8b0df603574c14809359a81518261055d491863a28f3c32a4832ce547874792c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2025, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.12_Setup.exe
Size

3.4MB
MD5

79e973d7cf9069f758dd382bee60ee43
SHA1

0d1c6bf48ec6be84c2648575db5dc819e47d2ecc
SHA256

8b0df603574c14809359a81518261055d491863a28f3c32a4832ce547874792c
SHA512

88094aec244ce5b9a10d36a184bc1567ecae73cfb30e3f51923467b93d3bff965caf0ab19cf63c658bad09ff4445a4ff1b65ad726334a5105b9947d64f7ff239
SSDEEP

98304:jr9jbrLx1PPvuHs5VAhRPD2Cr3ViRp2z0:fB/zPvuMgfPD7r3d0

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation	javaw.exe

Executes dropped EXE 3 IoCs

pid	Process
5372	SKlauncher-3.2.12_Setup.tmp
3076	7za.exe
1620	javaw.exe

Loads dropped DLL 64 IoCs

pid	Process
5372	SKlauncher-3.2.12_Setup.tmp
5372	SKlauncher-3.2.12_Setup.tmp
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
238	388	msedge.exe
238	388	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1976_1374575592\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_974992618\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_974992618\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1976_832500581\_locales\da\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SKlauncher-3.2.12_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SKlauncher-3.2.12_Setup.tmp

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	msedge.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133887714469924357"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{55095234-359A-4AF2-A023-26AD7D90035F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5372	SKlauncher-3.2.12_Setup.tmp
5372	SKlauncher-3.2.12_Setup.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	3076	7za.exe
Token: 35	3076	7za.exe
Token: SeSecurityPrivilege	3076	7za.exe
Token: SeSecurityPrivilege	3076	7za.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5372	SKlauncher-3.2.12_Setup.tmp
1976	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1620	javaw.exe
1620	javaw.exe
1620	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 5372	2544	SKlauncher-3.2.12_Setup.exe	86
PID 2544 wrote to memory of 5372	2544	SKlauncher-3.2.12_Setup.exe	86
PID 2544 wrote to memory of 5372	2544	SKlauncher-3.2.12_Setup.exe	86
PID 5372 wrote to memory of 3076	5372	SKlauncher-3.2.12_Setup.tmp	97
PID 5372 wrote to memory of 3076	5372	SKlauncher-3.2.12_Setup.tmp	97
PID 5372 wrote to memory of 1620	5372	SKlauncher-3.2.12_Setup.tmp	99
PID 5372 wrote to memory of 1620	5372	SKlauncher-3.2.12_Setup.tmp	99
PID 1620 wrote to memory of 4536	1620	javaw.exe	106
PID 1620 wrote to memory of 4536	1620	javaw.exe	106
PID 1620 wrote to memory of 3156	1620	javaw.exe	113
PID 1620 wrote to memory of 3156	1620	javaw.exe	113
PID 3156 wrote to memory of 876	3156	rundll32.exe	114
PID 3156 wrote to memory of 876	3156	rundll32.exe	114
PID 876 wrote to memory of 1976	876	msedge.exe	115
PID 876 wrote to memory of 1976	876	msedge.exe	115
PID 1976 wrote to memory of 5484	1976	msedge.exe	116
PID 1976 wrote to memory of 5484	1976	msedge.exe	116
PID 1976 wrote to memory of 388	1976	msedge.exe	117
PID 1976 wrote to memory of 388	1976	msedge.exe	117
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119
PID 1976 wrote to memory of 4284	1976	msedge.exe	119

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.12_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.12_Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Users\Admin\AppData\Local\Temp\is-TICHU.tmp\SKlauncher-3.2.12_Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-TICHU.tmp\SKlauncher-3.2.12_Setup.tmp" /SL5="$401CE,2553666,803840,C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.12_Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5372
- - C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\7za.exe
    "C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\7za.exe" x -y C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\jre.zip
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3076
- - C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\javaw.exe
    "C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\javaw.exe" -Xmx512M -jar "C:\Users\Admin\AppData\Roaming\sklauncher\SKlauncher.jar"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1620
  - - C:\Windows\SYSTEM32\reg.exe
      reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
      4⤵
      PID:4536
  - - C:\Windows\SYSTEM32\rundll32.exe
      rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:876
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
        6⤵
        Drops file in Program Files directory
        Checks SCSI registry key(s)
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:1976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffc07edf208,0x7ffc07edf214,0x7ffc07edf220
        7⤵
        
        PID:5484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1896,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3
        7⤵
        Detected potential entity reuse from brand MICROSOFT.
        
        PID:388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:2
        7⤵
        
        PID:3224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2488,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:8
        7⤵
        
        PID:4284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
        7⤵
        
        PID:6124
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:1
        7⤵
        
        PID:2040
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5004,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:1
        7⤵
        
        PID:3956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8
        7⤵
        
        PID:5960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5204,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:8
        7⤵
        
        PID:3256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5584,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:1
        7⤵
        
        PID:4704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6028,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
        7⤵
        
        PID:1220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6252,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:8
        7⤵
        
        PID:4108
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6252,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:8
        7⤵
        
        PID:1248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:8
        7⤵
        
        PID:3668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5872,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:8
        7⤵
        
        PID:876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=4048,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:1
        7⤵
        
        PID:5980
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6260,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:8
        7⤵
        
        PID:5232
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7128,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:8
        7⤵
        
        PID:2444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7116,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:8
        7⤵
        
        PID:4000
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5300,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:8
        7⤵
        
        PID:5516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5384,i,6730768191509030898,4488327656883712563,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
        7⤵
        
        PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4128

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4000

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1976_974992618\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1976_974992618\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9d5b510a-8983-4932-896e-aa90560d1662.tmp

Filesize
17KB

MD5
aff066721f1d54c82fcde3e71296669d

SHA1
83f47faa2eba38b7c9070799220e96c12ed26e09

SHA256
9068b17c3561aeed6ff4cdd1641d228b726bf02468dcb5910a3027893e75c8c4

SHA512
a58d240b2e6027a5d052082a4731afd8b3bc0277c3c5e9b3e9a23854dc6d1bf1a981d1f1894a3989c4b2507e831c655590e6f19afdc8c54173a8266e89bc0229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a1491fd634ada7820df0bb06e2c503f6

SHA1
4ce0b213d4893854615e60ee899e3b4173c1fc58

SHA256
1bbbb6f90d623633d891b88eb02c90b1ab3f41c78be8a132f85cd7cca8462ba5

SHA512
95ed48d334f043e07eb4114f92dc38eaf82074a901980e1eb3541c2f960ced982f85aae9bb52aa506d8ecb745f46d42e115a054d7dc5fb7fcab685cbe9817b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58ef2d.TMP

Filesize
3KB

MD5
482d7b43612cfa1aee9cf7f14a47e39b

SHA1
d851e237249fbc64e2fad873c07b9c8762398853

SHA256
84886e64b76825e6d9d2be6dd1de0ac3bbc137ecbd760c32e9de517a99aa8f65

SHA512
69e34e1c3aa0a3c7fbaa33992a0db923b72eab36589b3bd9540627863e89340fe896af367c2a226f5a942a112407ee82562a37d8e481e2e7edc42da2383230c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
96f31e01900508bbf0420a9ea69cb83b

SHA1
e110d13ba18c3a75d6a82f35f79845ce3783ce3f

SHA256
4f1ede350c431de87917b13fa0ebf00ae107248b347132ed5ae27108831d4362

SHA512
10b16989640bd3f5f0319c54b29f5e34268ea3261454985678ae6ee1282d03496831038049d0559e56571947176d33f03061fda3d7141035fe4bc77a4a99e031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
a64158b2d7e9e5056a12e7133a5b30da

SHA1
817e15a00a70cf821608ab8093fca5ddefb52240

SHA256
a06338622f060a325f9ea634af33a99a020e20382e89f9c8362b38d03c83721c

SHA512
1da4b616dcc75d9566878e788cbded3bb96b1d18fe78d7042a0cdd3deebbfc3ff8638303202273ce83e3be3f31939e683541370d6d6da556f33eff053409a14d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
d136421577b5ba31d6a9fbd966b9a967

SHA1
39b6c03876d4474b0bd34a684a48987b5b5cd863

SHA256
ae79dbbfa0ff89383adf9fcd8a41e2fc17184c79e6e175bb9bb9dfc13e12bacf

SHA512
a704d67ac2769d60edf45a473b6de61d4a2de2d85825e5969a4c51f2b93cf604fa751abd701ec413db302550162bcc25d708dcedd16f4f88c57f8bb7d92d46fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
e91398d85a37199e466547eeb51376f0

SHA1
6a9b2706f0dfdad69e1e6afe77f3a1ff9e0dd598

SHA256
081a3c89a80475d2b1c0eddec9097c5cfdaa34cff4ce8d3ad32df4cad0ebc4a0

SHA512
e571cc51617182f63db00832e17cbe93cc4f733fce8fc9dc9518c5a485907bb160291ac4c3ebd9834d6f1f22994d1d0bf11ade10c36e87cb84a5d00a9df2d0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
195e0ea96b371724deb7702ea7bee3df

SHA1
6cf1090bb1e23b76a69d84977f9812d301c265c9

SHA256
c9eaa11a5fb2d9f941ff561d901994aed2a097460b9c2d58352ac1eb7d556525

SHA512
e49c08c277b2ff852d6423fca5e25f07f488d708fcf51613f112367cb510a910d22f7a32cf397eb52df03d9fea33e1d978ec3b3ba7fd19ed48d36ee095fe3c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\fbe07c16-c113-4b88-a512-09b1742efdd0.tmp

Filesize
23KB

MD5
fcef472c8decc94405b499cffcfb55d6

SHA1
26b2d7fc16fa45d28a85225a597dd1db28b828e6

SHA256
2c05dfbc217065345886ce819a087deb182dc578ac8fce0f9a827add6e5234b2

SHA512
bec3866e54552458ea16284ed5f44cede2659b949142fcd2125239af3a057a0f0291407d196d1a1a203f627af45d2c6deaffdb904f6c5e5b53f49993a510a1d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
47ee642952d91189f9c42f705743f9db

SHA1
8d622f938d716a53aca96f1992091d1aa5c65a43

SHA256
26e250a3098ecffc7033286f9a32c155d31e4f5d3b3d40949e209fc6f92809e2

SHA512
a962fa405ef02df3adce448583ff511d61372df258ce6d719ea9029df4172f4b4de9a06e77470b37a168a7958b96689746cda9766172fe13ea20f10143532446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
69f59dc33589eaafb8fe1e455a5441a8

SHA1
b41e67678eb33d2a65f31b4cb174468f3896c017

SHA256
d9f61e09bd0738244b524b7ea4641d45661af3f222ca5d936071397c4083a582

SHA512
596c45557ad4e86e2f4d806a0239953a2e8ff5439c3a813c2c7195f1a21912b038c93785ce8d022426526dbbacf72b1ea5c9f185560850d469b08ea25ad28618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
caf53b64802595cdb08eba27e18d1ce8

SHA1
d439f47bfa71e9958c30adde68d5b6b091053b94

SHA256
7ae4621879162f3247dce44a5cbc5fe614db61f35ed8b4972e4074af51762dec

SHA512
c3774b6223e80f3122ec0df6bb77fd0f41b0a3ea503954c41ffb2209e9928f884982e7f505c0f1538169c7a0f22213132a2df88ffef714cec313de23bee14f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
d0a929193c7fcfdb344eef40366352d6

SHA1
2c45892e78b2d053f08606f9f05b07b661ad675e

SHA256
7999de33211b262e21c4cd1c75c85c9046566ca72dfdffdc49182a2eea1b8297

SHA512
0d37387093b62cdde9e952333056cfe692130abd40acfdc1184e07ecf26b7b9077b74a6384f3217a9c0f275b52b79687cab781ffefb770ffe6ee0d46e9ec2a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
ca88f9a2397892ac19f51d393858dd20

SHA1
9006b269ae6b7717f1b2009254d1e976b4f078d4

SHA256
3b1c109c84472b6254cf2c6a3a93425e4f6d41a57eb30643ac117107a5babbf0

SHA512
2b851a8d231f288e6d252688b283c82c05d3b4c02dc0e3a45484b49e2992fc9ff60d7f6e3029a59edabc29fa73b8d47bb74df2b1c84eedf4f90613c0c9fb551d

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF14980257317839161526.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF6595638289736889684.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF8237415910641039012.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4971724698900.dll

Filesize
23KB

MD5
e5079af6f3aa197eefa2ac6802ccdf32

SHA1
afeac2f32f9804f5cc1f4053d246380892e63974

SHA256
dc130da62ff3a8b7ffb664204ac38aa68ea466fe8b2658bb7ea2de49108f414d

SHA512
cf946ed4dc45ffcb22c6b3790f2c5abe7b8f8ce60e786bea143381c234dc94083313004ac18ecbb3d3c17971fd38ff904d6702a5d9f8c904bb9125e00e90969e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TICHU.tmp\SKlauncher-3.2.12_Setup.tmp

Filesize
3.3MB

MD5
a1140e85ca5e398094523b5d65de46cb

SHA1
a4bad568dbaf8a52f4bb876da8067ebe38b3e432

SHA256
fa266f1b259c8bf7d2e3c2fad19da5390d90d01cab3743ef1e18a9a8c89338e0

SHA512
349fff37337baddce730b0b022dae00ad3eb2f33fcc23274579d26cc9bab5f2856bf31e42c5e156de0df37f18d5c52c3de9bb8f1c72d60248cdb76216da9f9ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\7za.exe

Filesize
1.3MB

MD5
c58a4193bac738b1a88acad9c6a57356

SHA1
66e5bd096f4e20e0423bc1540bd2b880b150d9a1

SHA256
fbb3dadcc29bcbc5460484d858c5f33f99e5317f5f6cd8d9c83f4dd8c39b3e30

SHA512
97ca384562fa9e49d0b32486ae181a4474c5277f2b48cefb2f4b479ae6797e1369a867cf8e5b39c77a10e38970de62f3ec43f1beb1b4b203c4110afe819f2cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-0.jar.sha1

Filesize
40B

MD5
018677d1accc999f9adcadf7e9d2eca0

SHA1
b86c7833259f8d170fc13731da046c85f4546b05

SHA256
a1f58b506c61eb64f9d38183fa7002a7fd5f7dbecb1f3bd16d1c5a7f181df050

SHA512
ec768e3152b4cb3aa1d228393a539e39b999f7964774f7291255e0e1130503972f8631cb78526bfc1cc6fe507fa6d0817f676dee92a64d1843e99801244974dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-1.jar

Filesize
5.7MB

MD5
c17fc8947177dfaaf0d2d5564468b3f5

SHA1
88efcf6f439b36c17bd467630f3942aa89d7f37c

SHA256
6f8dde0282b96c215f1d1b7638c78031ddfd970e6e7f8d6834a723ebf85be6ae

SHA512
84080941623407e3c9f6d6123c399037571a9dcd4e7e0df68affea7661e1a28887fc46e9cb4a0a50355f0232e34159ae3a3a278a3380beebac39cb2a020e2c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-1.jar.sha1

Filesize
40B

MD5
cb19a3834c52905bbc7aae9b0cb884d8

SHA1
69796c5f90088edeb9cefbf12708c60dd6776bc5

SHA256
d8e035498ba5918acb7899067177fdefb3300d7690419ec6b564e49902ab0160

SHA512
2c36a8653198fe67fc7c552c13d88530206bfd100d6b26243901ba6c8c41963e5094e39441c0ff66fd0b2839e69d5ed15dbcbb509d7d443dfa1c1f6a3582ddaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-2.jar

Filesize
2.5MB

MD5
481e60ff6432b3816d78dd3a94d6c89b

SHA1
4553548f8b569b5f7da7f9d93460f059dbed85dd

SHA256
0ab89fa8531f5d6f1a15b6c76cf5a7d44e60e273932ad282b29b8dd324e725ff

SHA512
7a92d3e5f71a8ccbe4d821b0b3ec0a37e6dda64df9dfaf660d103d89d4f716a37d7fa831c5edbdc8764511a009404458e57e5d9d84c73d0d06b580f7db395eb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-2.jar.sha1

Filesize
40B

MD5
716529fc440ccac9b9c853da3cdaf779

SHA1
cda19f161768360b3ac7a3864dd7efeb961c74fc

SHA256
d147881dc89769b2b4c524d01a1e498aa228eca808f18755a5f1ea1742b00546

SHA512
5a845b6cf674ea14670c50812761886ec4f7527da96e28c75a50fd552adef3f5ac2f532aba19c19293e6147ff715b8fcd69be607c20aefaa6d277dfe7f6c72a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-3.jar

Filesize
1.1MB

MD5
6ad87d83a49a3b25fb5e137038b2c5de

SHA1
5dfeba2fb52aa7e896edeea18c86ff1143c2a7ae

SHA256
6828f4fd83ac7caeb7e25c21e4050606d384baebb18bc3b1f35cd866020757cc

SHA512
f2503347747d38e1ccd4d344b10dc0856b1bbf443b4b0d7d4b3a9f5f6c3d4a5a4e8b7ebae45abee2ba15e81f42fd4d106be4715e56c06c8694152b741a96b1f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-3.jar.sha1

Filesize
40B

MD5
1c6267fed13369e1f1bfc9210c2072f9

SHA1
13c9753c31145ab1039e66261a0f4e47d9775d93

SHA256
16309d1718c54dc502e50a4918fdfd0b24ddfaba28ba35bca30c89d42fab437c

SHA512
7e9dc8670f236608b4f4dc3ce76b3a774ef4080b5888d12d56429e2a4a458cf16c2f9151fc191aae075a8fff7f473cb249f0be1b863e4086a57262b95685a757

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-4.jar

Filesize
88KB

MD5
bd17f851cec71e55199ef7b5022d1af9

SHA1
ed85275a7530ec35206364eb4dea408174f7c226

SHA256
0dc9f29e41cf9be601990c270f84b2f6655e4d95ebb27ccc9cb0953be50d1229

SHA512
5ca27b2a63b60ed2a5f0f03fb86694e354d87654c34aa21fa9d095871e6ea0757b5629c2bb1743d80c38df577632beb2a748721246bb0b6461b134f4b5438f60

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-4.jar.sha1

Filesize
40B

MD5
69ea2a2068660c846ffa2c183719c7d9

SHA1
9387988c80f19e1482d1cdea62d386084194637f

SHA256
c3473edda477b297e19bdbbdfe306c1475d93addb21b80f923ddce3fe822556b

SHA512
84c9fe4520f4f5d84a2056091f6a85389d27fa039d6fb19c26b9e6a6810478a08d3b6afd38aca3a1c5593c014e7e2fbe0b4f6bd731f7225cc7c3e32671398c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-5.jar

Filesize
30.5MB

MD5
578b20d6bf1beccb7e8895985159f2c8

SHA1
23a64a0c4cba3da91349df902caa99074966e0f0

SHA256
5f3fb26455c8d8d61f6b1080483234cf8b2cc1b8e44f5e9e50ecc176d2a064e1

SHA512
c6636acceaf80f1b523af5540c319f888b17189ae6a3e1cf1097a4ea708dd4e4477efe536b93f669bf9cc8eb706dd02ccf2418b61c0aaa062d4484c2fbef80b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\javafx-5.jar.sha1

Filesize
40B

MD5
2d229e9eb16dddef81318279a721336b

SHA1
eb86045b32bcc4657a6704d9d5591a39fcb6c3a6

SHA256
b52f2348ae1c287ea01956214bf5b74a0ae4aa1d96fd5992e35848194b85aaf0

SHA512
534ed4e0258adc1f9c74624d116a7898b79cb5f9858abcbeded66a15fa6acf3b695f4836a81664419f0109ae81610bb46e1a4db03e8b6b02ea78acc5a1623408

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TR0MS.tmp\jre.zip

Filesize
46.6MB

MD5
fbf605cc3189e0cce4627372b37ad26d

SHA1
963cee5f91c57d3c45302a58df6dd3fa03c49f8c

SHA256
707c981a4ff9e680a9ea5d6f625eafe8bc47e1f89140a67d761fde24fc02ab49

SHA512
1edfea472fd10a6165b50e4e684f42d0d611a3fbb8a0503ca04500b549cdab17e122bf85f5ebee1bb44e546452d4904c340a8b2c3e0c2798b6fcd36c61775961

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher\javafx\javafx-base-22.0.2-win.jar

Filesize
739KB

MD5
239410d2a0ebe901c2baed127e865453

SHA1
0c109e43bc5a7a845e7bcc1f01f6a5204027cfb6

SHA256
17154354881d15014510b55361999931240f03e247023409171b83286d605776

SHA512
3dff24e22c610517856e51a7cca9161ed0ce9fb07e57073d371a6dfe1d9e0c4dcd685ca2cc3e40e948548fbbf05e502d83086ff46a04283514061d06ccd4036b

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\SKlauncher.jar

Filesize
1.2MB

MD5
5b67c472ea94d09f540d598fcbd18f73

SHA1
32c8d9cfd44f0a6b622fc287c24f6401eafa0d3b

SHA256
a3912e1e9b4e3b2d5362c91176444c7d5b1a15437cb827f123e4ca2b0d12c3f9

SHA512
0b1c339fb0ed5d2e5739d6e31b6a322af8f133d401e386992884d8f140705b719c5f160102fb04d834a37d3530cab4b5c36759a06dd453368a6591374260b16b

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jdk-21.0.6+7-jre\legal\java.desktop\ADDITIONAL_LICENSE_INFO

Filesize
49B

MD5
19c9d1d2aad61ce9cb8fb7f20ef1ca98

SHA1
2db86ab706d9b73feeb51a904be03b63bee92baf

SHA256
ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9

SHA512
7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jdk-21.0.6+7-jre\legal\java.desktop\ASSEMBLY_EXCEPTION

Filesize
44B

MD5
7caf4cdbb99569deb047c20f1aad47c4

SHA1
24e7497426d27fe3c17774242883ccbed8f54b4d

SHA256
b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a

SHA512
a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jdk-21.0.6+7-jre\legal\java.desktop\LICENSE

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\VCRUNTIME140.dll

Filesize
117KB

MD5
caf9edded91c1f6c0022b278c16679aa

SHA1
4812da5eb86a93fb0adc5bb60a4980ee8b0ad33a

SHA256
02c6aa0e6e624411a9f19b0360a7865ab15908e26024510e5c38a9c08362c35a

SHA512
32ac84642a9656609c45a6b649b222829be572b5fdeb6d5d93acea203e02816cf6c06063334470e8106871bdc9f2f3c7f0d1d3e554da1832ba1490f644e18362

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\awt.dll

Filesize
1.4MB

MD5
f53a79f9ece055fabcb34892e7c23e97

SHA1
37df77f26d5a140c1eaadec2fcebb76a0ec2ef8f

SHA256
a075075615c205be87d05c8e99ea33565f97da9ed3e1d686821cbb29e99f6f00

SHA512
0a9dee281f55855ff41214ca55ad8ecddebdd2c726e183f2a14e92b3d0752b5883275c9c6a5e91813f11feeddd5c2c7d5795b7a35ac55fe44502c9039838c8d0

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\extnet.dll

Filesize
23KB

MD5
7bbdca5c76125708d387531519e8a1a6

SHA1
2e5288a449dcd1c0754cd8445f8b327e64b44394

SHA256
9c1342869bddf9439bc36e18b64ed71ef6840beea2e2ba29f3167c9ca58c7ac6

SHA512
db5908bf6068f46ea4a6f24c0a0bb666942354ef166daf4d4dacb2f6183f713e35a30d1c1388f11e2b8d95589cdc9553909f9209626318f9bd9185d12de1fffe

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\fontmanager.dll

Filesize
860KB

MD5
a9d8b73b422f687d784ff790cf0d1879

SHA1
ff0e37bd3f32945d5185b07210278f7ea84ab568

SHA256
2e8dfe3e3e1ebd99deb538f54d0641a4598508fe1116a2a3efbaa9c0376a8a7e

SHA512
723b9aca542fcbeb4b10adc81ec75aa0c3dd2385e492315d43153d429dfe7a1ae0bdac029258141c97768670903b3d14ea7f3b184a94a166b689ecfe87b02abb

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\freetype.dll

Filesize
535KB

MD5
168ab8bc5488c25bdffb2898a806e7fb

SHA1
87b8ae6884b09206ab90f9357ff46c0569d93d4a

SHA256
f18766eff9b8193c3d0105d5f77b4015e3f086b93d55bef34babd28d51f5397a

SHA512
cf9069c1ae246e36f7952591c22816742b92093a81f5245f6fac29c9c26001c40b33f4668ad051f5adf93eb35b515a183b020c708aeed5e8c40828378ebb7a8c

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\java.dll

Filesize
118KB

MD5
b8f9d4e627536e73ba387de89ea1a175

SHA1
ad64f514572a512e8e80c458d23a931fbdb99705

SHA256
f474176d8e3e8fb77596cd0f902c576cc954d17622aacb2c474404395a981ce3

SHA512
1eea44d4ad4a3062b0230eeaea33e9962768e96bfd49922baeba9f2352b943caf5b24d3095cd1f3cc39ad431aad562b511421f52267d52341f0a1b6a49e72e71

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\javaw.exe

Filesize
48KB

MD5
8f3cea4ecc6d33e6774a71521df84bec

SHA1
f5c861c029954a95852dde3623677ffbe4d575f6

SHA256
f162274fe8723a859e70b863f83e02a95b418812932d94ea3c9105f0265fe48d

SHA512
e6168c296ef64505d9214970cc30a92bb04c92963186e3d8d3d916826f322366c1425b2cbf64b383bd75610e061f1706918cc375dc994f778167d135f6077b08

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\jimage.dll

Filesize
32KB

MD5
21a02272f514787cbb894834a86db8d1

SHA1
27c46d3737aba5fa4719bb169157383bc59fd6b5

SHA256
0bd4173c377c2a8369803adf92862e314745e7e01a44edd2685060cf8699da20

SHA512
7d439d3ac47bdb030aa8be964bb9c02fde66325af157f9114e8d9247068ba473922c456ed203d5deb393711ef90c01ae6e0bd97419c81faef95779dc681006f7

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\jli.dll

Filesize
87KB

MD5
7343522fd185f72df3abba7ff67f2db6

SHA1
3a5a3aa04f8249e4e39da041ff7a8e2014ac14a1

SHA256
7dd4a08bbd29ea590dd8253332c6e33df4f9052a599710e4c30c9eeeed9db35e

SHA512
39956e14e6c84f04c7a17b403ba0c3ee9f5e76bb7b1b27c8124f212c1d24d429e4a4afa166f8ea915ac1722af1150e7faef2c5eec0c1b5c46ebe7b6ddb182029

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\jsvml.dll

Filesize
849KB

MD5
ae0ffee3c346d1c7fe6d0738069cdbab

SHA1
64218372a65e90a39ab04ef7b02dec714d0031c4

SHA256
9b8a36cd33b25bd81388208784d19a137f685b14b7b81be77bec4a9471c7d6ca

SHA512
faff265b2660d23cedbfe9a0363e68b9cce89a3561fc35ff21df76db1a4f6bfef01b4c3e69be50aabb6e96971cad9f0148370b5a0f5fc12b717024f756a8d278

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\msvcp140.dll

Filesize
561KB

MD5
72f3d84384e888bf0d38852eb863026b

SHA1
8e6a0257591eb913ae7d0e975c56306b3f680b3f

SHA256
a4c2229bdc2a2a630acdc095b4d86008e5c3e3bc7773174354f3da4f5beb9cde

SHA512
6d53634bc51bd383358e0d55988d70aee6ed3897bc6ae5e0d2413bed27ecff4c8092020682cd089859023b02d9a1858ac42e64d59c38ba90fbaf89b656c539a6

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\net.dll

Filesize
58KB

MD5
cd0c6c6f6a96364d3211bcda4d903b5f

SHA1
adfeac52d9ff3161a350a6cd1820f8ff0e08eedc

SHA256
1530c4d8c3737e04910137256d0513e20bff854b08c0a830da73dfbacd27be60

SHA512
2e3bf431fe16f152c5b85b4ef3f497499220845000c886f0facfcd66558b00e40f91c0c9aff112e31a62ecc927b515d46114659b86804cfe1b09ade253d4c91e

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\nio.dll

Filesize
78KB

MD5
d35a0d9eb225eae4b3d4a719f4d42b2a

SHA1
83fc1791b23bc90a112ccd9a57e6cf88f21f6762

SHA256
abd40c27d299fd26dc0c0e030257a1db9d1f3b330451671073bf0f5f51f5911b

SHA512
23706c74fd1b40915d1fe19e2f1cf2616103ce02c89fc336bd7b17d7466ebead53947941addc11e921c4ca155a1c3044bc30875821fc2cc17fed11bc3e248afc

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\server\classes.jsa

Filesize
11.9MB

MD5
769b6dc1a3774e669ea7d6818ae51931

SHA1
b567381f9ae0beba02f1531b07421edc7c6cdbaf

SHA256
c3804e09ea26e6adedcf471056068685e53a2d1b1957713f07bb117b18541d20

SHA512
cd0806cd82842061271041b4ee178342275b66b701081e20b9700c0975d59f46077af3adfdf6ae4cc86a51850c6d1e0cefb911234df72e3be432e240f4a7bdc0

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\server\jvm.dll

Filesize
13.2MB

MD5
b9c8a7ad16b31b337b431721e7571274

SHA1
565d2b35f77532b1695abee8465643801f7f1b46

SHA256
c2bcdbc497292a1f31a43f39c7c8d03f8ea9c9db10d6697d6df84bc8e59fc35c

SHA512
2e0532eb592cf10be089b03559861dea756fd3312eec0f238617000809378a54d3d248ab6b46cce27ce063d9f60219f02cef87070c7e57cf47abd9d1ff14dac8

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\sunmscapi.dll

Filesize
47KB

MD5
6c1cd3632e94e9c9c683ce2ea3c41ee7

SHA1
7fee3fc8bac3494d870acecc9e7c44d989eca350

SHA256
cacf87f95a3a1b6264173470047441fa849701ab308200188dbc5af1818cc85a

SHA512
f99a68d5920c2e2f502a81589c92a85bfae4db6cfa767457ceef25ddf6efaa829636fa33db1647884d85b698077574d3276e504489231cddc2b854cc6b5beeea

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\vcruntime140_1.dll

Filesize
48KB

MD5
2bd576cbc5cb712935eb1b10e4d312f5

SHA1
dfa7a46012483837f47d8c870973a2dea786d9ff

SHA256
7dd9aa02e271c68ca6d5f18d651d23a15d7259715af43326578f7dde27f37637

SHA512
abbd3eb628d5b7809f49ae08e2436af3d1b69f8a38de71ede3d0cb6e771c7758e35986a0dc0743b763ad91fd8190084ee5a5fbe1ac6159eb03690ccc14c64542

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\zip.dll

Filesize
87KB

MD5
81ecec3848e39716ec9113d7204f2d45

SHA1
08f01b443c99d03c870f9c161d6d2550b5656044

SHA256
8bbc3fabf069699adbab5276df097a9a878ebb3e4552ff3f22d9e861f268574a

SHA512
9a6cd89600bcfa74a48b8616a6c7247c5283eb50b022c3ae93a820ffda281885bf0d032030f1d0c5a62e689882ef1f0db5dab5a61e2b555439edee1a8a903873

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\conf\net.properties

Filesize
7KB

MD5
0c091bb338f924911db463aec454ba8b

SHA1
69e86a02207c1126a0d9faf9362a8d1798b140ad

SHA256
56dd1f6095c189c1052f6baa32e457efc09de4832e19cdb82bb236dc8abfee9f

SHA512
d0d257c7b0fc6059faef88603c07a9e1cfe6692359eb634b3436a02723ff015d36d523e1c2a252649db7cd4d0e24be114c042e3e209ce027ee07b7816466109c

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\conf\security\java.security

Filesize
64KB

MD5
e1b7b2a5c7e2a1f425e5245888e8ad91

SHA1
fd76a263a2ec03b695987411b6ac6178c2cd83e7

SHA256
327adb06968ca5b45ac7b3b0feec12a8ca20286f1ed1152bf23f639587125049

SHA512
cc65b4d186500661fe36b6aa605fd747166cf8299cf16bffc093b5b89ad69c429875192646ab4fa7c987c089d7d9baeb33a85291bc8ddb767e6fc78f39c03f9b

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\conf\security\policy\unlimited\default_US_export.policy

Filesize
146B

MD5
1a08ffdf0bc871296c8d698fb22f542a

SHA1
f3f974d3f6245c50804dcc47173aa29d4d7f0e2c

SHA256
758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9

SHA512
4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\conf\security\policy\unlimited\default_local.policy

Filesize
193B

MD5
2a0f330c51aff13a96af8bd5082c84a8

SHA1
ad2509631ed743c882999ac1200fd5fb8a593639

SHA256
8d8a318e6d90dfd7e26612d2b6385aa704f686ca6134c551f8928418d92b851a

SHA512
2b0385417a3fc2af58b1cbb186dd3e0b0875e42923884153deee0efcb390ca00b326ed5b266b3892d31bf7d40e10969a0b51daa6d0b4ca3183770786925d3cde

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\fontconfig.bfc

Filesize
4KB

MD5
9e80af78b019e2e52287108b50f6cfbf

SHA1
a297f3d435fab11aa3f0fd21eb2666a3ba1340ec

SHA256
c7e2e76b908cb6330823e698889943c162e9861a4575501cbb59c9b830158ab0

SHA512
b920a3e25e24a9c20d671e8a8520db2e783a5e18c695e46f7ff3851d7931711a73b97deef27c14a766ae6ed5a5519070421e5834da6200fcb6e7371b90b50e6c

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\security\blocked.certs

Filesize
2KB

MD5
8273f70416f494f7fa5b6c70a101e00e

SHA1
aeaebb14fbf146fbb0aaf347446c08766c86ca7f

SHA256
583500b76965eb54b03493372989ab4d3426f85462d1db232c5ae6706a4d6c58

SHA512
e697a57d64ace1f302300f83e875c2726407f8daf7c1d38b07ab8b4b11299fd698582d825bee817a1af85a285f27877a9e603e48e01c72e482a04dc7ab12c8da

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\security\cacerts

Filesize
193KB

MD5
21faf1c2acd2ac2e5165d8749e16c300

SHA1
882610bbb3f6a9c1ce8f58d5b283a779b95b6267

SHA256
75baf1e4ce6f147e18ace9ce848f9caa1a11c308116be7797d9081e65fd17b28

SHA512
e500a17debbd6d7efb346348cfa39d0cde86664c719587dacd87c26a1c0918998b2706300e05f6f070b35922f74900cc2cf1461b1403c56e262a876c3d1f3f95

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\tzdb.dat

Filesize
99KB

MD5
279c3ed6f608a9bd037d87af1a2262f4

SHA1
b6f633c4f7b68be0dad361b8e505e12b5c017830

SHA256
87022eb5ae9465d75762de6fb2a668c60d411c1394e500c24651895681228148

SHA512
741a8ba22a71ff6d785579ca680160ea9c55e9de462c112ec737bd1e23b0e8bbcc7ce12f550358ea6d8a42424e9cf00015d12d04c478db0298513afbee776b51

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\tzmappings

Filesize
21KB

MD5
4c30d7867505379a18a27d0e8f03198c

SHA1
0cc871d5bd91e061d676a861749af68bbc0ca9c6

SHA256
b41575b332809b37ad423bdca30c7c48cdef3d82f82fa9d534781a6f15d6a2ab

SHA512
873d329682ce67267f438b88eee0fc25cecbbcc1f7d694118417ad12756ec2b6ae7502ec4eea0cc9b4ae8b9e68f5f8877762fa13dea89c4a6dcd54fd8bf82c56

Download Submit
memory/1620-1848-0x000002ECC4810000-0x000002ECC94A8000-memory.dmp

Filesize
76.6MB

Download
memory/1620-1946-0x000002ECC4810000-0x000002ECC94A8000-memory.dmp

Filesize
76.6MB

Download
memory/1620-1882-0x000002ECC4810000-0x000002ECC94A8000-memory.dmp

Filesize
76.6MB

Download
memory/1620-1346-0x000002ECC4810000-0x000002ECC94A8000-memory.dmp

Filesize
76.6MB

Download
memory/1620-1956-0x000002ECC4810000-0x000002ECC94A8000-memory.dmp

Filesize
76.6MB

Download
memory/1620-1910-0x000002ECC4810000-0x000002ECC94A8000-memory.dmp

Filesize
76.6MB

Download
memory/1620-1963-0x000002ECC4810000-0x000002ECC94A8000-memory.dmp

Filesize
76.6MB

Download
memory/2544-15-0x0000000000780000-0x0000000000853000-memory.dmp

Filesize
844KB

Download
memory/2544-814-0x0000000000780000-0x0000000000853000-memory.dmp

Filesize
844KB

Download
memory/2544-0-0x0000000000780000-0x0000000000853000-memory.dmp

Filesize
844KB

Download
memory/2544-2-0x0000000000781000-0x0000000000829000-memory.dmp

Filesize
672KB

Download
memory/5372-813-0x0000000000B60000-0x0000000000EBA000-memory.dmp

Filesize
3.4MB

Download
memory/5372-17-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/5372-16-0x0000000000B60000-0x0000000000EBA000-memory.dmp

Filesize
3.4MB

Download
memory/5372-7-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/5372-44-0x0000000000B60000-0x0000000000EBA000-memory.dmp

Filesize
3.4MB

Download