Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
18-06-2024 16:49
Static task
static1
General
-
Target
SKlauncher-3.2.exe
-
Size
1.6MB
-
MD5
b63468dd118dfbca5ef7967ba344e0e3
-
SHA1
2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
-
SHA256
05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
-
SHA512
007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548
-
SSDEEP
49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
i4jdel0.exepid process 1736 i4jdel0.exe -
Loads dropped DLL 1 IoCs
Processes:
SKlauncher-3.2.exepid process 4560 SKlauncher-3.2.exe -
Modifies file permissions 1 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 15 IoCs
Processes:
LogonUI.exedescription ioc process Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "235" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid process 4192 vlc.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exepid process 1148 msedge.exe 1148 msedge.exe 1236 msedge.exe 1236 msedge.exe 3616 msedge.exe 3616 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid process 4192 vlc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
msedge.exemsedge.exepid process 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 3616 msedge.exe 3616 msedge.exe -
Suspicious use of FindShellTrayWindow 56 IoCs
Processes:
msedge.exemsedge.exevlc.exepid process 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 4192 vlc.exe 4192 vlc.exe 4192 vlc.exe 4192 vlc.exe -
Suspicious use of SendNotifyMessage 27 IoCs
Processes:
msedge.exemsedge.exevlc.exepid process 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 4192 vlc.exe 4192 vlc.exe 4192 vlc.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
SKlauncher-3.2.exevlc.exeLogonUI.exepid process 4560 SKlauncher-3.2.exe 4560 SKlauncher-3.2.exe 4560 SKlauncher-3.2.exe 4192 vlc.exe 4256 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
SKlauncher-3.2.exejava.exerundll32.exemsedge.exedescription pid process target process PID 4560 wrote to memory of 5056 4560 SKlauncher-3.2.exe java.exe PID 4560 wrote to memory of 5056 4560 SKlauncher-3.2.exe java.exe PID 5056 wrote to memory of 4176 5056 java.exe icacls.exe PID 5056 wrote to memory of 4176 5056 java.exe icacls.exe PID 4560 wrote to memory of 4352 4560 SKlauncher-3.2.exe java.exe PID 4560 wrote to memory of 4352 4560 SKlauncher-3.2.exe java.exe PID 4560 wrote to memory of 2160 4560 SKlauncher-3.2.exe reg.exe PID 4560 wrote to memory of 2160 4560 SKlauncher-3.2.exe reg.exe PID 4560 wrote to memory of 4296 4560 SKlauncher-3.2.exe rundll32.exe PID 4560 wrote to memory of 4296 4560 SKlauncher-3.2.exe rundll32.exe PID 4296 wrote to memory of 1236 4296 rundll32.exe msedge.exe PID 4296 wrote to memory of 1236 4296 rundll32.exe msedge.exe PID 1236 wrote to memory of 4944 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 4944 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3684 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 1148 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 1148 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3188 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3188 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3188 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3188 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3188 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3188 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3188 1236 msedge.exe msedge.exe PID 1236 wrote to memory of 3188 1236 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
-
\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version2⤵
-
C:\Windows\SYSTEM32\reg.exereg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme2⤵
-
C:\Windows\SYSTEM32\rundll32.exerundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb12⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb13⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef7c23cb8,0x7ffef7c23cc8,0x7ffef7c23cd84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1784 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2424 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:14⤵
-
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exeC:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j245619156751164253.tmp2⤵
- Executes dropped EXE
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=3357891⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffef7c23cb8,0x7ffef7c23cc8,0x7ffef7c23cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2036 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\WriteSuspend.mpeg"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3a2f055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestampFilesize
46B
MD50a9429a3287a8fdf32a7332def36e387
SHA1bedfb3f64e6753b0d7c24deb337feb5fa4b4e6d0
SHA25657fa8410e8abd9d5610b2a2ba83e7b842938066f08105ae1c6d420477c0c2b09
SHA512d8a86d72700fcd3b9ef20304f2a18891669fd03eba9e7ae37b9b2d6e8680c39bb77cb796cc359c821d1adeffd49569ff9d4804f630b1e7ce64f40ed8e6ad6466
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5de39b8ca21a62a293516e28e434ed255
SHA11b39322f7aae8d1f60780028a9356fd89e9b2ab0
SHA25640848528732125f14417f2f09321387107f1b793afb0647a64e80830f301eac3
SHA512cb78a034ac63022e627b0b6f6ce3e4ae791d25a0425ae85549987bd0163427b5c2328d43e64c6af0dc374acf31b5676bc55d1f7a6957f698dc777acb90caed28
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD531a1b08566d43ce7ccfd9b6cbcfaf49c
SHA1c14c064870e198268e757c22303651691aeac14f
SHA256c0d09250544644cc09d454e0d24a99d634f7a5cb6b6c9a704da4a412db5083b1
SHA512a6b695598e94356a5ec70becf75a5b12ea88a84393ab298b4243ad13f6c3d6908ca71b7e87d117f35732b1b8b555bf3414339698204489bb52bcf9e331d776da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD523da8c216a7633c78c347cc80603cd99
SHA1a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA25603dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e4bf11ed97b6b312e938ca216cf30e
SHA1ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0Filesize
44KB
MD500b21df9b8f40d73d17b91e3cb802866
SHA1cb81e68a61edd1dc1564d2247b4ca3f0bc7cca2a
SHA25687fedddacb50fd927e242d48556a0b1d7e3b77393b224df6f6ed146bed62b0c6
SHA5121a5a82db6ced01b15dbdbfa44a5ff98dedddf0f36037cec8da69b6dd2554130ccfbf1470fe74e09875dca07dcce47d189a4daaa0960d593c32beec5a3c303ab5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1Filesize
264KB
MD5650c3e1867c08cd8eb6971af2612d6b2
SHA19497a294eefe84a0b08c0abdcc3e4e83d9027944
SHA2563031676d71c79d489caf3d263ec9a94ff48689ec1486682d61cceb82be9c7f7f
SHA51217025f724a4fcdfda91e260491e0cc20e0f228840bd22664cdf963f1b7b45245ad589d021590062f33ef9c13193b0a643726327c07803aaae80b4c57fb0f8b9f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2Filesize
1.0MB
MD57c2b9038cdeb652bfe22779b93b160fe
SHA11da71ca51aa54f40d33e6f487377028831e2dfa0
SHA25634e460e21d05bb320a28f0a21e270931c5dd11f2a8bb7c7af32e22031d9ee1f9
SHA5123da46d98f59a3fdcc1da132549b6bc01f970b052d81ee88e339b0a8d03f8762a88e5a283980c0eb17a2a1b4cc4b6c9ae36e3fecbe933b9289a4c3e19401ffc30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3Filesize
4.0MB
MD5c822ce37a5eba32297f61394d078b2d9
SHA1cb3ad242af649fe814421ff885fcf56192e5ef48
SHA2560a9b5206a0c23e9e214bb1b9b7655fdea1cdc3a9a41e014288fba14911db113e
SHA51217b95814014868d7ab8e43d89772497a6dc9fa2ec2d038b501e90fc2e56c4a508954ece67d9d939cdaab4bd801a6642fbfd81bc0b7645a8a7fa383c1667f93ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
120B
MD598db7c51a8a513b059de3369113ee18c
SHA1a277bfa3908e0b5188008c50bec892ae5f24e3d7
SHA256553fc3cab6bc74791f896a85c40a41337e6ceb98017a0749d22166629d0e8c36
SHA5127f410b664c260ff9bd9c2fa2bc8ae568b7bad52447a88a4487bf2525324efbd48fc15e323c939acc312f716eae0bbd3f692b1e894a1dd71aae6c51ec134b543a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
20KB
MD522cde73120e24d31a5d0878bb187adb6
SHA182c71155b28cfec082c76c938123148249d74471
SHA2562137685044876f8bb9aea47befb482724d82c91e282d506a4f7ca01598dae917
SHA5128fc9a51305895786c2b8e80eb7868cf75b780963adaf84314653ba32017f8b1e8e6e5ae66f0d2b539e37e000cffbe5af1a976c2543a719e121a861a76df50abf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsFilesize
24KB
MD5875970b06268404a7c72e11691a0b8a6
SHA15b19cb1dc1c9854ed077f3ca907afd55bc49010d
SHA256e869ee883e45a9628ed589993524daba69657c2e6f4bc8e83642ea4bdcd0fc32
SHA51252543d523a4389b78bde6f75c1cfb63d7e8fead0fbe5733aa35852ae084414d3fbb5135a84569adca444c25fe55fc8c684e9dc584caa03e949c18ca5bf076266
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
116KB
MD53b1c525f08a0ff18015f5131711e0506
SHA1a258c3a5d21fcc0cc532265c92e0379bac2139f9
SHA2566ffe4f8bc58f33108a66f6a9e4e4dfef29595d4ef5e4ecc483fd3c05e87fb4d1
SHA5123c59dfe737244adb3e27a7440483a3173032e4f6be9ce5c57bec590e48125e441d4bd7dc6ce4e7c15f1df912f909797fe5f971863f1a0dba2f0408b6cda7e68c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
3KB
MD5046864a7f86254ea66d3a2e1a08cc045
SHA1e5c708ba24e19627d0f6749bb8f870f313dd6db9
SHA25607ccbf4b04a77d51c2417fdb6ecc1ac89e98e2a765dc8fc335512d301a2c09aa
SHA512fba1a7e470c2214f59e8164aa6f9eb84c329602844a4fabe3dd4affe806bd6dda659a0ad8f5f7ed0e8e30b2daccae06219d5ea5028f6f094e93418f0b59bdda7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journalFilesize
28KB
MD5c869988351c5b06b88eed602066a85ea
SHA1f380ed2dfa652cb09e40e00096f52b6f23c671d5
SHA256d66c1ab82e389be3ab868a23b4ef9545694d4ca3fc30962be8120542f488bdc8
SHA512249c8f59c846b72c43068c5313eeb51a30603f01f6eefe9768a22f693e7e64436742e0e33240d6d226af81c33d60fe2ca6d4dcc1117152799d51fab5419a4485
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.logFilesize
141B
MD516d2e232b12a40b0fe020a02ef2c7685
SHA12843d7d18de8dcb82b59dc87f1fb158b06106a32
SHA256d909ab25b90c16759442fc17621d904f8b6c7d156943dd1d8a9bfac1a0a11963
SHA51250cb323c8794d7fc6df262a68ded88a36872abeb759d4287f88d61c9d85f05084ef2e2aa72f290709cac2949db513e3cec75d33d9a6d7c55905f830ef91564cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGFilesize
331B
MD5df037a6cc2d35aeb43d002b6d00d3de1
SHA160a15fa0bc05694fd078075e2fb218f4761ceb59
SHA25634211d9c9090e9924036066577419199dbc25237cce091fbadd4d44ac4a23756
SHA5128fc664a22106830735bc4425e40b7d9c6f92a0d4bceed7aaefc7d10adff33285e79b11e8549210191ce291c3f89b1dc381fa5d1b28f1811fe695e33c5480c65f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
280B
MD51c1728fee447f61633b77b7dcd336be1
SHA113336afdedd6f2107cb7088db2f3fdd10b97ec1a
SHA256b601deebdb2fdd4c844e910dc43c9799a4263ec3ee06f2982f8d81fd2e0a4c82
SHA512c3b9fd1908177fa6836a8cc2bef000321571b8470a132e49839ca266326b62fc97962cf459f5d160dfd6d0f4edfc6853f4a47275440107ed9f32d52b2548babd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
280B
MD5119b9326a3d87cf92a8e890d5bb2fa90
SHA1c7456c480c5473a233b8e8e818ab98f4e30e1fa2
SHA25675e2b144900db60104e0384f21393c1d99e211d8cbaedaba1a4e87c7b8540084
SHA5124ca6654aa998491ef90420581291b8121c3c8b84653cd5806464dbddaba6ebe04ff970dc85be7428fb9879f03a02c8bc43488b278edf0b089862a0b9628b0a34
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d1143ad89b151489afbee3c6eecc4d77
SHA1fc7753a709f4720c48e12c2153db32db05314935
SHA2563854285392d964d139626a5bd393565751ded72bfc434eca16bc12750455108a
SHA512285d233bfd6e60f412bc3ef19cf5bfaa99ffaba5f89ae556558810b0ce76e2249f38d795f45c63c2f46caf4d78276e88aaaf632a2a0935463477594d9ff9c32e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5270517a18bc143da78aeb5954b0d0942
SHA1562a03c3acace7fbe6b4bde94562b1471788f5d9
SHA256e06bada6a8554faf73851008bfdc8539e67a9602ec6a5dac6e566d49ff0d3ed6
SHA51230070629a19c022d0a2bc35238813c11a9a43c3c284a53330c44f4b6946e32ebd2532dcf9bdc6f33feb26ca7124b1ba66e92ac678a959eec7111141f29e1be63
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59618df8775e48da2aa380560adf659d4
SHA17eab93426b1bd0da46164a2983336f2fe7e1d293
SHA256d79fc0b5b26291d9188643c546b43acc7427409e6317915f88c0bbb0e8d62cdc
SHA512a47a285e7bf0592bf45437511fe177442de1a2fb6589c4c5420df6daae7304f74d8f66a433010baded60fb522b30b025bf55dc4b19cc0a2a1a4d1b2839f340e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5babed9125fb8b8cd2fd57176c54d5817
SHA1a15ac86ec5445c12d43aadf9d23263561884b12b
SHA25640c9f7bc680d76a084b83a220abb22411aed8da9810e24651dda9ebef1685d0f
SHA512aaced485dc8d172b92c4fa4e2dcd88e0df295e577dd8cbdd1d9a66afc22e40339ecc4c873da9a5f07bd24d06cbbc3d4cc161322f0921cdc92e80c19da127bfef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NELFilesize
36KB
MD5394c8e932c5f5703d67d0b68873860ce
SHA1de307b2bddcd6943bf4683a616a3dcdfa790c19e
SHA2563dd17fb39cdee7c05822ac2f276d57b10cbe90157ec448d949462eff22ca5339
SHA5129d65bd6adf180d6755caf5e08f88fc927616fb51de48513d364ed95ff56f7fedcb24fe1fe82952cf4df1c72041fbf1d73c800703dc74a23a9d9176264873b6e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logFilesize
137B
MD5a62d3a19ae8455b16223d3ead5300936
SHA1c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGFilesize
319B
MD528c1646e9f0ba6a6e57f245225a38090
SHA1c69d1beef59fb07748768698c482de5e3cef8eaa
SHA25699fa4caba166fbf9031f45e2af9d419d2e7b0aabde99fc4c87f69b3a34d41099
SHA51271550fe95716ece8e139d99b50425797a704697b76c1708615ee976c806a09ea8149466cb5727f5e2cd9ec3327a9335fd240caa36f16c1fcb707835d7fcff6f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13363203032076837Filesize
5KB
MD5756a3adf416bd7ae519b167276d5727c
SHA16bc554339475abecd3a3c5fb3281bc65176b790b
SHA25666bf87dc284d1993e23834ad40a7dcfc71d54140b84e8340ba2a95a45857ea66
SHA512393886ba29ccfb49adb0c4dd940c39a506c70a5afe5851c0bd60b2ae60aa8d6e8b05feb920c75f1611412590c477ad7732a659560cb4a2fb8969b5dfb067718f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363203032316837Filesize
3KB
MD5f95ce60f71b604c9cbd10aeecdf9e69d
SHA1e0481598e2cff2860aedb07991f7afe3f2049bb3
SHA2566a96dc1d1b5a49975bbdb68c56f7537096debddc591bb092a99deac0fc60e683
SHA512af1d7ce479a87c3d340e4a0de2b9ab630604f7f74e02fb5d2e70f077566e1b055ec12b6a01857a2a3ad25f1e2c90c125989517e3e6b3e663a4233e77e586e4d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
347B
MD5ab0f734de5a533487ea34800bfd6066d
SHA169514a562bb9524c1ab4e8f961753c309ea7a448
SHA256a4d05075ec664779e7268cae116e48502e7ea4c974bd455e0d5e95f5d88f1991
SHA512e2556e6fd398138f7bf2eb18f77dbe0b87df44c0a2db56089d94b3f84707a7c21233e3d3bdf5ca430d45eb756a3f3d94ac2a1288a0df40a4aaa527355818e01d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD5a3ccf02f1094e597e576b16b9e810cab
SHA118b81583cd12695840168be57314a9b4ca953a29
SHA2563db12acd12e560c4a57585226b653443723cdeed95866b4fb80a2d946cf50748
SHA512aa72e00b84064662203b7e0062cb7fb5b436df1985e984bad49521bfd7e44300a8604e7f03b87e5a787f0ace55fa74bb365409e794337097f48bd1026a136d28
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
539B
MD51f1e6c5d44f8099311e827163e879980
SHA16f094eb26964b769322cacabc5bea4395fdd012d
SHA256451cf3c32996f74e9daa7864388f54430b0e895d1c5e72d7afc375dccf2401b5
SHA512662f22d0a7cc2fa6b0bbbd45812cf80accae78861e70e861d7302681794f4564a44f592969c6fc84abbb1f1ea2c875787174d8e53b57ae921cffa258761d415b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
706B
MD590c96b40323d26f4e9bd264ad491a3ab
SHA15e274879be79518f948b605c7caf72336bed7323
SHA25694f54acbc1e8ed3f42e9bd50201ff399a16e5c4ce7cb8072cefe52f81aad692e
SHA51252d2f4a9a3dd82bfe1d09078acc90139fc95d7a61bdd0f8994e053ec97f7979544cb1122fed2d73564e68aa6459113dc3cfeec9d7e5808773e763202c5e4c184
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD5ad1e58567c9d857727f26aa7f52d6b25
SHA1c1b6465542b9c7dc2a984afb6156c35c3e60c79f
SHA25640ba087967be60a0ab76baeb34ef848fa927a1af805b9158b18285df83b7ceb5
SHA5122ae5cff54ea651120bf34919430148bf678c2c6b0bc4a73a2c45abe53feb741971bed1ef18183f0e94d2eb571617bea56be5744a7fe9fdddb55fef77ab8220d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-walFilesize
193KB
MD536a8089791882747bc6ede6d6302afd9
SHA1f97856872f714a69c8e9813dcddf717b64b23e9c
SHA2560ff6f92dae6a3d58b7d9a34425a55e893afd93f4375024a879203e0513aecb2a
SHA5129f1a5f92ef9866dcf6c80d7d2b08b31ef71d2f0b17f393c327b6191c5ff2e73ee33e6100dc9787ae31e10762009ebcb9e89f698e60713bc1b867eee6831e8ea3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGFilesize
322B
MD5da353e592ab27c2504ffeccb6bd988a3
SHA10937ab4007668f8664357efbc9796b3208fc1900
SHA256ab32cb4b6090c1ed75e77ce3643a89f069799f5d4def0796727df019cad61c74
SHA512b9a86e3f8016e952bad46f22cfb736b302ee745a7251e8eed217efe2d7ba3bdb5b0578fb01d28ec90bef96dcae954e6b4cdd3466216ddf6bf49070a1685ead24
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
340B
MD54d3dc2ecc7bb339225a4b5b443f55208
SHA183365637a6970a75f3782bf7a405844eac0f8e4f
SHA2561d3cece6eaf852d9272a4512c90c4ee9126a61bbe7949b6a22561286b9110086
SHA512fcf8c1ad550c52857726f8b7246b9d8f839a2abfbb5019b832f898a72804fa2040589371173a867cf327fd139e6c5998ccd845ae697ef5ecc66cc890815f2029
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0Filesize
44KB
MD59232cd08c28b56db9fe30a7aca459e29
SHA16507f7965e9ab30a429e1ddd70e643895620267a
SHA256f9171c59fdd225eb5c4c4e891e00657556e8b9f77d69614eb80bb20636ee912a
SHA5122c8321cb752ccaf250100dc4dfbad7e6ec51d1323a16c673e4e70493b0f1a3358957bc4ab4b1853f6d2bc6ed375886557e0b0d76774f9e21bb4886bfe4cd3da2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD5c9466300dac77e85b1e5ceec766a1cab
SHA15c13f94554dff94dbe525256d4d5cb51abd0fc8c
SHA256cdff9f9132cf614aab70eb97a625d266e4c8c043fae52ab955742b9a897f6f0c
SHA512f841a3c04e081e69da4609c278db1af360dcba2c528ce4e1eecf88b68203940de9bbfd1cad4e1d5bb71c331a0ed5220659e94c22f86bcf8ad6c158444d8f05c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3Filesize
4.0MB
MD5ec1641b0dd76743089cbcc55cf13a80d
SHA1616b73d29cdea0fd29e9c161492346d1f4502086
SHA2568d5898400daee26371842f2e77e02b8e29e9ad24b600226ec2cd84d4dda50a3c
SHA512df28d52a6bd4434078246c49b2bacdc8ec63f237a2fba1e202d4f5e5500a87302615958ad49ae081465da636c607141a4964dd327441c0cba5595e3a90461de2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5a1ff176ea474e81ad11f8637294c189c
SHA147e5de143fb67217450ee914128488d9dca6632f
SHA2566cc4a9689343a6884da4ea2c15b558b927b08ee9be2229caaf0b4493ed0c88ef
SHA51264b13c7f57eb36bb5ff844b2e61c571cff0aff14f6c993250f14cf9d0e870f979ea270da52a8927265baec8ca3c42491c05439f2698995531a86e7a1be066d72
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD595b53905a48ee5f6097e0c0fb590b909
SHA1f45eeb67fae4737a9d0b050a13cecb9011854f3b
SHA2561bc532b3668ad99151aab584c690cfe2bf62c61edba3df1863188be18eee1a41
SHA51201424075ab0fe310526c31a4f17c5957e47ae0c2cdc45c9d42e21e61d2f676dd95d8bda750a0f14a82a233c32c1bbbba315492ba2ded1a3aafa529243503345a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txtFilesize
4B
MD55219ac9cb060eafa0988f43ae549a98e
SHA1f924d452a4121e0c808c1b756cabf43938109733
SHA25664428d9fd613a9afaf525f4a38448804adb094f2e7ee2cdf6e15f8647cb58199
SHA512beb8891ba27a77216351c2ac197662c0d9db4bb92d98b9a13e199f620c9ffba2b1efe9e34ffe5e1f97b35692fec0f19e3d16722a2dc8ed348c23330ce76eea3b
-
C:\Users\Admin\AppData\Local\Temp\+JXF1378848144275358268.tmpFilesize
407KB
MD59a21378c7e8b26bc0c894402bfd5108c
SHA172bd9f3ca75ca691ce86fe1ebbdb269f5f737bae
SHA2560d34f9588400a586b774be97e66ae8c076a8807b8455df0587b39d2a4a1a3b42
SHA5124a9d23a01f1a7474e0339d4d8b151d0269bfaf7d9e13ff6aa34d7f929002e8ff185f273e6f7afd2d40df3e0630a962dc7767d870dcf1766f3e04b8029a7b452e
-
C:\Users\Admin\AppData\Local\Temp\+JXF1681859141366057259.tmpFilesize
412KB
MD5c5c41f7587f272a4c43a265d0286f7bb
SHA1916224c963d04b93ed54ce7c201108f398e7e159
SHA256d549110689cdde0821ca2c7148f7b47a097166b4169786a4a9ede675f5ce87f3
SHA512d4b4d01088d9f506368dc19d709b4ba6be764929b0dd05775841e14cbbec674f216b81515ae529e95abfd22ed2f3e2d2774363dd4284c8c8b57d203599555f76
-
C:\Users\Admin\AppData\Local\Temp\+JXF2258524562815390049.tmpFilesize
410KB
MD5c4c47e3d7ed51a6bb67b7b8088a4b0e3
SHA1b190f4e4e8f838c46ffe9507d966ea4d8b37d8ce
SHA2565e606f805a71432d4875de7dab737bf9dea1187090f0a5190da9b1bbab09f57c
SHA512b4251618479c52398ca71cfc61ad88230a14145771ef1085ab9288486d7bfc841f0ea222909f8ba6882db6076df26bfe37e1c23917569270c86d6e7adee7cf13
-
C:\Users\Admin\AppData\Local\Temp\+JXF3715579769142660225.tmpFilesize
400KB
MD512ec66b825b504d752e8c333bf81dacf
SHA156896d3e6011466b7e6631c714c57e20ee8366d9
SHA2565fc09af94a447fae6f82c00f15dfaef9eae7c560e6cbe46d3e84524019a574aa
SHA5128cb838589ac4f9819b7e2204517445df94663d3217297212973e8b2d9fece162155130ddc783e7e89ef2832d38bace731b2ae3b73aff36ad782c707813bc52b4
-
C:\Users\Admin\AppData\Local\Temp\+JXF3769075554211259755.tmpFilesize
405KB
MD54b1ffad3c0075af22674765ff1ee2f56
SHA11f7b05d0ed1c6c15736115a59ad844adea5f1f66
SHA256fe3714926082ac5764327e3b67ae52cb6f0cf6b8c4221c064a6cacf821079414
SHA512427db3fe5860676fab65a9b895d205620a1ec0aa172f45aa9ecef261820e25b84f3413bc5d0a9d0c1311422a8da1f5706ac4f6211a60aacc82974cf00ff036a4
-
C:\Users\Admin\AppData\Local\Temp\+JXF4282938065680346268.tmpFilesize
404KB
MD54154321279162ceac54088eca13d3e59
SHA15e5d8c866c2a7abfd14a12df505c4c419a2a56f7
SHA2566bdebeb76083e187c7ae59420bfc24e851edb572e1a8d97c1c37b7b2dc26148c
SHA51204ca175774cbe3f2d83543c01cc388e2715ab7b1378143db41bacdc7e7eddf05d3beef476f6acbe7ddeb34861984efb5fd7f299ec1820697c440b372d258aee7
-
C:\Users\Admin\AppData\Local\Temp\+JXF4427102538236886191.tmpFilesize
393KB
MD5b97f16379b4c106616f60f702733f5c6
SHA185c472fb9a7f256643bc4bba10f158dfaa1d1e8b
SHA2564c392dcc8ad916f0f9df7559ab5563b01dd94f9f3b2db34617fe392e00060339
SHA512d124af2c705b97cbb307497f88c47a5f7d320174d48626ea14ac27d42bcf8016f32810cf7ecb6af1261297b8c331a6ea89e2e35c3e2536390d8d6e500ed8d61e
-
C:\Users\Admin\AppData\Local\Temp\+JXF4498721804147750030.tmpFilesize
398KB
MD5ff5fdc6f42c720a3ebd7b60f6d605888
SHA1460c18ddf24846e3d8792d440fd9a750503aef1b
SHA2561936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3
-
C:\Users\Admin\AppData\Local\Temp\+JXF4728688028706290249.tmpFilesize
401KB
MD5a473e623af12065b4b9cb8db4068fb9c
SHA1126d31d9fbb0d742763c266a1c2ace71b106e34a
SHA2561bda81124d6ae26ed16a7201e2bd93766af5a3b14faf79eea14d191ebbd41146
SHA5121fbc2841783140fe54f3ab1fa84e1ded2534bcec3549ade2f513491b32178df515bd63a0a4a2c35017a6850ff9c3a24f8602357d912acf8ca92b8d68ba846d3a
-
C:\Users\Admin\AppData\Local\Temp\+JXF5107927211275000330.tmpFilesize
405KB
MD58f2869a84ad71f156a17bb66611ebe22
SHA10325b9b3992fa2fdc9c715730a33135696c68a39
SHA2560cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA5123d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834
-
C:\Users\Admin\AppData\Local\Temp\+JXF5788066354913604325.tmpFilesize
403KB
MD5118abbe34a2979b66d6838805c56b7cd
SHA17f320cb81660fc6dff9cc5751f8fcc0134847c77
SHA256d054d998ae12be33820b100e0ed3923d513fa5c79c6d4e7ca1953afeb262ea9b
SHA5125bcad4a03ced2ce76c5ebf78cd2c1328a4ee27019807f56a48bf8a0f936c57f351f10726c176952f0cf08776a5ce53d34c14d6a848925be2789408a61678f381
-
C:\Users\Admin\AppData\Local\Temp\+JXF8724198934047048733.tmpFilesize
397KB
MD5fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA15c95e5d66572aeca303512ba41a8dde0cea92c80
SHA25664f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA51220ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53
-
C:\Users\Admin\AppData\Local\Temp\e4j6A24.tmp_dir1718729416\SKlauncher-3.2.jarFilesize
1.1MB
MD54d653e61ba01a521c56b9a70a9c9814e
SHA1de855dc3dbc914b497b58da92e0c21fff660796d
SHA256f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def
-
C:\Users\Admin\AppData\Local\Temp\e4j6A24.tmp_dir1718729416\exe4jlib.jarFilesize
62KB
MD5bd8451491a92b1aa5fe6d44bc9f3e1c6
SHA1fe210263b4bdaa3719b00994e665839c8987094e
SHA2568a416dab7b3028f3e79b41521b65432ab2d25dec9f85e220ade0157badc0dd41
SHA5123c1892e9f8812ed6e895936ad16f3f457f50283d88d37b45d780a1d5f0bb2751bb74585b03227d10367b9367c7c2eef68d88d914b8e3cbcca0b2dfca05ad0ebf
-
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4534763095900.dllFilesize
22KB
MD5dcd68a87b7e6edbcfde48150403b22eb
SHA128e4839a29725075772fccc39b44e194eb91e477
SHA256ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71
-
C:\Users\Admin\AppData\Local\Temp\i4j245619156751164253.tmpFilesize
880B
MD51e7057e6b945169ea17e040fbdc9bbcc
SHA1325fa92c00005530031b88dbd8feab8a38f5d6b7
SHA256fe7ef643cddd7b6b60f451546d82ffb80822d8872e726414fee2c6672d4a1dec
SHA5120a8f76977a860bfb911a83efa8d6caf73ebf9af4881197f230e33b55453ceb46fcdc9b0e1130580573d895f3438e4daf95b3659806ba60e2f8083085a82de408
-
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exeFilesize
93KB
MD5802d1182a4685e1b86c0a9dcb3f2be36
SHA13aea1c3d1925ec0e6c4e534adcccb1271c6a5f04
SHA256e48ef14933f4eb6071497a5311ca0ac6e115f7a0d57a60e519296f8fd42ad4fe
SHA512ebde9d7c89fed73ea1766fdbaf716e5ba69068b5b0c913490c9ad8703540945e2cda248b0365d6a49acecae960a8fa846da53cfbf8e19b98a6da382267dc562c
-
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jarFilesize
14.1MB
MD59b59fa715db2f9f8f6ed9e14f3768ed3
SHA19d46c5898c653fb1785e399b74f26633107d0bde
SHA256fab6dede2f59dc4b7b6be032fbce1209a93aca02b7d6c126e3f1584148230146
SHA512e9e84b056e0f1d8be544194a275ca61b5e6820dbbd701dec5aa75b804705ab33cb826314c0f6edd527cffa84de80062c559f9fb49c53b5bbfda9481bd138be5f
-
\??\pipe\LOCAL\crashpad_1236_HKYSYFHZENATCNVPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4352-20-0x0000015A2BCA0000-0x0000015A2BF10000-memory.dmpFilesize
2.4MB
-
memory/4352-30-0x0000015A2A3D0000-0x0000015A2A3D1000-memory.dmpFilesize
4KB
-
memory/4352-31-0x0000015A2BCA0000-0x0000015A2BF10000-memory.dmpFilesize
2.4MB
-
memory/4560-296-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-124-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-288-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-1001-0x0000000002530000-0x00000000027A0000-memory.dmpFilesize
2.4MB
-
memory/4560-222-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-216-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-213-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-204-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-299-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-162-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-146-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-302-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-108-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-82-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-292-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-49-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-45-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/4560-34-0x0000000002530000-0x00000000027A0000-memory.dmpFilesize
2.4MB
-
memory/4560-926-0x0000000002530000-0x00000000027A0000-memory.dmpFilesize
2.4MB
-
memory/4560-303-0x00000000021F0000-0x00000000021F1000-memory.dmpFilesize
4KB
-
memory/5056-5-0x0000024B8BA30000-0x0000024B8BCA0000-memory.dmpFilesize
2.4MB
-
memory/5056-16-0x0000024B8BA30000-0x0000024B8BCA0000-memory.dmpFilesize
2.4MB
-
memory/5056-15-0x0000024B8A170000-0x0000024B8A171000-memory.dmpFilesize
4KB