hxxps://skmedix[.]pl/

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://skmedix.pl/

Score

8^/10

microsoft discovery phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
5664	SKlauncher-3.2.10.exe

Loads dropped DLL 1 IoCs

pid	Process
5664	SKlauncher-3.2.10.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 339616.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
904	msedge.exe
904	msedge.exe
2932	identity_helper.exe
2932	identity_helper.exe
5540	msedge.exe
5540	msedge.exe
6064	msedge.exe
6064	msedge.exe
6064	msedge.exe
6064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5664	SKlauncher-3.2.10.exe
5664	SKlauncher-3.2.10.exe
5664	SKlauncher-3.2.10.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 3032	904	msedge.exe	83
PID 904 wrote to memory of 3032	904	msedge.exe	83
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 2716	904	msedge.exe	84
PID 904 wrote to memory of 3636	904	msedge.exe	85
PID 904 wrote to memory of 3636	904	msedge.exe	85
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86
PID 904 wrote to memory of 3200	904	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://skmedix.pl/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc5d46f8,0x7ffecc5d4708,0x7ffecc5d4718
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5540
- C:\Users\Admin\Downloads\SKlauncher-3.2.10.exe
  "C:\Users\Admin\Downloads\SKlauncher-3.2.10.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5664
- - \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
    "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
    3⤵
    PID:5760
- - \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
    "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
    3⤵
    PID:5916
- - C:\Windows\SYSTEM32\reg.exe
    reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
    3⤵
    PID:5212
- - C:\Windows\SYSTEM32\rundll32.exe
    rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
    3⤵
    PID:1964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
      4⤵
      PID:4812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffecc5d46f8,0x7ffecc5d4708,0x7ffecc5d4718
        5⤵
        
        PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9406548646147435309,10507727267095804455,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
170KB

MD5
7a7c53b2e50e30e7c05275f01dbe8b01

SHA1
b8390d10e98639a1ceab30470206665e557066f0

SHA256
4bd9eb5564b5094b8d17bd6cff5f51d47ebb69a00849d0ad97500a87938799a8

SHA512
300149fd79084d63c364c265061c306a94a6c291b8b753d98022932eb4a9aa751a9adb7a35b8205fe604238eedd98bdb264404a509b6d2ed6ba3b89c2cac94c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
52KB

MD5
c29e460e7a672785a507afbd3bc74f1e

SHA1
f0a5b034a617d92024e8202a554cb3f7b6610dbb

SHA256
9d81c56968bc73696cbf8cbee676f28914cc2592f1d95c626d7af035baf6c271

SHA512
c03e703341c7c88651f0b751d0b28bc59011cdc7240cb15eb8bed8adc2e54b9bea38d1e124267a4e95aac5c9cc81b287deb05349301ad58f1c4d59039064f665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
31KB

MD5
273cd4d27af6228e09e92522c188fa43

SHA1
f5e85f913adc81cc602b619691da6407e4dd04dd

SHA256
110d5394e6f62957ba1454eb9791531723fdf8565e92b567c5cb1da3849410ef

SHA512
b93d034baa06d0e3b482de899dba79cf33ebb5a9fd68e2f566109a7bcfefd97ac0ba4f2942c9917d5be42d41f78bb4168ef54b119bed4b994c668c005853586f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
144KB

MD5
178dab0da384b95963833e54161ecb3d

SHA1
efa42bf922d6baea1e76fe9764dc78d85374de77

SHA256
5fbcd0c503266bb6d8f6db677bbd1d61cfc32a8e3ce82313135a6c1b1a209bc9

SHA512
ce575a027e35af781815fa7cc658288417f1e325a73adfa24fd159cf8327f6fefb807a19169ea250266041827d80729ed227b846d6a8f1da310e3b2259a710e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
24KB

MD5
5ded271cefa70fa10bfc66c7e16c516b

SHA1
2f271a6baa304481050b5370b93b9283b32196bf

SHA256
a3f4d3f06e2dfbddb9b1be15a8acfe5ea5a71c32b0d1f58be6a30fc5c23388be

SHA512
ea9bbfa5774bf9b2ed5e2c43f6629f4499eaef7fcbba52ec3d3b3b5ba9c4a281000b0a9e71990cb493139f2e6bea3603101e476ac1a6a854a5846538ccb4f919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
131KB

MD5
eb93ee76dd0cead0b54107193b7ca099

SHA1
ed43bf1d0ee587ad1232e55e8588d248a65049ac

SHA256
0d6709caa6ea5f5aacf637db1d7635c02afbca2aa805f76a3aeaac9d6109aaaf

SHA512
26d1ff7ba5773dc406b919f229ebdaa18a0f7fdba7f7c62278d4dd71217626a87a9b0cc0a9d54d93f87bb776d648db3616a026e1e8b8eaf3b78461e25f04fd77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
67KB

MD5
05cb4b9f101e025994f9686f3999fd43

SHA1
7450f129ea39792645b56de215eaab1d91182fbe

SHA256
07fba84e209fffc2a8eea1a88ec8c77cc92644c9050b7669b212bf1db30663b3

SHA512
9fbf0e99a1f19b362d9e7e31dc0b6f0d49177cea922d9d6acbc1b5a84d1bfce40c3a07e123b5b47ed9a531befc9a2372be3393502b5f00221d74ae23fe80efeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
20KB

MD5
bbc50fd81daa634956356ebe01811131

SHA1
4430a7accdfcd1b3c9c9859e66c4215512083b5d

SHA256
49bdd4c96a6000996d9104a17eafd5a15443e9bd17d807df424bcbc4a9440c0e

SHA512
9d21a0ca98d07ee339631f494e423830c2da5de55f69bb5fc70f54627d3e4311c234dfc03ca77ad28fb64ce2fb28972e6422dd7b3cd76200402c25df67041793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
52KB

MD5
13ac5d25975854f43a8b85423c171b6d

SHA1
5bb989782d838bf809b0559979ed8ac565777400

SHA256
93b445cfa8bf48d5083869b248871d63377da35015e366998fde98cffcbc3524

SHA512
1a04ef8793be99d925d7511e9ebd64abd07035181b1c925ebcb19e04be2f59895a6e7817a349ed758a51ff964798c1020632012490af269df702d855ed93bce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
731KB

MD5
aca2ac9e8cce596b4b2634e178bad5b2

SHA1
044ba3cfa81281e5bd94b74db368462d91f52b76

SHA256
582fe1ed173fc4122f65819b94893da320d119610de7d93c10ba0f214242f41e

SHA512
473c8810b5858b6e89f4e929039ee381f58dc5d098378feac1c5783f0a484389e9f5c7a9c21735abc5c601f00516f6d77f9ef8926cda6210dd1d96c486e919ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
cf0a72b0777b553d5a1b26b49c978a79

SHA1
dac1fafc4e2ea7c4f8d3e194fed653729c68c986

SHA256
5c11333f71b4e6c62f9c9b3b8c7efa7b65b140ee510fc4aa2e22c0bed1222cf6

SHA512
43e8963b0a98c44efdfb50702601f6c79c79da9e065e1a6dbed969ed70af4caffce08ca1afaed6bbb0ee9a9b3afffeea09e84aaec5f68966cd66b86936811142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
20KB

MD5
e688553c6fbe0a656a84407dd3cf282b

SHA1
18853957b35a70d61285d19d6495cb1c06e68c6f

SHA256
d66c3d59dedd75e0c6407b736716303e2a19c717c912ceb4506ef580c925bf83

SHA512
dce4ad3e23a9bfab17b844ad45a5a49a1ad1ad5bccbf79444b59dbbc54a608bfda82b35fd36a166fefa032d9cf4782fa9307e1189e30933b320acc83b45a5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
62KB

MD5
4104b9ea0328b577bd0031b6d7fd2b37

SHA1
cfd42838588e984bc1c4f0941ff1e3f6fa2718d6

SHA256
a4c3025beb3515b0438086e8629c809e122b8ac8d1e0550851ec249ee7c0ef02

SHA512
e42391a776b215c251b62f2f8db3b0716a83dec8fcd36defb2bd6188bcbb6e5c64f189b13343a914ac2f95081804e0d8681ae8a573d10f518c0041b0e1cb6ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\076f93f1c77687e1_0

Filesize
3KB

MD5
22fd9c478dce8d8ff65aef891fc3d809

SHA1
43822b201e5149fe7c0605a6779fb216f91f2322

SHA256
ab9db87d5b5b1372ba0d474cae8097a8239871e6056179488d2b0da3e88ab465

SHA512
fbcc4e4bbcce2adef6ec4d159cdd8fd6c2e242de77e12ac7331c659e04e0da8f671b7a2db96719a6d3150447c4b6973b00ef22a7877d7c07c7eaa8c833b7abce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0d434d9a7d7ea8a9_0

Filesize
32KB

MD5
09a8d5d9339a9b34aa6140d164a2b670

SHA1
e24c6966aee024c41ee11fa6dbf28d02ec13aff3

SHA256
b2703b8263ad2c811a78064c3a2600ccf932e84f05a8ab6105a05cd6981b13cd

SHA512
e1a45be58650980a0d7f0c4c1161d4668ab2023e9199f60f341a817d0d082acee6219d4bf07f480b065ebea034a4d0fd4588593bae8dce2e8d066b3f87566061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c1822d4e42bd11d4_0

Filesize
55KB

MD5
bfb30ba0dcd312f193a9752cd91dd362

SHA1
6d112705c455360799168b7931ae5a3936bf7c12

SHA256
a6672dba25308b184cea909ea1473d45288169afcaab4be341144e7d90c7761d

SHA512
7de04b857e72e2b5367274876d769034d6ec0ffb68e14206f3b249ba3e9e54d4fee611b8e837336705d4e7b56f2253e4810be430099219772fde5d2174ce0175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c881f44da2953d52_0

Filesize
3KB

MD5
43a35003716a68793a3c53226fa196cf

SHA1
34fb0d79990966c78883ac2ab076b1fd49c69be2

SHA256
bc2f95a09398ae06a417713ed355b605dbf77ad359fcf07284a8173e24fc97c8

SHA512
dd5a4d953f4698bb78ef8313374107e6b9b22140021df0ad81ec3781ada8d3d35d5897b6b61ea9e5d519dfa88e535cd968ccce12d9cb594b76c74131d4d490b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bd5c3401c4051ec8d7f3c9145f9b60a5

SHA1
5bfb60a654ad4e6ab81919be143188ae1b4d9a04

SHA256
b40bc36f71617c5596b28d2753585e2e2ffe8042892b12254c91319b1ce7ca2f

SHA512
9195e3f52c266a7127f1ae5e704a6c401ae2bc4e275dca3ccf8e2ed70dc715362deb10ac839f6d638ac153037adb99af194d1a1775b844f7f69877124f238b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8576e5461e62bdc4b5c8672ffdb3c02e

SHA1
d4aea88ed6884cb5396d22caffa8c7dd7d8e958e

SHA256
27afe55c7312118d2a4b45f81f7899148de7051ad95dcaa42dfc4e40b82ed88e

SHA512
024e5c5bf90640b4cbc695d03ffa76153f39dd8243a2be6bb3265224c78eb94e86ae6a1e2eb655e00dff771ddcf9877f67fddd74cd5225fdfb43c8249ad85f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
de8627b14903adb58a01f81de084ab53

SHA1
c22cb24239efcb9ad5617c1ac491eebd6bc99859

SHA256
33fc5b231e6a61c8705ef44bc32d05178a8206f7606e54e0367466854fd70c6b

SHA512
b961d1ab2f377a16a841d218250777116ad46ef5491214b1526a74fafa3d71f1f5d07b4a1840c51f23a9b513ee8e1fee2dcad27ab2e48478dc3a64c833f765fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
6e8c4ca24c4c03f5184c0487104c62f0

SHA1
e6dae264e16d92d1bd3368111c9f64828e7e643b

SHA256
f97b87857c6d3eced15eca067739a728d78ea74a9f9c69668b7891ea3067f545

SHA512
fd2c7db8283fd1129da9627477617e3cd4c004070eb15fd76727f693a09610eb7412a7468a106a684d31107dfda2be5bee90bd94317efc0e038a079ad8171bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b2be9a16d762e7afd8982fee861c48f4

SHA1
ad840ea83df3808b68f6c8e63a57eb29fb95956c

SHA256
53695c3a79aac16373ce956e75a8b496c56a1edbeabbae797cf46ef00a062ed8

SHA512
102b0fd241f2f5a7878b9466da18e58a36c0817c2c763d4f3161abf3c29e7f500a77adb74dbfc52b605fb56d3e6132726ea2292d0221183d036965c8103f9eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
92afcf930c732269c39cbc7dc998b154

SHA1
ce8405e11e9c14914456bdad6bbab3915797d351

SHA256
de440d5e383f15d1ecd72002bb52d1625e5a8657455980edb263ddb1d974c943

SHA512
deb7753ddbfa8aec359506e91f4db2d2d50ab61505f42455db25390b93926c2d14a3a639094caed720456c7512b76d563eed61883ea4a8e17cd402c6f943a240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f4c96ccdb759ae90484fc1faf8e98532

SHA1
c6670609bc7fd88bd350fb0907fd14fb33f17442

SHA256
58d5253668b77c72fba50b031ae5ddad4a56f090b4b9da11959b9e645cbbaf72

SHA512
7cfd57f200655a15a0fd0e244312da646df974fdb3c87ab601b70890ea81cabfa7f06a254f977dea495b84b20e39083bd1af1328714ab6952c50dd60dceab34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c4b0146eb28c8b603f9fdce65e5c402

SHA1
07f0931580d36c4d215225e7d51ff32dfb2dc43d

SHA256
6d31b52d7743a5f958f133f418e13bc7c3c51dea9453db25c1beb9d05033da84

SHA512
dc75a77c7375e331d961761d77e325b45a520633773e895bdea1b39b9dec56cc0f5a1fc8731116c7ce50356626c5d844f307b2b20d4b2d28fc7d7bb1d48de2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5e2583950262f46ed928dbbaccd6c81d

SHA1
b1bdcbe219172f55ad4b175070957e1532c9a21c

SHA256
4358271d37cdf497b980945531cb1978239495d220a47c8f7fc6cf43b3fc3c46

SHA512
5579ba9c91f4afebf464b50d0efd60f259f52afc391dc88a18776f62b7ccbb585432017626e6bb6af3d0cbe40c9f02faf9fd80b4f1cf378e9a86ac77d5edf15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c2f70c3a48d882982ba819d6435d24fa

SHA1
37b2d02f6c826cf6908fc849da89a58360157fc7

SHA256
cd85e0b9bb999a752caa1f4f16f90a8bf0a2bc21f3275a9bbf66378e3e674415

SHA512
44e9ecc862be338d04f9e906117b99aa63b4138dbfd6b7e7be72131a6417cbc8e42174a677eed38ae576115aa893bc55dc9af328326fd5a587d45f937c683f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ee1294d721f10fd68efeb5d180ec6448

SHA1
28baec93000433e9d38345e2a752b5ceca4d9090

SHA256
b4aa400bb3eaa5f744ee72d9b9992a245abfb7e1a63def667d2cc27c1e5adbe8

SHA512
4cec2d6c4b5efee8bafcd89013abb6967a33bb183074d475fe2a884c77eb0308da23df3f2e0c561fce906118784eaabf39e9bea50eeda40b9cc3d78aaf9057b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aea9fe72e7d5b998e3cf45bb7884e11a

SHA1
5b8ac2566c805bbb04347ba57210b42354e66efb

SHA256
b141a4e4460c72c5f09d7259b34f5dcc93abdcfa2d5dbc2296a4818de79f52d6

SHA512
60998f9a34f04a504581cc22125aa787c8481bc9620c8aa780b6c2ac12ca5848671517453852d368cc58c8a8d74ef7052de700360f2623b506dc379353de7c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fabdfc793f661ad5d1e374512638d09e

SHA1
9e1d8818c6d5707942033432e14bd48afcd93fb8

SHA256
23757aafe87b39bcbf0075fdcea1e9d0aa959e0c4d6e755433fb832cf6e0958f

SHA512
c4a744dc40b280ea1b628d52aa71692b8224bccbfbc3d7c4da52d0ce8ba2b84bf3bc2a95e76ae7d9a0355e531aff23b5cbb95a15eb31f96505f887cb5920e967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dd4d2553e4abd09f5635453a7ebd1e9e

SHA1
863dfa9379fef43d7d3aee310356c743eed8265b

SHA256
fac6ad6aaae0aa002ac1b6fff580a347778788ce58daf07c09e1b10be73dfbe9

SHA512
e7d749d6bd9b03c0183565c68d9505a2e9981121e959b272fb7d0f81dec058e63f24e913b53ca8f2a293d15379a55c335f76cc5185c4d35b213e2c65fc58a0e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
719669e758cb94980684561b76c26008

SHA1
6195b19f8808eadde02d8f3bb95aa3b225d1e899

SHA256
0bb2c02b0fa9d3d765758f13da97dd6a1301538e470ed60f77fe0df41945c54b

SHA512
6ecac6ef06b7c855eee0c97b0164f069ad40b250f8d6fc2edd9d3ebd90e55e7405ee03397c67f0ab4ebf4bf08af41dc241140c55dde930ecdf39d71cb82bb039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
40d3ae203de61f220c28bce1a7c4b810

SHA1
cd6f33a071991fa2ddaee28ca9513b08bf849869

SHA256
27efec249ef655c58bb7116a020b51a08181d961d8a0911623a16aae84190465

SHA512
067604576be343853f018f8bf11131ca47b78f419256bfd8f27ecdaf53772a95af0dc0e49d95480a2c448974c350558b6647daec6cc48ce4caff52cd839d8413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58296c.TMP

Filesize
371B

MD5
6e0587d5983feff2fc77517671ffb45f

SHA1
17f9a78afab9b3ca80eccbfd5713709a93088692

SHA256
61996f3412ff996c72a888bf46a9fa5205647c30fff77598e943d4168c16ef61

SHA512
3765f99509ef6d7f1377cc87905e63897b7cc3e90d84ef2f7c968ad934b51677929e5239c86cec4165194b26dd28933426f0b60518ec08940852b9fb2dceeaa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1f099ff8866ac09c4445a9205c8945bf

SHA1
78533d216929cae9a4e14cf84dba851af4be6052

SHA256
54b45864680442909e2ec29b44322359209ce700f24e9c6d2e43a7a485059e62

SHA512
4117ffd865ded6cc5fc906a02d83897d6f0d505ba764406c78b6f665066cee99e25faee03f8f888b2cfe9c61157c72d934be6b7db6487f4e35de1c766e79d19c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4781a3976c28610ec387d6c4aed41633

SHA1
d17a2285a1d25e3b90ba2c4cc91658168dc43416

SHA256
8a11f3cdb9dfdf63515629214624984d0b0b5b12c939753ad532e2712d3af27b

SHA512
2ce5021e9c48b62c5dd6cbce4d901e12fefabbe6af59df0961d50bfec2e4d5bec9f50c8329e47ad6e106c2fb0832afb7fb9dec244ead140b5056dae9b2806d6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF2371349827871876531.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF4748880873493145835.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF5945586538956317265.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7B65.tmp_dir1731877511\SKlauncher-3.2.10.jar

Filesize
1.1MB

MD5
1495e81aa573744050268cb330af8281

SHA1
b67d9bda787a526c79128179e5000924bca11dd4

SHA256
3ce7e5aff85320e1d393eb34e918a6b71a667bccf08252fbdd512443e5d62f9a

SHA512
e321e4b9243815b4d0b3ab34c380c2b8da0e8e264b791018a4385967946e8cf320fb5bcb695b7aa75e5a9420ae6ced6ea3c05ecfaedb7a1a6e02a1438a2c9d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-5363118524690.dll

Filesize
23KB

MD5
8b9f16320499ece60d7ff0c1249c6df7

SHA1
cd8fc57c064533df66f0ceaaf5d76f8c4f8cb3a0

SHA256
f8a3af19341ac0f12f55ad28169d22b75aa66ed818692541307393c22f986727

SHA512
97384ee1faa1be807388f4077fde5db94010f06420b1ff3a05edf77fb91c9a8163b0a91cb1b7e648c0cd8c4d599e552050f64b8f7c5c81c1be60cd35f062e9d3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

Filesize
14.3MB

MD5
1f5e761bcd1d9ea6e5ddf191a0666add

SHA1
62464cf46ca6104b261d8e08c9c3fa565b7d324a

SHA256
6598b69de6da68c58343c6bff478379eb8bbdfae7c8c26e3994a209816a81b5f

SHA512
57256e99812caf4d4b787896db3d5355474ec90f38ae24f3bef7863866481a6507bbc89144f34f97cc9e22a2bf5dff472210f3edd86f024e170dc7cedc91b4a2

Download Submit
C:\Users\Admin\Downloads\SKlauncher-3.2.10.exe

Filesize
1.6MB

MD5
ebb40145a6bfbed88859e41689315d82

SHA1
7bb2c82ef24ef919d04592930bceae039f78aebf

SHA256
e4baeaa3c58628acfd7058b9d434ab2e6a7400445f55685169a79f045810298c

SHA512
67c6601bed14363e6850d93cf2b90c1e4f69c7cd5098d548aa0f378fb42dc6e32fe52cb81aeb232a365a3edb24fdc6ef46f6400cf1709e1d5ee22fa4ac4e07ae

Download Submit
memory/5664-707-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-830-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-841-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-844-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-847-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-850-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-853-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-857-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-860-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-869-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-872-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-874-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-873-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-838-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-826-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-827-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-825-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-805-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-765-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-747-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-749-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-724-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-712-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-666-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5664-631-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/5760-593-0x000001BDF5D00000-0x000001BDF5D01000-memory.dmp

Filesize
4KB

Download
memory/5916-614-0x000001D349C60000-0x000001D349C61000-memory.dmp

Filesize
4KB

Download