8b0df603574c14809359a81518261055d491863a28f3c32a4832ce547874792c

Analysis

max time kernel
179s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.12_Setup.exe
Size

3.4MB
MD5

79e973d7cf9069f758dd382bee60ee43
SHA1

0d1c6bf48ec6be84c2648575db5dc819e47d2ecc
SHA256

8b0df603574c14809359a81518261055d491863a28f3c32a4832ce547874792c
SHA512

88094aec244ce5b9a10d36a184bc1567ecae73cfb30e3f51923467b93d3bff965caf0ab19cf63c658bad09ff4445a4ff1b65ad726334a5105b9947d64f7ff239
SSDEEP

98304:jr9jbrLx1PPvuHs5VAhRPD2Cr3ViRp2z0:fB/zPvuMgfPD7r3d0

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation	javaw.exe

Executes dropped EXE 3 IoCs

pid	Process
5736	SKlauncher-3.2.12_Setup.tmp
2420	7za.exe
6116	javaw.exe

Loads dropped DLL 64 IoCs

pid	Process
5736	SKlauncher-3.2.12_Setup.tmp
5736	SKlauncher-3.2.12_Setup.tmp
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
184	6072	msedge.exe
184	6072	msedge.exe

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1589796371\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1612090592\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1612090592\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1612090592\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1589796371\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1589796371\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1589796371\smart_switch_list.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SKlauncher-3.2.12_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SKlauncher-3.2.12_Setup.tmp

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msedge.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133890658239307639"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2645532622-3298555945-705856666-1000\{FAB9B634-00B2-45E8-8A59-AB82899AFE8A}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2645532622-3298555945-705856666-1000\{5C3986B9-5EA8-4035-B89B-56A375732DEB}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2645532622-3298555945-705856666-1000\{CC7F2EB2-A81D-4D1F-A6F2-B7F70C5C1BD9}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5736	SKlauncher-3.2.12_Setup.tmp
5736	SKlauncher-3.2.12_Setup.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2420	7za.exe
Token: 35	2420	7za.exe
Token: SeSecurityPrivilege	2420	7za.exe
Token: SeSecurityPrivilege	2420	7za.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5736	SKlauncher-3.2.12_Setup.tmp
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
6116	javaw.exe
6116	javaw.exe
6116	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5276 wrote to memory of 5736	5276	SKlauncher-3.2.12_Setup.exe	84
PID 5276 wrote to memory of 5736	5276	SKlauncher-3.2.12_Setup.exe	84
PID 5276 wrote to memory of 5736	5276	SKlauncher-3.2.12_Setup.exe	84
PID 5736 wrote to memory of 2420	5736	SKlauncher-3.2.12_Setup.tmp	96
PID 5736 wrote to memory of 2420	5736	SKlauncher-3.2.12_Setup.tmp	96
PID 5736 wrote to memory of 6116	5736	SKlauncher-3.2.12_Setup.tmp	99
PID 5736 wrote to memory of 6116	5736	SKlauncher-3.2.12_Setup.tmp	99
PID 6116 wrote to memory of 1140	6116	javaw.exe	100
PID 6116 wrote to memory of 1140	6116	javaw.exe	100
PID 6116 wrote to memory of 4640	6116	javaw.exe	102
PID 6116 wrote to memory of 4640	6116	javaw.exe	102
PID 4640 wrote to memory of 4724	4640	rundll32.exe	103
PID 4640 wrote to memory of 4724	4640	rundll32.exe	103
PID 4724 wrote to memory of 4556	4724	msedge.exe	104
PID 4724 wrote to memory of 4556	4724	msedge.exe	104
PID 4556 wrote to memory of 4708	4556	msedge.exe	105
PID 4556 wrote to memory of 4708	4556	msedge.exe	105
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 6072	4556	msedge.exe	107
PID 4556 wrote to memory of 6072	4556	msedge.exe	107
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106
PID 4556 wrote to memory of 4324	4556	msedge.exe	106

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.12_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.12_Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5276
- C:\Users\Admin\AppData\Local\Temp\is-AEUM9.tmp\SKlauncher-3.2.12_Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AEUM9.tmp\SKlauncher-3.2.12_Setup.tmp" /SL5="$6020A,2553666,803840,C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.12_Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5736
- - C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\7za.exe
    "C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\7za.exe" x -y C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\jre.zip
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2420
- - C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\javaw.exe
    "C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\javaw.exe" -Xmx512M -jar "C:\Users\Admin\AppData\Roaming\sklauncher\SKlauncher.jar"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:6116
  - - C:\Windows\SYSTEM32\reg.exe
      reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
      4⤵
      PID:1140
  - - C:\Windows\SYSTEM32\rundll32.exe
      rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4724
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
        6⤵
        Drops file in Program Files directory
        Checks SCSI registry key(s)
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:4556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x260,0x7fff92b9f208,0x7fff92b9f214,0x7fff92b9f220
        7⤵
        
        PID:4708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:2
        7⤵
        
        PID:4324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
        7⤵
        Detected potential entity reuse from brand MICROSOFT.
        
        PID:6072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2528,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:8
        7⤵
        
        PID:3700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
        7⤵
        
        PID:5688
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3520,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
        7⤵
        
        PID:4760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4932,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:1
        7⤵
        
        PID:4900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4840,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:1
        7⤵
        
        PID:2036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5224,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8
        7⤵
        
        PID:2240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5412,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
        7⤵
        
        PID:1600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5956,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:8
        7⤵
        
        PID:2488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6360,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=6440 /prefetch:8
        7⤵
        
        PID:5440
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6360,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=6440 /prefetch:8
        7⤵
        
        PID:1100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6672,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:1
        7⤵
        
        PID:752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:8
        7⤵
        
        PID:4996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6984,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:8
        7⤵
        
        PID:5820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6992,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=6988 /prefetch:8
        7⤵
        
        PID:5032
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=7036,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:1
        7⤵
        
        PID:5812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4848,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:8
        7⤵
        
        PID:2648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7024,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:8
        7⤵
        Modifies registry class
        
        PID:4956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6968,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=7272 /prefetch:8
        7⤵
        
        PID:4824
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:8
        7⤵
        
        PID:3172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6316,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:8
        7⤵
        
        PID:2776
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5340,i,11651569833622858399,4291095927109647705,262144 --variations-seed-version --mojo-platform-channel-handle=6724 /prefetch:1
        7⤵
        
        PID:5148
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        7⤵
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        
        PID:2568
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7fff92b9f208,0x7fff92b9f214,0x7fff92b9f220
        8⤵
        
        PID:5512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1880,i,12118041607718331132,7300743338587404810,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:3
        8⤵
        
        PID:4536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2280,i,12118041607718331132,7300743338587404810,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:2
        8⤵
        
        PID:1376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2592,i,12118041607718331132,7300743338587404810,262144 --variations-seed-version --mojo-platform-channel-handle=2584 /prefetch:8
        8⤵
        
        PID:5820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4388,i,12118041607718331132,7300743338587404810,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8
        8⤵
        
        PID:3912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4388,i,12118041607718331132,7300743338587404810,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8
        8⤵
        
        PID:2776
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4616,i,12118041607718331132,7300743338587404810,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8
        8⤵
        
        PID:612

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3168

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1589796371\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1612090592\manifest.fingerprint

Filesize
66B

MD5
02755c9606b446b2949ca5456533f8c3

SHA1
06491602cd6835473451f592b49e385404598339

SHA256
f27f7a78304dc63ccb1d2ebc570b920253588ea39a8706ba8d9617391124aee7

SHA512
632eebda283913421bbdedfbdc5f5164e038a834a3f07bc1ce56f953dc99d91e7ddc137ec94d73bcf61b0ec26edcfe498a29e4ffde15be8e26118e6ff91daf59

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1612090592\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
cf3da7267cb6a35a74a4dceb3097a615

SHA1
a1b06c52d03147a6adbad9d32436b3b497115584

SHA256
18a6d652dd17544c9feb2e01621ed64b958b1a26bcee81e29ab29d5a409dc222

SHA512
6238eb406a42dfdf3faf7b62c92c6c0993974617f2ff403f6cd0a23dd2d53893bd96e92e78bbe6ba35ff191cdbcb8ecd69318c76547df76341ce9f2d43aae71f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9e7e2452fdc0d76fb0d28fc88acf7b08

SHA1
4d45e76134f302e080fb077514b8ba6be264e222

SHA256
576b56ae12d358a94e33f86ed378825ae288c836bd7a29997edcb7555197b041

SHA512
cf90c856ebd780c8583f67210fec58d7a2a1b7506d22612c0bc7577677a70a54ddd249991ed2e839349f2bd25e3c7020411bf510a0c6422ae867670c46e004fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
52a416fbe4d6ae66420dbc221884f937

SHA1
8cf2da4ae932e44d6a98bbe0f59c58a146dce0cf

SHA256
997cceb41f3c72b10e7ca40539f220f3c232b1c1aac95a30a6f49438fe844940

SHA512
afe8f0fe4b2b6e7cd1606a0ae6e6776d3465169c1d0f6c9f4217721e97cb7b224bf41c471e216d7a350eda0e8521bcf4e4999c380215bc0a28e2e24500d09dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
49e3cbb1ce208c3e1c9c8806a2ab557d

SHA1
0b064eab20e10c73eac3f751075558a5cb0d8afe

SHA256
0c81729609c111548f7166f08f1f58d1df4d8f37e143b4141cfe209ea0abd251

SHA512
23f2bed3d2e999398ae4a6f8905438b1dfe6dd385ef5e6ff1686ff67a32749c1150a911b014fe8004aa4e1ff94945953b5ef63afcd9cee2dad8894328aaca841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58cb79.TMP

Filesize
3KB

MD5
4ca26e4ac16ad9d2f53aa96342afb304

SHA1
d4e60005d06cc2b777cd63873dff6fc928669034

SHA256
7128c9d78f12355862359ba93679622b0819da7b6416c565f8f06cb3ebf2354c

SHA512
c98095571ad0d5dfe9d0bea6b8978cd3e78abddd7c84171652f2e7822f6408c9482847a5d1eaacbdc37a04af156e0e9550d482e0ab7f02b1a22e99bfab4b614f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
156f71abb6355b358c8c7d10e467c732

SHA1
f8df46e2e30200b66efebbe6198f3d0c7643ac81

SHA256
fbe967085388ed39455cde25da1f3ce480b2d3d49cf935308af2215bacde75bf

SHA512
9c96a57dbb0a1ae897a4090bb26f9d750fb01922b6434dbd078f872593258b54308ebfb6747c5a4bb406042f03f0d2c47734668a769695f8a876fb938603d99c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
bf32298eefc37afea3b3895f0ddb6675

SHA1
6d2ae929f3ec1ab647dbcdcbb5f14d830e4ebbc0

SHA256
12a00ca1f4e9baa3da2142da2886a880f5e0e3f024d4f10652a598e18ba4b278

SHA512
1e0e1871af10045ebd9088b17541b0d65cb634757f0e3b2de1595525c3e20047cc5a14892996ab6e26d89f00171ba9204e55dc5b12587e70d8ea240f985d759b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
44a9a27fdc5c4c0f74e70aa8cf2a0dfd

SHA1
f182b8af1f507e2c4110ddf53a31d5a7b2554ef2

SHA256
640630210d5d8b9f521866a9a0033a23f45a200803208ae37c003039462301c7

SHA512
175a4070bf87692ad692a72ece371fb0ac3ffbb10828b373d2a9673d74bcc2a8bd6df5300ad85f642c11fc9507a451140f723109d4d82febd39bcf3ded16c93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
6d11b8b3ee3cd7c35f43f81e9bf048fe

SHA1
30e77794f46e9e73b2577c1ca56b8ab799aeecf4

SHA256
f8e48bb75b3f6bc900b16a0adbdd5efcede5539ad16859926b3e3d8afc46b586

SHA512
c54b13f7fc9037606a0a23f6b92767775f7fb1450423ecc24d53d36d47e70f2c785df74cd98131e51d5b05df1d9b6e2f25002a5d2a6e524562242db3c71f5486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b7e196071ef08e26020ff0db9969421e

SHA1
b5009e7c3ed1b9a7c0ca66b4ce135a455cad5986

SHA256
4cc55214cbd45652e242b655666d14c03a6da787629edad05926c67dafbe1e1b

SHA512
f27156e583d7480b63248142d7edda46bca99829436f0a2ed0b225a8f34a61cd78b2de80b10d9063a2f3b14a16c39dc2c0833256c716216ca624e2784b4de6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
35c7de60d2f872162e9feaf0c41eeeab

SHA1
321e49fe48b4176a3984762b4accda755b0eb386

SHA256
9ff21c6943fff818233bdae7f6d763e8475219b008ecae1c3e306ad39b2354d2

SHA512
7f6974ce1211bcac5221908c0bf6e9a9d8880c66ffb32a0d3fe9b0abe509cfe0ccb6f31302580b43ffe3f8f2d1e78f59abce470dd13bf9a886822f47459bfe1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
51d8d69c1f55e170ba06e8268ba1e68a

SHA1
470935a61302568fdef61c1106befaba73174e4d

SHA256
921878da7b9003ac30e9d74905ad3bba3ca39ccec109898e8a48b5dc895c163e

SHA512
16d6664112cd391451e3c87456c71b17188cfd814c76bfcb26feb3847f3e7a5e8774d250ff7cddbe15e6b75defa3cf4d9fde49cdd4bb0241a674b7a04a80269e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
76460878c18d3ebdcb3f2dfba1d3332c

SHA1
92a24ca146291f8e38a897b9620290c9d788450a

SHA256
374c1823f6a2a0116b3f9e8ba8a845713e23cb8b2d1e7bceed634ee8dd450000

SHA512
2a6ca60a02c4b201bfd0807aac99a3a54f9b56e35863f66304fa195d3f1b770e92f73198df8deb00aba9c29163fcf94387893893a06f13d14ba031549bd0ec20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
5af2c53a29766371450dd3cf63db7e69

SHA1
5e0e0c178ab73e26b7f688b87509cb5c1acd2161

SHA256
983c5c649676bfdbb491a88982148c5a761924d5cca80470ca2681235fee2219

SHA512
3d24b6cf1757c01d177a12d71ae8e637a2ba754ac6bb9204f0aeb95efeb5036e58bb76ef52cfbd71510cda5ebfb89bc9e9530c9d64fde69a6eb1de50b0e11b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
42352f82284f8cf559612884c3faa7fe

SHA1
64d39d5ec7685afbfe99847b74dcb431f9607655

SHA256
0f8415edd5eec91b526d06375be340a3872f66c6fdc4d5bc2d5d8e52b96ceeae

SHA512
f55a50da5d4d49841de6a29caf9dc4854112f40a998657ca03cf85a964414c1ceca7baca7af71ebf5b162e56d2fa59df5b247564a4601fa75b0b6408fa16d176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
b65d6f1a928035641831aab37030ac8c

SHA1
e2abc5da9c08f25d011b86effb35d13a38250282

SHA256
460481bb94a1ea988e53dbcd556976410116873999feb9d23bd8439d9448122b

SHA512
9386f205a127412e8710053009ed7f5a1450c5ffa459b6a49270b82f768ad9e84743c0e0fd18bede8431c82aca993951e89a209c9f45a79d3f8d13cb906bc0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
d3ec04f246991d5cfdc8e044f974908b

SHA1
17940deda1dc0724249195e8a2488c6b08aad10b

SHA256
0a21a3e6eaf3d3338226190f04e6328ecf6ce39440a1c6c44ff53d33b7d19629

SHA512
7aead776d970d564ff3d838dbf8a753838551c8f6c652d1610b455db8a8a5a5dc2fc4f7441f350697c116326067ce2a6ce07bf94621313f711a198ae8cf9b9b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
ca941ef2c45b578c6faa3d45ea911829

SHA1
d44d3f0907ea49c3ff895998787655f29e72a58d

SHA256
b4907512b989e3741f54d2d982f6f42b12b306356fd94a41a9d36f621593135d

SHA512
72ce9b33d3ee3b58124f47287a2ad75d5ed5185b0f7aefb74233f37602aa512216da58177d12542d698578632c0de07acbcdd380b23982f7b72bf01161e27b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
51KB

MD5
8cce075f768fcba46e13a6fc83707357

SHA1
e3547f2f85924f131657b1df60b85ed5e2890da2

SHA256
d7f3fc308ed0747e313fd199ad14aead2807139ec29a196279e02f749f6c2eb5

SHA512
93c4926de5a65ff933b0f8bee9560efc1c8374f61e619d824add7ae627259e0b02c3e69bfcd01eab3c9b9f5a5e25295bcaf5bd13cd80efadb856082c8ac012d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
45KB

MD5
0cd35465254b4ff620b899ab44dd7908

SHA1
2e2245505f1550b74069bb5af2f4bec85b672df1

SHA256
d53f7a8b36b9072eba3c3f0206b982b5a0a74139c2497803b9c84ba5cdbde686

SHA512
77b24c8d93f60f6efa67e6a0b2d88cee7ffcb6e8fa8e78d87cd695023f35cbb58fb0fd8da4865db4d749287f3fd57320542ff494c903f725386cb74d3d4b38f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
927490b8206bf2eac28ae37b9d1536c0

SHA1
6e815faadeb7db4766cbbf91db3f4a7b3b8e19d4

SHA256
b4770ec8ea535337bf1d916b12d7f204b167f02e9f08eada1c836e8c7bdd8cb1

SHA512
3cc9d2c374cd0521e2bdcf033da6acb2645cd0b7a2eeca962940af0015ad8a20cdf0c878d621c3ea2e8c151f9422b0a0b9d0cc8ce48a88502f3a975905a7fcd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
85d02f013bcbc803a9856d1697dbc92e

SHA1
deb63178800f98c1a877b0194d9720bd200c4135

SHA256
f59cab9633ed23e54b400c13753103f028941089d09ad941e2ed0098196f3055

SHA512
2d55b566b17a79e76c62b8146d0595a0a8b53034f24aee0e3427d13960885df815b37c0c257a6733e127e095a726dd74866066201c27c8039b5f1f7459258787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe597edb.TMP

Filesize
392B

MD5
b34a8b54af099bed101e3b2c3f9bcaf1

SHA1
e58ec4403d055096106d6f67e6ec78588268c91f

SHA256
892029ea14fb17b66aad0c982f0896aa55cfba31877307e5b613b2d378187e3e

SHA512
3e55afd5857c777f26354a511c08120c903f20a36a9b51eac165ac76d9908c4d8f5fda18c3327a66e4ea703adb572327e81303473477f02c40be36aa4f081549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
890d7e44c4c6462d63b9b13ba68974ec

SHA1
c3cd36ff80664479a8d44c093f67ff28dee83a31

SHA256
0af816bfc218a2c93097bacef1b898578a518d8d646569b708f0e9efc16574f6

SHA512
7f0a7e60a1e282a3b79ce763b2e9b6acabd8e65ac584012f5c56566d98bceb812c93a1e79b3012ffcf6a623033c64e7ba6300ba4fc1904d46cfb13a238123718

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF15277059173519262694.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF15921526965590743589.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF18153338794947593633.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-5069339217700.dll

Filesize
23KB

MD5
e5079af6f3aa197eefa2ac6802ccdf32

SHA1
afeac2f32f9804f5cc1f4053d246380892e63974

SHA256
dc130da62ff3a8b7ffb664204ac38aa68ea466fe8b2658bb7ea2de49108f414d

SHA512
cf946ed4dc45ffcb22c6b3790f2c5abe7b8f8ce60e786bea143381c234dc94083313004ac18ecbb3d3c17971fd38ff904d6702a5d9f8c904bb9125e00e90969e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\7za.exe

Filesize
1.3MB

MD5
c58a4193bac738b1a88acad9c6a57356

SHA1
66e5bd096f4e20e0423bc1540bd2b880b150d9a1

SHA256
fbb3dadcc29bcbc5460484d858c5f33f99e5317f5f6cd8d9c83f4dd8c39b3e30

SHA512
97ca384562fa9e49d0b32486ae181a4474c5277f2b48cefb2f4b479ae6797e1369a867cf8e5b39c77a10e38970de62f3ec43f1beb1b4b203c4110afe819f2cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-0.jar.sha1

Filesize
40B

MD5
018677d1accc999f9adcadf7e9d2eca0

SHA1
b86c7833259f8d170fc13731da046c85f4546b05

SHA256
a1f58b506c61eb64f9d38183fa7002a7fd5f7dbecb1f3bd16d1c5a7f181df050

SHA512
ec768e3152b4cb3aa1d228393a539e39b999f7964774f7291255e0e1130503972f8631cb78526bfc1cc6fe507fa6d0817f676dee92a64d1843e99801244974dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-1.jar

Filesize
5.7MB

MD5
c17fc8947177dfaaf0d2d5564468b3f5

SHA1
88efcf6f439b36c17bd467630f3942aa89d7f37c

SHA256
6f8dde0282b96c215f1d1b7638c78031ddfd970e6e7f8d6834a723ebf85be6ae

SHA512
84080941623407e3c9f6d6123c399037571a9dcd4e7e0df68affea7661e1a28887fc46e9cb4a0a50355f0232e34159ae3a3a278a3380beebac39cb2a020e2c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-1.jar.sha1

Filesize
40B

MD5
cb19a3834c52905bbc7aae9b0cb884d8

SHA1
69796c5f90088edeb9cefbf12708c60dd6776bc5

SHA256
d8e035498ba5918acb7899067177fdefb3300d7690419ec6b564e49902ab0160

SHA512
2c36a8653198fe67fc7c552c13d88530206bfd100d6b26243901ba6c8c41963e5094e39441c0ff66fd0b2839e69d5ed15dbcbb509d7d443dfa1c1f6a3582ddaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-2.jar

Filesize
2.5MB

MD5
481e60ff6432b3816d78dd3a94d6c89b

SHA1
4553548f8b569b5f7da7f9d93460f059dbed85dd

SHA256
0ab89fa8531f5d6f1a15b6c76cf5a7d44e60e273932ad282b29b8dd324e725ff

SHA512
7a92d3e5f71a8ccbe4d821b0b3ec0a37e6dda64df9dfaf660d103d89d4f716a37d7fa831c5edbdc8764511a009404458e57e5d9d84c73d0d06b580f7db395eb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-2.jar.sha1

Filesize
40B

MD5
716529fc440ccac9b9c853da3cdaf779

SHA1
cda19f161768360b3ac7a3864dd7efeb961c74fc

SHA256
d147881dc89769b2b4c524d01a1e498aa228eca808f18755a5f1ea1742b00546

SHA512
5a845b6cf674ea14670c50812761886ec4f7527da96e28c75a50fd552adef3f5ac2f532aba19c19293e6147ff715b8fcd69be607c20aefaa6d277dfe7f6c72a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-3.jar

Filesize
1.1MB

MD5
6ad87d83a49a3b25fb5e137038b2c5de

SHA1
5dfeba2fb52aa7e896edeea18c86ff1143c2a7ae

SHA256
6828f4fd83ac7caeb7e25c21e4050606d384baebb18bc3b1f35cd866020757cc

SHA512
f2503347747d38e1ccd4d344b10dc0856b1bbf443b4b0d7d4b3a9f5f6c3d4a5a4e8b7ebae45abee2ba15e81f42fd4d106be4715e56c06c8694152b741a96b1f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-3.jar.sha1

Filesize
40B

MD5
1c6267fed13369e1f1bfc9210c2072f9

SHA1
13c9753c31145ab1039e66261a0f4e47d9775d93

SHA256
16309d1718c54dc502e50a4918fdfd0b24ddfaba28ba35bca30c89d42fab437c

SHA512
7e9dc8670f236608b4f4dc3ce76b3a774ef4080b5888d12d56429e2a4a458cf16c2f9151fc191aae075a8fff7f473cb249f0be1b863e4086a57262b95685a757

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-4.jar

Filesize
88KB

MD5
bd17f851cec71e55199ef7b5022d1af9

SHA1
ed85275a7530ec35206364eb4dea408174f7c226

SHA256
0dc9f29e41cf9be601990c270f84b2f6655e4d95ebb27ccc9cb0953be50d1229

SHA512
5ca27b2a63b60ed2a5f0f03fb86694e354d87654c34aa21fa9d095871e6ea0757b5629c2bb1743d80c38df577632beb2a748721246bb0b6461b134f4b5438f60

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-4.jar.sha1

Filesize
40B

MD5
69ea2a2068660c846ffa2c183719c7d9

SHA1
9387988c80f19e1482d1cdea62d386084194637f

SHA256
c3473edda477b297e19bdbbdfe306c1475d93addb21b80f923ddce3fe822556b

SHA512
84c9fe4520f4f5d84a2056091f6a85389d27fa039d6fb19c26b9e6a6810478a08d3b6afd38aca3a1c5593c014e7e2fbe0b4f6bd731f7225cc7c3e32671398c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-5.jar

Filesize
30.5MB

MD5
578b20d6bf1beccb7e8895985159f2c8

SHA1
23a64a0c4cba3da91349df902caa99074966e0f0

SHA256
5f3fb26455c8d8d61f6b1080483234cf8b2cc1b8e44f5e9e50ecc176d2a064e1

SHA512
c6636acceaf80f1b523af5540c319f888b17189ae6a3e1cf1097a4ea708dd4e4477efe536b93f669bf9cc8eb706dd02ccf2418b61c0aaa062d4484c2fbef80b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\javafx-5.jar.sha1

Filesize
40B

MD5
2d229e9eb16dddef81318279a721336b

SHA1
eb86045b32bcc4657a6704d9d5591a39fcb6c3a6

SHA256
b52f2348ae1c287ea01956214bf5b74a0ae4aa1d96fd5992e35848194b85aaf0

SHA512
534ed4e0258adc1f9c74624d116a7898b79cb5f9858abcbeded66a15fa6acf3b695f4836a81664419f0109ae81610bb46e1a4db03e8b6b02ea78acc5a1623408

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3TABE.tmp\jre.zip

Filesize
46.6MB

MD5
fbf605cc3189e0cce4627372b37ad26d

SHA1
963cee5f91c57d3c45302a58df6dd3fa03c49f8c

SHA256
707c981a4ff9e680a9ea5d6f625eafe8bc47e1f89140a67d761fde24fc02ab49

SHA512
1edfea472fd10a6165b50e4e684f42d0d611a3fbb8a0503ca04500b549cdab17e122bf85f5ebee1bb44e546452d4904c340a8b2c3e0c2798b6fcd36c61775961

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AEUM9.tmp\SKlauncher-3.2.12_Setup.tmp

Filesize
3.3MB

MD5
a1140e85ca5e398094523b5d65de46cb

SHA1
a4bad568dbaf8a52f4bb876da8067ebe38b3e432

SHA256
fa266f1b259c8bf7d2e3c2fad19da5390d90d01cab3743ef1e18a9a8c89338e0

SHA512
349fff37337baddce730b0b022dae00ad3eb2f33fcc23274579d26cc9bab5f2856bf31e42c5e156de0df37f18d5c52c3de9bb8f1c72d60248cdb76216da9f9ff

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher\javafx\javafx-base-22.0.2-win.jar

Filesize
739KB

MD5
239410d2a0ebe901c2baed127e865453

SHA1
0c109e43bc5a7a845e7bcc1f01f6a5204027cfb6

SHA256
17154354881d15014510b55361999931240f03e247023409171b83286d605776

SHA512
3dff24e22c610517856e51a7cca9161ed0ce9fb07e57073d371a6dfe1d9e0c4dcd685ca2cc3e40e948548fbbf05e502d83086ff46a04283514061d06ccd4036b

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\SKlauncher.jar

Filesize
1.2MB

MD5
5b67c472ea94d09f540d598fcbd18f73

SHA1
32c8d9cfd44f0a6b622fc287c24f6401eafa0d3b

SHA256
a3912e1e9b4e3b2d5362c91176444c7d5b1a15437cb827f123e4ca2b0d12c3f9

SHA512
0b1c339fb0ed5d2e5739d6e31b6a322af8f133d401e386992884d8f140705b719c5f160102fb04d834a37d3530cab4b5c36759a06dd453368a6591374260b16b

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jdk-21.0.6+7-jre\legal\java.desktop\ADDITIONAL_LICENSE_INFO

Filesize
49B

MD5
19c9d1d2aad61ce9cb8fb7f20ef1ca98

SHA1
2db86ab706d9b73feeb51a904be03b63bee92baf

SHA256
ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9

SHA512
7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jdk-21.0.6+7-jre\legal\java.desktop\ASSEMBLY_EXCEPTION

Filesize
44B

MD5
7caf4cdbb99569deb047c20f1aad47c4

SHA1
24e7497426d27fe3c17774242883ccbed8f54b4d

SHA256
b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a

SHA512
a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jdk-21.0.6+7-jre\legal\java.desktop\LICENSE

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\awt.dll

Filesize
1.4MB

MD5
f53a79f9ece055fabcb34892e7c23e97

SHA1
37df77f26d5a140c1eaadec2fcebb76a0ec2ef8f

SHA256
a075075615c205be87d05c8e99ea33565f97da9ed3e1d686821cbb29e99f6f00

SHA512
0a9dee281f55855ff41214ca55ad8ecddebdd2c726e183f2a14e92b3d0752b5883275c9c6a5e91813f11feeddd5c2c7d5795b7a35ac55fe44502c9039838c8d0

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\extnet.dll

Filesize
23KB

MD5
7bbdca5c76125708d387531519e8a1a6

SHA1
2e5288a449dcd1c0754cd8445f8b327e64b44394

SHA256
9c1342869bddf9439bc36e18b64ed71ef6840beea2e2ba29f3167c9ca58c7ac6

SHA512
db5908bf6068f46ea4a6f24c0a0bb666942354ef166daf4d4dacb2f6183f713e35a30d1c1388f11e2b8d95589cdc9553909f9209626318f9bd9185d12de1fffe

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\fontmanager.dll

Filesize
860KB

MD5
a9d8b73b422f687d784ff790cf0d1879

SHA1
ff0e37bd3f32945d5185b07210278f7ea84ab568

SHA256
2e8dfe3e3e1ebd99deb538f54d0641a4598508fe1116a2a3efbaa9c0376a8a7e

SHA512
723b9aca542fcbeb4b10adc81ec75aa0c3dd2385e492315d43153d429dfe7a1ae0bdac029258141c97768670903b3d14ea7f3b184a94a166b689ecfe87b02abb

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\freetype.dll

Filesize
535KB

MD5
168ab8bc5488c25bdffb2898a806e7fb

SHA1
87b8ae6884b09206ab90f9357ff46c0569d93d4a

SHA256
f18766eff9b8193c3d0105d5f77b4015e3f086b93d55bef34babd28d51f5397a

SHA512
cf9069c1ae246e36f7952591c22816742b92093a81f5245f6fac29c9c26001c40b33f4668ad051f5adf93eb35b515a183b020c708aeed5e8c40828378ebb7a8c

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\java.dll

Filesize
118KB

MD5
b8f9d4e627536e73ba387de89ea1a175

SHA1
ad64f514572a512e8e80c458d23a931fbdb99705

SHA256
f474176d8e3e8fb77596cd0f902c576cc954d17622aacb2c474404395a981ce3

SHA512
1eea44d4ad4a3062b0230eeaea33e9962768e96bfd49922baeba9f2352b943caf5b24d3095cd1f3cc39ad431aad562b511421f52267d52341f0a1b6a49e72e71

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\javaw.exe

Filesize
48KB

MD5
8f3cea4ecc6d33e6774a71521df84bec

SHA1
f5c861c029954a95852dde3623677ffbe4d575f6

SHA256
f162274fe8723a859e70b863f83e02a95b418812932d94ea3c9105f0265fe48d

SHA512
e6168c296ef64505d9214970cc30a92bb04c92963186e3d8d3d916826f322366c1425b2cbf64b383bd75610e061f1706918cc375dc994f778167d135f6077b08

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\jimage.dll

Filesize
32KB

MD5
21a02272f514787cbb894834a86db8d1

SHA1
27c46d3737aba5fa4719bb169157383bc59fd6b5

SHA256
0bd4173c377c2a8369803adf92862e314745e7e01a44edd2685060cf8699da20

SHA512
7d439d3ac47bdb030aa8be964bb9c02fde66325af157f9114e8d9247068ba473922c456ed203d5deb393711ef90c01ae6e0bd97419c81faef95779dc681006f7

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\jli.dll

Filesize
87KB

MD5
7343522fd185f72df3abba7ff67f2db6

SHA1
3a5a3aa04f8249e4e39da041ff7a8e2014ac14a1

SHA256
7dd4a08bbd29ea590dd8253332c6e33df4f9052a599710e4c30c9eeeed9db35e

SHA512
39956e14e6c84f04c7a17b403ba0c3ee9f5e76bb7b1b27c8124f212c1d24d429e4a4afa166f8ea915ac1722af1150e7faef2c5eec0c1b5c46ebe7b6ddb182029

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\jsvml.dll

Filesize
849KB

MD5
ae0ffee3c346d1c7fe6d0738069cdbab

SHA1
64218372a65e90a39ab04ef7b02dec714d0031c4

SHA256
9b8a36cd33b25bd81388208784d19a137f685b14b7b81be77bec4a9471c7d6ca

SHA512
faff265b2660d23cedbfe9a0363e68b9cce89a3561fc35ff21df76db1a4f6bfef01b4c3e69be50aabb6e96971cad9f0148370b5a0f5fc12b717024f756a8d278

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\msvcp140.dll

Filesize
561KB

MD5
72f3d84384e888bf0d38852eb863026b

SHA1
8e6a0257591eb913ae7d0e975c56306b3f680b3f

SHA256
a4c2229bdc2a2a630acdc095b4d86008e5c3e3bc7773174354f3da4f5beb9cde

SHA512
6d53634bc51bd383358e0d55988d70aee6ed3897bc6ae5e0d2413bed27ecff4c8092020682cd089859023b02d9a1858ac42e64d59c38ba90fbaf89b656c539a6

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\net.dll

Filesize
58KB

MD5
cd0c6c6f6a96364d3211bcda4d903b5f

SHA1
adfeac52d9ff3161a350a6cd1820f8ff0e08eedc

SHA256
1530c4d8c3737e04910137256d0513e20bff854b08c0a830da73dfbacd27be60

SHA512
2e3bf431fe16f152c5b85b4ef3f497499220845000c886f0facfcd66558b00e40f91c0c9aff112e31a62ecc927b515d46114659b86804cfe1b09ade253d4c91e

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\nio.dll

Filesize
78KB

MD5
d35a0d9eb225eae4b3d4a719f4d42b2a

SHA1
83fc1791b23bc90a112ccd9a57e6cf88f21f6762

SHA256
abd40c27d299fd26dc0c0e030257a1db9d1f3b330451671073bf0f5f51f5911b

SHA512
23706c74fd1b40915d1fe19e2f1cf2616103ce02c89fc336bd7b17d7466ebead53947941addc11e921c4ca155a1c3044bc30875821fc2cc17fed11bc3e248afc

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\server\classes.jsa

Filesize
11.9MB

MD5
769b6dc1a3774e669ea7d6818ae51931

SHA1
b567381f9ae0beba02f1531b07421edc7c6cdbaf

SHA256
c3804e09ea26e6adedcf471056068685e53a2d1b1957713f07bb117b18541d20

SHA512
cd0806cd82842061271041b4ee178342275b66b701081e20b9700c0975d59f46077af3adfdf6ae4cc86a51850c6d1e0cefb911234df72e3be432e240f4a7bdc0

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\server\jvm.dll

Filesize
13.2MB

MD5
b9c8a7ad16b31b337b431721e7571274

SHA1
565d2b35f77532b1695abee8465643801f7f1b46

SHA256
c2bcdbc497292a1f31a43f39c7c8d03f8ea9c9db10d6697d6df84bc8e59fc35c

SHA512
2e0532eb592cf10be089b03559861dea756fd3312eec0f238617000809378a54d3d248ab6b46cce27ce063d9f60219f02cef87070c7e57cf47abd9d1ff14dac8

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\sunmscapi.dll

Filesize
47KB

MD5
6c1cd3632e94e9c9c683ce2ea3c41ee7

SHA1
7fee3fc8bac3494d870acecc9e7c44d989eca350

SHA256
cacf87f95a3a1b6264173470047441fa849701ab308200188dbc5af1818cc85a

SHA512
f99a68d5920c2e2f502a81589c92a85bfae4db6cfa767457ceef25ddf6efaa829636fa33db1647884d85b698077574d3276e504489231cddc2b854cc6b5beeea

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\vcruntime140.dll

Filesize
117KB

MD5
caf9edded91c1f6c0022b278c16679aa

SHA1
4812da5eb86a93fb0adc5bb60a4980ee8b0ad33a

SHA256
02c6aa0e6e624411a9f19b0360a7865ab15908e26024510e5c38a9c08362c35a

SHA512
32ac84642a9656609c45a6b649b222829be572b5fdeb6d5d93acea203e02816cf6c06063334470e8106871bdc9f2f3c7f0d1d3e554da1832ba1490f644e18362

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\vcruntime140_1.dll

Filesize
48KB

MD5
2bd576cbc5cb712935eb1b10e4d312f5

SHA1
dfa7a46012483837f47d8c870973a2dea786d9ff

SHA256
7dd9aa02e271c68ca6d5f18d651d23a15d7259715af43326578f7dde27f37637

SHA512
abbd3eb628d5b7809f49ae08e2436af3d1b69f8a38de71ede3d0cb6e771c7758e35986a0dc0743b763ad91fd8190084ee5a5fbe1ac6159eb03690ccc14c64542

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\bin\zip.dll

Filesize
87KB

MD5
81ecec3848e39716ec9113d7204f2d45

SHA1
08f01b443c99d03c870f9c161d6d2550b5656044

SHA256
8bbc3fabf069699adbab5276df097a9a878ebb3e4552ff3f22d9e861f268574a

SHA512
9a6cd89600bcfa74a48b8616a6c7247c5283eb50b022c3ae93a820ffda281885bf0d032030f1d0c5a62e689882ef1f0db5dab5a61e2b555439edee1a8a903873

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\conf\net.properties

Filesize
7KB

MD5
0c091bb338f924911db463aec454ba8b

SHA1
69e86a02207c1126a0d9faf9362a8d1798b140ad

SHA256
56dd1f6095c189c1052f6baa32e457efc09de4832e19cdb82bb236dc8abfee9f

SHA512
d0d257c7b0fc6059faef88603c07a9e1cfe6692359eb634b3436a02723ff015d36d523e1c2a252649db7cd4d0e24be114c042e3e209ce027ee07b7816466109c

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\conf\security\java.security

Filesize
64KB

MD5
e1b7b2a5c7e2a1f425e5245888e8ad91

SHA1
fd76a263a2ec03b695987411b6ac6178c2cd83e7

SHA256
327adb06968ca5b45ac7b3b0feec12a8ca20286f1ed1152bf23f639587125049

SHA512
cc65b4d186500661fe36b6aa605fd747166cf8299cf16bffc093b5b89ad69c429875192646ab4fa7c987c089d7d9baeb33a85291bc8ddb767e6fc78f39c03f9b

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\conf\security\policy\unlimited\default_US_export.policy

Filesize
146B

MD5
1a08ffdf0bc871296c8d698fb22f542a

SHA1
f3f974d3f6245c50804dcc47173aa29d4d7f0e2c

SHA256
758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9

SHA512
4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\conf\security\policy\unlimited\default_local.policy

Filesize
193B

MD5
2a0f330c51aff13a96af8bd5082c84a8

SHA1
ad2509631ed743c882999ac1200fd5fb8a593639

SHA256
8d8a318e6d90dfd7e26612d2b6385aa704f686ca6134c551f8928418d92b851a

SHA512
2b0385417a3fc2af58b1cbb186dd3e0b0875e42923884153deee0efcb390ca00b326ed5b266b3892d31bf7d40e10969a0b51daa6d0b4ca3183770786925d3cde

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\fontconfig.bfc

Filesize
4KB

MD5
9e80af78b019e2e52287108b50f6cfbf

SHA1
a297f3d435fab11aa3f0fd21eb2666a3ba1340ec

SHA256
c7e2e76b908cb6330823e698889943c162e9861a4575501cbb59c9b830158ab0

SHA512
b920a3e25e24a9c20d671e8a8520db2e783a5e18c695e46f7ff3851d7931711a73b97deef27c14a766ae6ed5a5519070421e5834da6200fcb6e7371b90b50e6c

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\security\blocked.certs

Filesize
2KB

MD5
8273f70416f494f7fa5b6c70a101e00e

SHA1
aeaebb14fbf146fbb0aaf347446c08766c86ca7f

SHA256
583500b76965eb54b03493372989ab4d3426f85462d1db232c5ae6706a4d6c58

SHA512
e697a57d64ace1f302300f83e875c2726407f8daf7c1d38b07ab8b4b11299fd698582d825bee817a1af85a285f27877a9e603e48e01c72e482a04dc7ab12c8da

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\security\cacerts

Filesize
193KB

MD5
21faf1c2acd2ac2e5165d8749e16c300

SHA1
882610bbb3f6a9c1ce8f58d5b283a779b95b6267

SHA256
75baf1e4ce6f147e18ace9ce848f9caa1a11c308116be7797d9081e65fd17b28

SHA512
e500a17debbd6d7efb346348cfa39d0cde86664c719587dacd87c26a1c0918998b2706300e05f6f070b35922f74900cc2cf1461b1403c56e262a876c3d1f3f95

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\tzdb.dat

Filesize
99KB

MD5
279c3ed6f608a9bd037d87af1a2262f4

SHA1
b6f633c4f7b68be0dad361b8e505e12b5c017830

SHA256
87022eb5ae9465d75762de6fb2a668c60d411c1394e500c24651895681228148

SHA512
741a8ba22a71ff6d785579ca680160ea9c55e9de462c112ec737bd1e23b0e8bbcc7ce12f550358ea6d8a42424e9cf00015d12d04c478db0298513afbee776b51

Download Submit
C:\Users\Admin\AppData\Roaming\sklauncher\jre\lib\tzmappings

Filesize
21KB

MD5
4c30d7867505379a18a27d0e8f03198c

SHA1
0cc871d5bd91e061d676a861749af68bbc0ca9c6

SHA256
b41575b332809b37ad423bdca30c7c48cdef3d82f82fa9d534781a6f15d6a2ab

SHA512
873d329682ce67267f438b88eee0fc25cecbbcc1f7d694118417ad12756ec2b6ae7502ec4eea0cc9b4ae8b9e68f5f8877762fa13dea89c4a6dcd54fd8bf82c56

Download Submit
memory/5276-2-0x00000000000E1000-0x0000000000189000-memory.dmp

Filesize
672KB

Download
memory/5276-15-0x00000000000E0000-0x00000000001B3000-memory.dmp

Filesize
844KB

Download
memory/5276-804-0x00000000000E0000-0x00000000001B3000-memory.dmp

Filesize
844KB

Download
memory/5276-0-0x00000000000E0000-0x00000000001B3000-memory.dmp

Filesize
844KB

Download
memory/5736-7-0x0000000001670000-0x0000000001671000-memory.dmp

Filesize
4KB

Download
memory/5736-62-0x00000000002A0000-0x00000000005FA000-memory.dmp

Filesize
3.4MB

Download
memory/5736-17-0x0000000001670000-0x0000000001671000-memory.dmp

Filesize
4KB

Download
memory/5736-795-0x00000000002A0000-0x00000000005FA000-memory.dmp

Filesize
3.4MB

Download
memory/5736-16-0x00000000002A0000-0x00000000005FA000-memory.dmp

Filesize
3.4MB

Download
memory/5736-764-0x00000000002A0000-0x00000000005FA000-memory.dmp

Filesize
3.4MB

Download
memory/5736-42-0x00000000002A0000-0x00000000005FA000-memory.dmp

Filesize
3.4MB

Download
memory/6116-1883-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-1708-0x000001C19E410000-0x000001C1A30A8000-memory.dmp

Filesize
76.6MB

Download
memory/6116-1878-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-1877-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-1881-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-1882-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-1643-0x000001C19E410000-0x000001C1A30A8000-memory.dmp

Filesize
76.6MB

Download
memory/6116-1747-0x000001C19E410000-0x000001C1A30A8000-memory.dmp

Filesize
76.6MB

Download
memory/6116-1884-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-1615-0x000001C19E410000-0x000001C1A30A8000-memory.dmp

Filesize
76.6MB

Download
memory/6116-1468-0x000001C19E410000-0x000001C1A30A8000-memory.dmp

Filesize
76.6MB

Download
memory/6116-1648-0x000001C19E410000-0x000001C1A30A8000-memory.dmp

Filesize
76.6MB

Download
memory/6116-1672-0x000001C19E410000-0x000001C1A30A8000-memory.dmp

Filesize
76.6MB

Download
memory/6116-1904-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-2030-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-2033-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-2117-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-2118-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-2120-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-2121-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download
memory/6116-2128-0x000001C140E70000-0x000001C141E70000-memory.dmp

Filesize
16.0MB

Download