Analysis Overview
SHA256
05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
Threat Level: Shows suspicious behavior
The file SKlauncher-3.2.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 16:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 16:49
Reported
2024-06-18 16:52
Platform
win11-20240508-en
Max time kernel
92s
Max time network
94s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "235" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
C:\Windows\SYSTEM32\reg.exe
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
C:\Windows\SYSTEM32\rundll32.exe
rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef7c23cb8,0x7ffef7c23cc8,0x7ffef7c23cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1784 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2424 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11758691758403618780,16347230434857621598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j245619156751164253.tmp
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=335789
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffef7c23cb8,0x7ffef7c23cc8,0x7ffef7c23cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3110002553838536423,1367549533595321655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\WriteSuspend.mpeg"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a2f055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | files.skmedix.pl | udp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | 2.199.67.172.in-addr.arpa | udp |
| US | 13.107.246.64:443 | piston-meta.mojang.com | tcp |
| US | 188.114.96.2:443 | meta.skmedix.pl | tcp |
| US | 188.114.96.2:443 | meta.skmedix.pl | tcp |
| US | 188.114.96.2:443 | meta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.21.234.234:443 | rsms.me | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | launchercontent.mojang.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 13.107.246.64:443 | lgincdnmsftuswe2.azureedge.net | tcp |
| US | 13.107.246.64:443 | lgincdnmsftuswe2.azureedge.net | tcp |
| US | 13.107.246.64:443 | lgincdnmsftuswe2.azureedge.net | tcp |
| US | 13.107.246.64:443 | lgincdnmsftuswe2.azureedge.net | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| N/A | 127.0.0.1:50476 | tcp | |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| IE | 20.50.73.10:443 | browser.events.data.microsoft.com | tcp |
| IE | 20.50.73.10:443 | browser.events.data.microsoft.com | tcp |
| GB | 184.28.176.107:443 | tcp | |
| US | 20.42.73.26:443 | browser.pipe.aria.microsoft.com | tcp |
| BE | 23.41.178.50:443 | r.bing.com | tcp |
| BE | 23.41.178.50:443 | r.bing.com | tcp |
| BE | 23.41.178.50:443 | r.bing.com | tcp |
| BE | 23.41.178.50:443 | r.bing.com | tcp |
| BE | 23.41.178.50:443 | r.bing.com | tcp |
| BE | 23.41.178.50:443 | r.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 23.41.178.64:443 | www.bing.com | tcp |
| IE | 20.190.159.67:443 | myaccount.microsoft.com | tcp |
| US | 131.253.33.254:443 | a-ring-fallback.msedge.net | tcp |
| US | 52.111.227.14:443 | tcp |
Files
memory/5056-5-0x0000024B8BA30000-0x0000024B8BCA0000-memory.dmp
memory/5056-15-0x0000024B8A170000-0x0000024B8A171000-memory.dmp
memory/5056-16-0x0000024B8BA30000-0x0000024B8BCA0000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 0a9429a3287a8fdf32a7332def36e387 |
| SHA1 | bedfb3f64e6753b0d7c24deb337feb5fa4b4e6d0 |
| SHA256 | 57fa8410e8abd9d5610b2a2ba83e7b842938066f08105ae1c6d420477c0c2b09 |
| SHA512 | d8a86d72700fcd3b9ef20304f2a18891669fd03eba9e7ae37b9b2d6e8680c39bb77cb796cc359c821d1adeffd49569ff9d4804f630b1e7ce64f40ed8e6ad6466 |
memory/4352-20-0x0000015A2BCA0000-0x0000015A2BF10000-memory.dmp
memory/4352-30-0x0000015A2A3D0000-0x0000015A2A3D1000-memory.dmp
memory/4352-31-0x0000015A2BCA0000-0x0000015A2BF10000-memory.dmp
memory/4560-34-0x0000000002530000-0x00000000027A0000-memory.dmp
memory/4560-45-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-49-0x00000000021F0000-0x00000000021F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4534763095900.dll
| MD5 | dcd68a87b7e6edbcfde48150403b22eb |
| SHA1 | 28e4839a29725075772fccc39b44e194eb91e477 |
| SHA256 | ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c |
| SHA512 | ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71 |
memory/4560-82-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-108-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-124-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-146-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-162-0x00000000021F0000-0x00000000021F1000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar
| MD5 | 9b59fa715db2f9f8f6ed9e14f3768ed3 |
| SHA1 | 9d46c5898c653fb1785e399b74f26633107d0bde |
| SHA256 | fab6dede2f59dc4b7b6be032fbce1209a93aca02b7d6c126e3f1584148230146 |
| SHA512 | e9e84b056e0f1d8be544194a275ca61b5e6820dbbd701dec5aa75b804705ab33cb826314c0f6edd527cffa84de80062c559f9fb49c53b5bbfda9481bd138be5f |
memory/4560-204-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-213-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-216-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-222-0x00000000021F0000-0x00000000021F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\+JXF8724198934047048733.tmp
| MD5 | fdb50e0d48cdcf775fa1ac0dc3c33bd4 |
| SHA1 | 5c95e5d66572aeca303512ba41a8dde0cea92c80 |
| SHA256 | 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123 |
| SHA512 | 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53 |
memory/4560-288-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-302-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-299-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-292-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-296-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4560-303-0x00000000021F0000-0x00000000021F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e4j6A24.tmp_dir1718729416\SKlauncher-3.2.jar
| MD5 | 4d653e61ba01a521c56b9a70a9c9814e |
| SHA1 | de855dc3dbc914b497b58da92e0c21fff660796d |
| SHA256 | f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350 |
| SHA512 | e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def |
C:\Users\Admin\AppData\Local\Temp\+JXF5107927211275000330.tmp
| MD5 | 8f2869a84ad71f156a17bb66611ebe22 |
| SHA1 | 0325b9b3992fa2fdc9c715730a33135696c68a39 |
| SHA256 | 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1 |
| SHA512 | 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834 |
C:\Users\Admin\AppData\Local\Temp\+JXF4498721804147750030.tmp
| MD5 | ff5fdc6f42c720a3ebd7b60f6d605888 |
| SHA1 | 460c18ddf24846e3d8792d440fd9a750503aef1b |
| SHA256 | 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1 |
| SHA512 | d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 23da8c216a7633c78c347cc80603cd99 |
| SHA1 | a378873c9d3484e0c57c1cb6c6895f34fee0ea61 |
| SHA256 | 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3 |
| SHA512 | d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17 |
\??\pipe\LOCAL\crashpad_1236_HKYSYFHZENATCNVP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e4bf11ed97b6b312e938ca216cf30e |
| SHA1 | ff6b0b475e552dc08a2c81c9eb9230821d3c8290 |
| SHA256 | 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad |
| SHA512 | ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | babed9125fb8b8cd2fd57176c54d5817 |
| SHA1 | a15ac86ec5445c12d43aadf9d23263561884b12b |
| SHA256 | 40c9f7bc680d76a084b83a220abb22411aed8da9810e24651dda9ebef1685d0f |
| SHA512 | aaced485dc8d172b92c4fa4e2dcd88e0df295e577dd8cbdd1d9a66afc22e40339ecc4c873da9a5f07bd24d06cbbc3d4cc161322f0921cdc92e80c19da127bfef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a1ff176ea474e81ad11f8637294c189c |
| SHA1 | 47e5de143fb67217450ee914128488d9dca6632f |
| SHA256 | 6cc4a9689343a6884da4ea2c15b558b927b08ee9be2229caaf0b4493ed0c88ef |
| SHA512 | 64b13c7f57eb36bb5ff844b2e61c571cff0aff14f6c993250f14cf9d0e870f979ea270da52a8927265baec8ca3c42491c05439f2698995531a86e7a1be066d72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 98db7c51a8a513b059de3369113ee18c |
| SHA1 | a277bfa3908e0b5188008c50bec892ae5f24e3d7 |
| SHA256 | 553fc3cab6bc74791f896a85c40a41337e6ceb98017a0749d22166629d0e8c36 |
| SHA512 | 7f410b664c260ff9bd9c2fa2bc8ae568b7bad52447a88a4487bf2525324efbd48fc15e323c939acc312f716eae0bbd3f692b1e894a1dd71aae6c51ec134b543a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9618df8775e48da2aa380560adf659d4 |
| SHA1 | 7eab93426b1bd0da46164a2983336f2fe7e1d293 |
| SHA256 | d79fc0b5b26291d9188643c546b43acc7427409e6317915f88c0bbb0e8d62cdc |
| SHA512 | a47a285e7bf0592bf45437511fe177442de1a2fb6589c4c5420df6daae7304f74d8f66a433010baded60fb522b30b025bf55dc4b19cc0a2a1a4d1b2839f340e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 119b9326a3d87cf92a8e890d5bb2fa90 |
| SHA1 | c7456c480c5473a233b8e8e818ab98f4e30e1fa2 |
| SHA256 | 75e2b144900db60104e0384f21393c1d99e211d8cbaedaba1a4e87c7b8540084 |
| SHA512 | 4ca6654aa998491ef90420581291b8121c3c8b84653cd5806464dbddaba6ebe04ff970dc85be7428fb9879f03a02c8bc43488b278edf0b089862a0b9628b0a34 |
memory/4560-926-0x0000000002530000-0x00000000027A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\+JXF2258524562815390049.tmp
| MD5 | c4c47e3d7ed51a6bb67b7b8088a4b0e3 |
| SHA1 | b190f4e4e8f838c46ffe9507d966ea4d8b37d8ce |
| SHA256 | 5e606f805a71432d4875de7dab737bf9dea1187090f0a5190da9b1bbab09f57c |
| SHA512 | b4251618479c52398ca71cfc61ad88230a14145771ef1085ab9288486d7bfc841f0ea222909f8ba6882db6076df26bfe37e1c23917569270c86d6e7adee7cf13 |
C:\Users\Admin\AppData\Local\Temp\+JXF1681859141366057259.tmp
| MD5 | c5c41f7587f272a4c43a265d0286f7bb |
| SHA1 | 916224c963d04b93ed54ce7c201108f398e7e159 |
| SHA256 | d549110689cdde0821ca2c7148f7b47a097166b4169786a4a9ede675f5ce87f3 |
| SHA512 | d4b4d01088d9f506368dc19d709b4ba6be764929b0dd05775841e14cbbec674f216b81515ae529e95abfd22ed2f3e2d2774363dd4284c8c8b57d203599555f76 |
C:\Users\Admin\AppData\Local\Temp\+JXF3715579769142660225.tmp
| MD5 | 12ec66b825b504d752e8c333bf81dacf |
| SHA1 | 56896d3e6011466b7e6631c714c57e20ee8366d9 |
| SHA256 | 5fc09af94a447fae6f82c00f15dfaef9eae7c560e6cbe46d3e84524019a574aa |
| SHA512 | 8cb838589ac4f9819b7e2204517445df94663d3217297212973e8b2d9fece162155130ddc783e7e89ef2832d38bace731b2ae3b73aff36ad782c707813bc52b4 |
C:\Users\Admin\AppData\Local\Temp\+JXF5788066354913604325.tmp
| MD5 | 118abbe34a2979b66d6838805c56b7cd |
| SHA1 | 7f320cb81660fc6dff9cc5751f8fcc0134847c77 |
| SHA256 | d054d998ae12be33820b100e0ed3923d513fa5c79c6d4e7ca1953afeb262ea9b |
| SHA512 | 5bcad4a03ced2ce76c5ebf78cd2c1328a4ee27019807f56a48bf8a0f936c57f351f10726c176952f0cf08776a5ce53d34c14d6a848925be2789408a61678f381 |
C:\Users\Admin\AppData\Local\Temp\+JXF4427102538236886191.tmp
| MD5 | b97f16379b4c106616f60f702733f5c6 |
| SHA1 | 85c472fb9a7f256643bc4bba10f158dfaa1d1e8b |
| SHA256 | 4c392dcc8ad916f0f9df7559ab5563b01dd94f9f3b2db34617fe392e00060339 |
| SHA512 | d124af2c705b97cbb307497f88c47a5f7d320174d48626ea14ac27d42bcf8016f32810cf7ecb6af1261297b8c331a6ea89e2e35c3e2536390d8d6e500ed8d61e |
C:\Users\Admin\AppData\Local\Temp\+JXF3769075554211259755.tmp
| MD5 | 4b1ffad3c0075af22674765ff1ee2f56 |
| SHA1 | 1f7b05d0ed1c6c15736115a59ad844adea5f1f66 |
| SHA256 | fe3714926082ac5764327e3b67ae52cb6f0cf6b8c4221c064a6cacf821079414 |
| SHA512 | 427db3fe5860676fab65a9b895d205620a1ec0aa172f45aa9ecef261820e25b84f3413bc5d0a9d0c1311422a8da1f5706ac4f6211a60aacc82974cf00ff036a4 |
C:\Users\Admin\AppData\Local\Temp\+JXF4282938065680346268.tmp
| MD5 | 4154321279162ceac54088eca13d3e59 |
| SHA1 | 5e5d8c866c2a7abfd14a12df505c4c419a2a56f7 |
| SHA256 | 6bdebeb76083e187c7ae59420bfc24e851edb572e1a8d97c1c37b7b2dc26148c |
| SHA512 | 04ca175774cbe3f2d83543c01cc388e2715ab7b1378143db41bacdc7e7eddf05d3beef476f6acbe7ddeb34861984efb5fd7f299ec1820697c440b372d258aee7 |
C:\Users\Admin\AppData\Local\Temp\+JXF4728688028706290249.tmp
| MD5 | a473e623af12065b4b9cb8db4068fb9c |
| SHA1 | 126d31d9fbb0d742763c266a1c2ace71b106e34a |
| SHA256 | 1bda81124d6ae26ed16a7201e2bd93766af5a3b14faf79eea14d191ebbd41146 |
| SHA512 | 1fbc2841783140fe54f3ab1fa84e1ded2534bcec3549ade2f513491b32178df515bd63a0a4a2c35017a6850ff9c3a24f8602357d912acf8ca92b8d68ba846d3a |
C:\Users\Admin\AppData\Local\Temp\+JXF1378848144275358268.tmp
| MD5 | 9a21378c7e8b26bc0c894402bfd5108c |
| SHA1 | 72bd9f3ca75ca691ce86fe1ebbdb269f5f737bae |
| SHA256 | 0d34f9588400a586b774be97e66ae8c076a8807b8455df0587b39d2a4a1a3b42 |
| SHA512 | 4a9d23a01f1a7474e0339d4d8b151d0269bfaf7d9e13ff6aa34d7f929002e8ff185f273e6f7afd2d40df3e0630a962dc7767d870dcf1766f3e04b8029a7b452e |
C:\Users\Admin\AppData\Local\Temp\i4j245619156751164253.tmp
| MD5 | 1e7057e6b945169ea17e040fbdc9bbcc |
| SHA1 | 325fa92c00005530031b88dbd8feab8a38f5d6b7 |
| SHA256 | fe7ef643cddd7b6b60f451546d82ffb80822d8872e726414fee2c6672d4a1dec |
| SHA512 | 0a8f76977a860bfb911a83efa8d6caf73ebf9af4881197f230e33b55453ceb46fcdc9b0e1130580573d895f3438e4daf95b3659806ba60e2f8083085a82de408 |
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
| MD5 | 802d1182a4685e1b86c0a9dcb3f2be36 |
| SHA1 | 3aea1c3d1925ec0e6c4e534adcccb1271c6a5f04 |
| SHA256 | e48ef14933f4eb6071497a5311ca0ac6e115f7a0d57a60e519296f8fd42ad4fe |
| SHA512 | ebde9d7c89fed73ea1766fdbaf716e5ba69068b5b0c913490c9ad8703540945e2cda248b0365d6a49acecae960a8fa846da53cfbf8e19b98a6da382267dc562c |
memory/4560-1001-0x0000000002530000-0x00000000027A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e4j6A24.tmp_dir1718729416\exe4jlib.jar
| MD5 | bd8451491a92b1aa5fe6d44bc9f3e1c6 |
| SHA1 | fe210263b4bdaa3719b00994e665839c8987094e |
| SHA256 | 8a416dab7b3028f3e79b41521b65432ab2d25dec9f85e220ade0157badc0dd41 |
| SHA512 | 3c1892e9f8812ed6e895936ad16f3f457f50283d88d37b45d780a1d5f0bb2751bb74585b03227d10367b9367c7c2eef68d88d914b8e3cbcca0b2dfca05ad0ebf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | de39b8ca21a62a293516e28e434ed255 |
| SHA1 | 1b39322f7aae8d1f60780028a9356fd89e9b2ab0 |
| SHA256 | 40848528732125f14417f2f09321387107f1b793afb0647a64e80830f301eac3 |
| SHA512 | cb78a034ac63022e627b0b6f6ce3e4ae791d25a0425ae85549987bd0163427b5c2328d43e64c6af0dc374acf31b5676bc55d1f7a6957f698dc777acb90caed28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 3b1c525f08a0ff18015f5131711e0506 |
| SHA1 | a258c3a5d21fcc0cc532265c92e0379bac2139f9 |
| SHA256 | 6ffe4f8bc58f33108a66f6a9e4e4dfef29595d4ef5e4ecc483fd3c05e87fb4d1 |
| SHA512 | 3c59dfe737244adb3e27a7440483a3173032e4f6be9ce5c57bec590e48125e441d4bd7dc6ce4e7c15f1df912f909797fe5f971863f1a0dba2f0408b6cda7e68c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | da353e592ab27c2504ffeccb6bd988a3 |
| SHA1 | 0937ab4007668f8664357efbc9796b3208fc1900 |
| SHA256 | ab32cb4b6090c1ed75e77ce3643a89f069799f5d4def0796727df019cad61c74 |
| SHA512 | b9a86e3f8016e952bad46f22cfb736b302ee745a7251e8eed217efe2d7ba3bdb5b0578fb01d28ec90bef96dcae954e6b4cdd3466216ddf6bf49070a1685ead24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 046864a7f86254ea66d3a2e1a08cc045 |
| SHA1 | e5c708ba24e19627d0f6749bb8f870f313dd6db9 |
| SHA256 | 07ccbf4b04a77d51c2417fdb6ecc1ac89e98e2a765dc8fc335512d301a2c09aa |
| SHA512 | fba1a7e470c2214f59e8164aa6f9eb84c329602844a4fabe3dd4affe806bd6dda659a0ad8f5f7ed0e8e30b2daccae06219d5ea5028f6f094e93418f0b59bdda7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | a62d3a19ae8455b16223d3ead5300936 |
| SHA1 | c0c3083c7f5f7a6b41f440244a8226f96b300343 |
| SHA256 | c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e |
| SHA512 | f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 16d2e232b12a40b0fe020a02ef2c7685 |
| SHA1 | 2843d7d18de8dcb82b59dc87f1fb158b06106a32 |
| SHA256 | d909ab25b90c16759442fc17621d904f8b6c7d156943dd1d8a9bfac1a0a11963 |
| SHA512 | 50cb323c8794d7fc6df262a68ded88a36872abeb759d4287f88d61c9d85f05084ef2e2aa72f290709cac2949db513e3cec75d33d9a6d7c55905f830ef91564cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 28c1646e9f0ba6a6e57f245225a38090 |
| SHA1 | c69d1beef59fb07748768698c482de5e3cef8eaa |
| SHA256 | 99fa4caba166fbf9031f45e2af9d419d2e7b0aabde99fc4c87f69b3a34d41099 |
| SHA512 | 71550fe95716ece8e139d99b50425797a704697b76c1708615ee976c806a09ea8149466cb5727f5e2cd9ec3327a9335fd240caa36f16c1fcb707835d7fcff6f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | df037a6cc2d35aeb43d002b6d00d3de1 |
| SHA1 | 60a15fa0bc05694fd078075e2fb218f4761ceb59 |
| SHA256 | 34211d9c9090e9924036066577419199dbc25237cce091fbadd4d44ac4a23756 |
| SHA512 | 8fc664a22106830735bc4425e40b7d9c6f92a0d4bceed7aaefc7d10adff33285e79b11e8549210191ce291c3f89b1dc381fa5d1b28f1811fe695e33c5480c65f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 4d3dc2ecc7bb339225a4b5b443f55208 |
| SHA1 | 83365637a6970a75f3782bf7a405844eac0f8e4f |
| SHA256 | 1d3cece6eaf852d9272a4512c90c4ee9126a61bbe7949b6a22561286b9110086 |
| SHA512 | fcf8c1ad550c52857726f8b7246b9d8f839a2abfbb5019b832f898a72804fa2040589371173a867cf327fd139e6c5998ccd845ae697ef5ecc66cc890815f2029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | 36a8089791882747bc6ede6d6302afd9 |
| SHA1 | f97856872f714a69c8e9813dcddf717b64b23e9c |
| SHA256 | 0ff6f92dae6a3d58b7d9a34425a55e893afd93f4375024a879203e0513aecb2a |
| SHA512 | 9f1a5f92ef9866dcf6c80d7d2b08b31ef71d2f0b17f393c327b6191c5ff2e73ee33e6100dc9787ae31e10762009ebcb9e89f698e60713bc1b867eee6831e8ea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 31a1b08566d43ce7ccfd9b6cbcfaf49c |
| SHA1 | c14c064870e198268e757c22303651691aeac14f |
| SHA256 | c0d09250544644cc09d454e0d24a99d634f7a5cb6b6c9a704da4a412db5083b1 |
| SHA512 | a6b695598e94356a5ec70becf75a5b12ea88a84393ab298b4243ad13f6c3d6908ca71b7e87d117f35732b1b8b555bf3414339698204489bb52bcf9e331d776da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363203032316837
| MD5 | f95ce60f71b604c9cbd10aeecdf9e69d |
| SHA1 | e0481598e2cff2860aedb07991f7afe3f2049bb3 |
| SHA256 | 6a96dc1d1b5a49975bbdb68c56f7537096debddc591bb092a99deac0fc60e683 |
| SHA512 | af1d7ce479a87c3d340e4a0de2b9ab630604f7f74e02fb5d2e70f077566e1b055ec12b6a01857a2a3ad25f1e2c90c125989517e3e6b3e663a4233e77e586e4d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d1143ad89b151489afbee3c6eecc4d77 |
| SHA1 | fc7753a709f4720c48e12c2153db32db05314935 |
| SHA256 | 3854285392d964d139626a5bd393565751ded72bfc434eca16bc12750455108a |
| SHA512 | 285d233bfd6e60f412bc3ef19cf5bfaa99ffaba5f89ae556558810b0ce76e2249f38d795f45c63c2f46caf4d78276e88aaaf632a2a0935463477594d9ff9c32e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | ab0f734de5a533487ea34800bfd6066d |
| SHA1 | 69514a562bb9524c1ab4e8f961753c309ea7a448 |
| SHA256 | a4d05075ec664779e7268cae116e48502e7ea4c974bd455e0d5e95f5d88f1991 |
| SHA512 | e2556e6fd398138f7bf2eb18f77dbe0b87df44c0a2db56089d94b3f84707a7c21233e3d3bdf5ca430d45eb756a3f3d94ac2a1288a0df40a4aaa527355818e01d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | ad1e58567c9d857727f26aa7f52d6b25 |
| SHA1 | c1b6465542b9c7dc2a984afb6156c35c3e60c79f |
| SHA256 | 40ba087967be60a0ab76baeb34ef848fa927a1af805b9158b18285df83b7ceb5 |
| SHA512 | 2ae5cff54ea651120bf34919430148bf678c2c6b0bc4a73a2c45abe53feb741971bed1ef18183f0e94d2eb571617bea56be5744a7fe9fdddb55fef77ab8220d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 875970b06268404a7c72e11691a0b8a6 |
| SHA1 | 5b19cb1dc1c9854ed077f3ca907afd55bc49010d |
| SHA256 | e869ee883e45a9628ed589993524daba69657c2e6f4bc8e83642ea4bdcd0fc32 |
| SHA512 | 52543d523a4389b78bde6f75c1cfb63d7e8fead0fbe5733aa35852ae084414d3fbb5135a84569adca444c25fe55fc8c684e9dc584caa03e949c18ca5bf076266 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | a3ccf02f1094e597e576b16b9e810cab |
| SHA1 | 18b81583cd12695840168be57314a9b4ca953a29 |
| SHA256 | 3db12acd12e560c4a57585226b653443723cdeed95866b4fb80a2d946cf50748 |
| SHA512 | aa72e00b84064662203b7e0062cb7fb5b436df1985e984bad49521bfd7e44300a8604e7f03b87e5a787f0ace55fa74bb365409e794337097f48bd1026a136d28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 22cde73120e24d31a5d0878bb187adb6 |
| SHA1 | 82c71155b28cfec082c76c938123148249d74471 |
| SHA256 | 2137685044876f8bb9aea47befb482724d82c91e282d506a4f7ca01598dae917 |
| SHA512 | 8fc9a51305895786c2b8e80eb7868cf75b780963adaf84314653ba32017f8b1e8e6e5ae66f0d2b539e37e000cffbe5af1a976c2543a719e121a861a76df50abf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 00b21df9b8f40d73d17b91e3cb802866 |
| SHA1 | cb81e68a61edd1dc1564d2247b4ca3f0bc7cca2a |
| SHA256 | 87fedddacb50fd927e242d48556a0b1d7e3b77393b224df6f6ed146bed62b0c6 |
| SHA512 | 1a5a82db6ced01b15dbdbfa44a5ff98dedddf0f36037cec8da69b6dd2554130ccfbf1470fe74e09875dca07dcce47d189a4daaa0960d593c32beec5a3c303ab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | c822ce37a5eba32297f61394d078b2d9 |
| SHA1 | cb3ad242af649fe814421ff885fcf56192e5ef48 |
| SHA256 | 0a9b5206a0c23e9e214bb1b9b7655fdea1cdc3a9a41e014288fba14911db113e |
| SHA512 | 17b95814014868d7ab8e43d89772497a6dc9fa2ec2d038b501e90fc2e56c4a508954ece67d9d939cdaab4bd801a6642fbfd81bc0b7645a8a7fa383c1667f93ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 7c2b9038cdeb652bfe22779b93b160fe |
| SHA1 | 1da71ca51aa54f40d33e6f487377028831e2dfa0 |
| SHA256 | 34e460e21d05bb320a28f0a21e270931c5dd11f2a8bb7c7af32e22031d9ee1f9 |
| SHA512 | 3da46d98f59a3fdcc1da132549b6bc01f970b052d81ee88e339b0a8d03f8762a88e5a283980c0eb17a2a1b4cc4b6c9ae36e3fecbe933b9289a4c3e19401ffc30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 650c3e1867c08cd8eb6971af2612d6b2 |
| SHA1 | 9497a294eefe84a0b08c0abdcc3e4e83d9027944 |
| SHA256 | 3031676d71c79d489caf3d263ec9a94ff48689ec1486682d61cceb82be9c7f7f |
| SHA512 | 17025f724a4fcdfda91e260491e0cc20e0f228840bd22664cdf963f1b7b45245ad589d021590062f33ef9c13193b0a643726327c07803aaae80b4c57fb0f8b9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | ec1641b0dd76743089cbcc55cf13a80d |
| SHA1 | 616b73d29cdea0fd29e9c161492346d1f4502086 |
| SHA256 | 8d5898400daee26371842f2e77e02b8e29e9ad24b600226ec2cd84d4dda50a3c |
| SHA512 | df28d52a6bd4434078246c49b2bacdc8ec63f237a2fba1e202d4f5e5500a87302615958ad49ae081465da636c607141a4964dd327441c0cba5595e3a90461de2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | c9466300dac77e85b1e5ceec766a1cab |
| SHA1 | 5c13f94554dff94dbe525256d4d5cb51abd0fc8c |
| SHA256 | cdff9f9132cf614aab70eb97a625d266e4c8c043fae52ab955742b9a897f6f0c |
| SHA512 | f841a3c04e081e69da4609c278db1af360dcba2c528ce4e1eecf88b68203940de9bbfd1cad4e1d5bb71c331a0ed5220659e94c22f86bcf8ad6c158444d8f05c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 9232cd08c28b56db9fe30a7aca459e29 |
| SHA1 | 6507f7965e9ab30a429e1ddd70e643895620267a |
| SHA256 | f9171c59fdd225eb5c4c4e891e00657556e8b9f77d69614eb80bb20636ee912a |
| SHA512 | 2c8321cb752ccaf250100dc4dfbad7e6ec51d1323a16c673e4e70493b0f1a3358957bc4ab4b1853f6d2bc6ed375886557e0b0d76774f9e21bb4886bfe4cd3da2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1f1e6c5d44f8099311e827163e879980 |
| SHA1 | 6f094eb26964b769322cacabc5bea4395fdd012d |
| SHA256 | 451cf3c32996f74e9daa7864388f54430b0e895d1c5e72d7afc375dccf2401b5 |
| SHA512 | 662f22d0a7cc2fa6b0bbbd45812cf80accae78861e70e861d7302681794f4564a44f592969c6fc84abbb1f1ea2c875787174d8e53b57ae921cffa258761d415b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 394c8e932c5f5703d67d0b68873860ce |
| SHA1 | de307b2bddcd6943bf4683a616a3dcdfa790c19e |
| SHA256 | 3dd17fb39cdee7c05822ac2f276d57b10cbe90157ec448d949462eff22ca5339 |
| SHA512 | 9d65bd6adf180d6755caf5e08f88fc927616fb51de48513d364ed95ff56f7fedcb24fe1fe82952cf4df1c72041fbf1d73c800703dc74a23a9d9176264873b6e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | c869988351c5b06b88eed602066a85ea |
| SHA1 | f380ed2dfa652cb09e40e00096f52b6f23c671d5 |
| SHA256 | d66c1ab82e389be3ab868a23b4ef9545694d4ca3fc30962be8120542f488bdc8 |
| SHA512 | 249c8f59c846b72c43068c5313eeb51a30603f01f6eefe9768a22f693e7e64436742e0e33240d6d226af81c33d60fe2ca6d4dcc1117152799d51fab5419a4485 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13363203032076837
| MD5 | 756a3adf416bd7ae519b167276d5727c |
| SHA1 | 6bc554339475abecd3a3c5fb3281bc65176b790b |
| SHA256 | 66bf87dc284d1993e23834ad40a7dcfc71d54140b84e8340ba2a95a45857ea66 |
| SHA512 | 393886ba29ccfb49adb0c4dd940c39a506c70a5afe5851c0bd60b2ae60aa8d6e8b05feb920c75f1611412590c477ad7732a659560cb4a2fb8969b5dfb067718f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 95b53905a48ee5f6097e0c0fb590b909 |
| SHA1 | f45eeb67fae4737a9d0b050a13cecb9011854f3b |
| SHA256 | 1bc532b3668ad99151aab584c690cfe2bf62c61edba3df1863188be18eee1a41 |
| SHA512 | 01424075ab0fe310526c31a4f17c5957e47ae0c2cdc45c9d42e21e61d2f676dd95d8bda750a0f14a82a233c32c1bbbba315492ba2ded1a3aafa529243503345a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 270517a18bc143da78aeb5954b0d0942 |
| SHA1 | 562a03c3acace7fbe6b4bde94562b1471788f5d9 |
| SHA256 | e06bada6a8554faf73851008bfdc8539e67a9602ec6a5dac6e566d49ff0d3ed6 |
| SHA512 | 30070629a19c022d0a2bc35238813c11a9a43c3c284a53330c44f4b6946e32ebd2532dcf9bdc6f33feb26ca7124b1ba66e92ac678a959eec7111141f29e1be63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1c1728fee447f61633b77b7dcd336be1 |
| SHA1 | 13336afdedd6f2107cb7088db2f3fdd10b97ec1a |
| SHA256 | b601deebdb2fdd4c844e910dc43c9799a4263ec3ee06f2982f8d81fd2e0a4c82 |
| SHA512 | c3b9fd1908177fa6836a8cc2bef000321571b8470a132e49839ca266326b62fc97962cf459f5d160dfd6d0f4edfc6853f4a47275440107ed9f32d52b2548babd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 90c96b40323d26f4e9bd264ad491a3ab |
| SHA1 | 5e274879be79518f948b605c7caf72336bed7323 |
| SHA256 | 94f54acbc1e8ed3f42e9bd50201ff399a16e5c4ce7cb8072cefe52f81aad692e |
| SHA512 | 52d2f4a9a3dd82bfe1d09078acc90139fc95d7a61bdd0f8994e053ec97f7979544cb1122fed2d73564e68aa6459113dc3cfeec9d7e5808773e763202c5e4c184 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 5219ac9cb060eafa0988f43ae549a98e |
| SHA1 | f924d452a4121e0c808c1b756cabf43938109733 |
| SHA256 | 64428d9fd613a9afaf525f4a38448804adb094f2e7ee2cdf6e15f8647cb58199 |
| SHA512 | beb8891ba27a77216351c2ac197662c0d9db4bb92d98b9a13e199f620c9ffba2b1efe9e34ffe5e1f97b35692fec0f19e3d16722a2dc8ed348c23330ce76eea3b |