHA256 3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947
SHA512 602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 098188a3f56001c5d894892d44a285d6
SHA1 45f81e85ff96521a9c7cd4ad9a4865f1826089a7
SHA256 8cc30bbaee663575cc8baacd6601193f7ed0e1c63cde9b910e6491f83e04ea3e
SHA512 7fa81b4a8f8cfcd8730f150b0952eca34e48d1e244632bf243f1b087426625991f28291db4d762bd49edc14facd6eb9384ecf4233b26cc8d45bd83a826205629

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ae00e85b014338f486da16d498f3ce78
SHA1 cd05ddd29e394a95139648d43068004771705b3e
SHA256 a902d2f1eef58a56a982325720b616509d4e65e356572f143dc00153fd648fd4
SHA512 fb52660fb6ef4b9159ffceec8f3f645a7998c645906d676dcb1feecb90f7cd2dd5ac0df4912a7cd84441d2ec6450a5c6359b05fd77cac386db233e8b51fea499

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c4fc289c0af27d9359f8073aa008ea7
SHA1 afdaf246c44668805917a749d10ba3058c1e7edb
SHA256 77598e243a376700de44d7819ea4787cc3b480e6a784722d47ae5b2470d1934c
SHA512 a046af50630f2ae2a47911560d44e27692a22d349d112a0bed87eec932ed3af52fc016869d9592944c9966623e433cf2b2fc31016104558663fdabaa7cce2056

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6b53095b284e498e4d3400b525d96b78
SHA1 44280858a0bc81b53aec57f23998919ec3b6ca8d
SHA256 c15f2d4b318e17471e76ef8fb8348ed5ee0860b5f256fe1537a774bd074749fd
SHA512 03b18b4578edfc3fa4c9175b0ecca8e40443dd2e422e4f29bb12fc0bb28d1553f5c1ce6bc6e14554b12d152aaf2680af65a72736d801f474ea44db1640aea9b9