e4baeaa3c58628acfd7058b9d434ab2e6a7400445f55685169a79f045810298c

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.10.exe
Size

1.6MB
MD5

ebb40145a6bfbed88859e41689315d82
SHA1

7bb2c82ef24ef919d04592930bceae039f78aebf
SHA256

e4baeaa3c58628acfd7058b9d434ab2e6a7400445f55685169a79f045810298c
SHA512

67c6601bed14363e6850d93cf2b90c1e4f69c7cd5098d548aa0f378fb42dc6e32fe52cb81aeb232a365a3edb24fdc6ef46f6400cf1709e1d5ee22fa4ac4e07ae
SSDEEP

49152:HIBc3nmd69QkYtO9Kgl/+e6k4F57YyAzlzHsrviO5:oBhHtRSWet2YyidsR5

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation	SKlauncher-3.2.10.exe

Loads dropped DLL 1 IoCs

pid	Process
1936	SKlauncher-3.2.10.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2472	msedge.exe
2472	msedge.exe
112	identity_helper.exe
112	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1936	SKlauncher-3.2.10.exe
1936	SKlauncher-3.2.10.exe
1936	SKlauncher-3.2.10.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3240	1936	SKlauncher-3.2.10.exe	84
PID 1936 wrote to memory of 3240	1936	SKlauncher-3.2.10.exe	84
PID 1936 wrote to memory of 4284	1936	SKlauncher-3.2.10.exe	87
PID 1936 wrote to memory of 4284	1936	SKlauncher-3.2.10.exe	87
PID 1936 wrote to memory of 4208	1936	SKlauncher-3.2.10.exe	97
PID 1936 wrote to memory of 4208	1936	SKlauncher-3.2.10.exe	97
PID 1936 wrote to memory of 3968	1936	SKlauncher-3.2.10.exe	104
PID 1936 wrote to memory of 3968	1936	SKlauncher-3.2.10.exe	104
PID 3968 wrote to memory of 2472	3968	rundll32.exe	105
PID 3968 wrote to memory of 2472	3968	rundll32.exe	105
PID 2472 wrote to memory of 1988	2472	msedge.exe	106
PID 2472 wrote to memory of 1988	2472	msedge.exe	106
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 1264	2472	msedge.exe	107
PID 2472 wrote to memory of 2140	2472	msedge.exe	108
PID 2472 wrote to memory of 2140	2472	msedge.exe	108
PID 2472 wrote to memory of 4036	2472	msedge.exe	109
PID 2472 wrote to memory of 4036	2472	msedge.exe	109
PID 2472 wrote to memory of 4036	2472	msedge.exe	109
PID 2472 wrote to memory of 4036	2472	msedge.exe	109
PID 2472 wrote to memory of 4036	2472	msedge.exe	109
PID 2472 wrote to memory of 4036	2472	msedge.exe	109
PID 2472 wrote to memory of 4036	2472	msedge.exe	109
PID 2472 wrote to memory of 4036	2472	msedge.exe	109
PID 2472 wrote to memory of 4036	2472	msedge.exe	109
PID 2472 wrote to memory of 4036	2472	msedge.exe	109

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.10.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.10.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
  2⤵
  PID:3240
- \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
  "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
  2⤵
  PID:4284
- C:\Windows\SYSTEM32\reg.exe
  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
  2⤵
  PID:4208
- C:\Windows\SYSTEM32\rundll32.exe
  rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff8ac4f46f8,0x7ff8ac4f4708,0x7ff8ac4f4718
      4⤵
      PID:1988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
      4⤵
      PID:1264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
      4⤵
      PID:4036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
      4⤵
      PID:3112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
      4⤵
      PID:5036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
      4⤵
      PID:1328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
      4⤵
      PID:4752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
      4⤵
      PID:2740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
      4⤵
      PID:3592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
      4⤵
      PID:5100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
      4⤵
      PID:4784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
      4⤵
      PID:4944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9766708939888984997,12973141099554755518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
      4⤵
      PID:1872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
e582d2514e3610c1957279f676773c0e

SHA1
3c4c785b1fd4bcfc7c1ae3d9d658b4bd395ecddb

SHA256
62a7ac69a1d07faac84bec0dc6882cf2e8b1df5f12553526fb8bd73ac97f3a48

SHA512
ca5796362c6335dfbecaa72c44db91af02884cf249595a071b5cd98880c44306ecf5fe739f7d4a46a3e6be9d0b19613cdf639af3a92666a28b6e83dd368b7ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
11d6cf2eebda6835eb79800b84f41ae7

SHA1
21e4a847d57a6c8d088bf5522352906856ea3cb2

SHA256
7a476b72e00ac6ce91c8412655c74f93ed3cfd39f24a6ee324053afa9ec0dd39

SHA512
5d9eae26ba37ab7de5c56837661971ca1e4eee78e82e9a5e9aa4211cc664acea326864cdfb31a49cbfb20754c0fe514a1a901f74c7a5f9bca6eefd72ae919541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
350B

MD5
83ccf23362300021e360f4e409155836

SHA1
8c12b2b45773f88524d0d524224ebf9a3830b873

SHA256
ac112a6d637e72a787e119130d9afa2610a3e5ebdf071b1490a1af76a29cbd55

SHA512
c276d4807df2ca70c5ef66bc6d6d3a16fd1c12b6862a3fc3527351a63a53fec67fea6e41b29e661ec67a4db35b35bbff3844b769893448b0bd88952e75d81029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
682d5d5368aebaec95a21cbd84ad3804

SHA1
bf8960c8616dbe4eb00dc653b6bb05452b9bcd02

SHA256
5347f65fc6f47e3bcc9cbb60484ed6f5d3f8f3af692b68e5adc0853e5d8cb447

SHA512
0d1860951c79730265a33b40ede69179c4935486d3cf76ce8a0d6d0562d5147f873264e09a9e41bfbc86260978207a04edef3f0628e40405f27971f14eac4007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
15107ec02c77a85be5d6e5dfdd1b2615

SHA1
9cd02179ead0a6cb81e4d96de3f3f6a193617a71

SHA256
4858b03af46b9dde355217599b00a70a182f0e710ffb371a3c4a3b7b066b362c

SHA512
2201f00a1fb626ca0639c33d8d3f4f4b9ad0e5e0a8ff24149e711d2e2cbdcfd09aa39cd6c7d4e8afd7d033246a9caca801ee27587c899d2746584eecdb23dd5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
380002921b7c862909248983e853345a

SHA1
76546b379182fafe67ee8bebb3f655887a0a5713

SHA256
bdd7ac4a449ff261b1273fa7427d80a6384f8a2665320a60e9a6659d72831f7e

SHA512
48bc5bb42aa5799d13a58eb4425231d33da6ff087338013dbb150ad44fe59de30aca8a93fd1469791e1f1d68746195a181e1acbecff03ff0eca8f4fa2ba77930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
afbe84582427edae01965e6162ca7f42

SHA1
3bf245e051bdf06c7f8263991616be94d463d472

SHA256
735b9feefcc0ae742ea20f631bb36d655c2d84cbc08fb3a9720abb68f73eb17e

SHA512
20b50711bda54f442733fe36ed37d033a25ab2125591afa3f3b623b365dd446e7294f194b36d82a68322da07912d01bd13bb3a415ed8adbcfd27853d1dd36dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
895a056f8994e7f3f9897c04d6ef78e6

SHA1
2c90714588e1855337247130f882274f40a7338b

SHA256
69b5daa3be33e4e3650efb704ad6195a54fdcf660583de279c4d86452485d5cd

SHA512
7201340b665d51264e8684a28004d8de3e592e381e1d4c2b2096cb8c8da476ddcbb088dcaf8de65ffd250a94689e76294635dc29f9bdc7febab2554a7d6eff53

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF3305888330320113020.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF5613651782737340925.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF8969037619043784421.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4jA1CE.tmp_dir1727918475\SKlauncher-3.2.10.jar

Filesize
1.1MB

MD5
1495e81aa573744050268cb330af8281

SHA1
b67d9bda787a526c79128179e5000924bca11dd4

SHA256
3ce7e5aff85320e1d393eb34e918a6b71a667bccf08252fbdd512443e5d62f9a

SHA512
e321e4b9243815b4d0b3ab34c380c2b8da0e8e264b791018a4385967946e8cf320fb5bcb695b7aa75e5a9420ae6ced6ea3c05ecfaedb7a1a6e02a1438a2c9d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4806992109100.dll

Filesize
23KB

MD5
8b9f16320499ece60d7ff0c1249c6df7

SHA1
cd8fc57c064533df66f0ceaaf5d76f8c4f8cb3a0

SHA256
f8a3af19341ac0f12f55ad28169d22b75aa66ed818692541307393c22f986727

SHA512
97384ee1faa1be807388f4077fde5db94010f06420b1ff3a05edf77fb91c9a8163b0a91cb1b7e648c0cd8c4d599e552050f64b8f7c5c81c1be60cd35f062e9d3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_profiles.json.bak

Filesize
559B

MD5
7d4250a311033b9165881eb374f5ce0b

SHA1
f51e8b4b0fb7e7a3af3c20ce64b16d1832852f45

SHA256
f1df2dcd40e33fa452cc2110c36d4da9d9ec05d2529e8a9d6587220c6df129c5

SHA512
6778348d434e12d00e742a097419bb79a002715ef6ca9bc0690e446b783d82b0aa689978d7f4dbc6c0c7655d352aa0cc3f0a822abf4ffaa92ff95b6086ad4332

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\java.desktop\LICENSE

Filesize
32B

MD5
663f71c746cc2002aa53b066b06c88ab

SHA1
12976a6c2b227cbac58969c1455444596c894656

SHA256
d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80

SHA512
507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.jdwp.agent\ASSEMBLY_EXCEPTION

Filesize
43B

MD5
bd468da51b15a9f09778545b00265f34

SHA1
c80e4bab46e34d02826eab226a4441d0970f2aba

SHA256
7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b

SHA512
2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.xml.dom\ADDITIONAL_LICENSE_INFO

Filesize
48B

MD5
512f151af02b6bd258428b784b457531

SHA1
84d2102ad171863db04e7ee22a259d1f6c5de4a5

SHA256
d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83

SHA512
1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

Filesize
16.2MB

MD5
748a70b92b45963cb4ccfdc6aa2dba51

SHA1
5d7c1d1caa0ea43b9eedcf9dc923f54957e0f52d

SHA256
67317c8197aba69d1ac43ca06e3c49a40e6d0dde4527bb24c9814a865a9a15a9

SHA512
0712e99850e66356bcdc74365432efd027e6d25dd9907528325cda13d94828388d2a1e1ec3c8ca548432b312a073732c96799783d2072414c91c60cc4f7bc86c

Download Submit
memory/1936-159-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-181-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-251-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-254-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-257-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-258-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-260-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-263-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-244-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-232-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-539-0x0000000003030000-0x00000000032A0000-memory.dmp

Filesize
2.4MB

Download
memory/1936-220-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-219-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-247-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-177-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-166-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-164-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-163-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-33-0x0000000003030000-0x00000000032A0000-memory.dmp

Filesize
2.4MB

Download
memory/1936-125-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-82-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/1936-48-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/3240-5-0x0000020BD1FB0000-0x0000020BD2220000-memory.dmp

Filesize
2.4MB

Download
memory/3240-16-0x0000020BD1FB0000-0x0000020BD2220000-memory.dmp

Filesize
2.4MB

Download
memory/3240-15-0x0000020BD06F0000-0x0000020BD06F1000-memory.dmp

Filesize
4KB

Download
memory/4284-30-0x00000192035E0000-0x0000019203850000-memory.dmp

Filesize
2.4MB

Download
memory/4284-29-0x0000019201BC0000-0x0000019201BC1000-memory.dmp

Filesize
4KB

Download
memory/4284-19-0x00000192035E0000-0x0000019203850000-memory.dmp

Filesize
2.4MB

Download