hxxps://fyremc[.]hu/kliens/windows/64

Analysis

max time kernel
944s
max time network
946s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
30/04/2024, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fyremc.hu/kliens/windows/64

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 13 IoCs

pid	Process
1744	FyreMC-0.9.4-x64-Setup (1).exe
3184	Update.exe
4668	Squirrel.exe
2356	FyreMC.exe
1468	Update.exe
2980	FyreMC.exe
4936	FyreMC.exe
1628	FyreMC.exe
4964	FyreMC.exe
3116	FyreMC.exe
2116	Update.exe
2600	FyreMC.exe
4600	FyreMC.exe

Loads dropped DLL 13 IoCs

pid	Process
2356	FyreMC.exe
2980	FyreMC.exe
4936	FyreMC.exe
1628	FyreMC.exe
4964	FyreMC.exe
4936	FyreMC.exe
4936	FyreMC.exe
4936	FyreMC.exe
4936	FyreMC.exe
3116	FyreMC.exe
2600	FyreMC.exe
4600	FyreMC.exe
4600	FyreMC.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
78	raw.githubusercontent.com
59	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1420	NETSTAT.EXE
1824	ipconfig.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{19AEE905-A199-42BB-B980-CA7CA0D6E6F3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 624001.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\FyreMC-0.9.4-x64-Setup (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 41713.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3136	msedge.exe
3136	msedge.exe
1692	msedge.exe
1692	msedge.exe
4264	identity_helper.exe
4264	identity_helper.exe
3812	msedge.exe
3812	msedge.exe
4884	msedge.exe
4884	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
3220	msedge.exe
3220	msedge.exe
3184	Update.exe
3184	Update.exe
3536	powershell.exe
3536	powershell.exe
2340	powershell.exe
2340	powershell.exe
4764	powershell.exe
4764	powershell.exe
1180	powershell.exe
1180	powershell.exe
2208	powershell.exe
2208	powershell.exe
3856	powershell.exe
3856	powershell.exe
3908	powershell.exe
3908	powershell.exe
2340	powershell.exe
3536	powershell.exe
1180	powershell.exe
2208	powershell.exe
3856	powershell.exe
4764	powershell.exe
3908	powershell.exe
3656	powershell.exe
3656	powershell.exe
1680	powershell.exe
1680	powershell.exe
2228	powershell.exe
2228	powershell.exe
3656	powershell.exe
1680	powershell.exe
2228	powershell.exe
3824	powershell.exe
3824	powershell.exe
3824	powershell.exe
2524	powershell.exe
2524	powershell.exe
2524	powershell.exe
196	powershell.exe
196	powershell.exe
196	powershell.exe
416	powershell.exe
416	powershell.exe
416	powershell.exe
4288	powershell.exe
4288	powershell.exe
420	powershell.exe
420	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	804	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	804	AUDIODG.EXE
Token: SeDebugPrivilege	3184	Update.exe
Token: SeShutdownPrivilege	2980	FyreMC.exe
Token: SeCreatePagefilePrivilege	2980	FyreMC.exe
Token: SeDebugPrivilege	3536	powershell.exe
Token: SeDebugPrivilege	2340	powershell.exe
Token: SeDebugPrivilege	4764	powershell.exe
Token: SeDebugPrivilege	1180	powershell.exe
Token: SeDebugPrivilege	2208	powershell.exe
Token: SeDebugPrivilege	3856	powershell.exe
Token: SeDebugPrivilege	3908	powershell.exe
Token: SeShutdownPrivilege	2980	FyreMC.exe
Token: SeCreatePagefilePrivilege	2980	FyreMC.exe
Token: SeShutdownPrivilege	2980	FyreMC.exe
Token: SeCreatePagefilePrivilege	2980	FyreMC.exe
Token: SeIncreaseQuotaPrivilege	4764	powershell.exe
Token: SeSecurityPrivilege	4764	powershell.exe
Token: SeTakeOwnershipPrivilege	4764	powershell.exe
Token: SeLoadDriverPrivilege	4764	powershell.exe
Token: SeSystemProfilePrivilege	4764	powershell.exe
Token: SeSystemtimePrivilege	4764	powershell.exe
Token: SeProfSingleProcessPrivilege	4764	powershell.exe
Token: SeIncBasePriorityPrivilege	4764	powershell.exe
Token: SeCreatePagefilePrivilege	4764	powershell.exe
Token: SeBackupPrivilege	4764	powershell.exe
Token: SeRestorePrivilege	4764	powershell.exe
Token: SeShutdownPrivilege	4764	powershell.exe
Token: SeDebugPrivilege	4764	powershell.exe
Token: SeSystemEnvironmentPrivilege	4764	powershell.exe
Token: SeRemoteShutdownPrivilege	4764	powershell.exe
Token: SeUndockPrivilege	4764	powershell.exe
Token: SeManageVolumePrivilege	4764	powershell.exe
Token: 33	4764	powershell.exe
Token: 34	4764	powershell.exe
Token: 35	4764	powershell.exe
Token: 36	4764	powershell.exe
Token: SeIncreaseQuotaPrivilege	3536	powershell.exe
Token: SeSecurityPrivilege	3536	powershell.exe
Token: SeTakeOwnershipPrivilege	3536	powershell.exe
Token: SeLoadDriverPrivilege	3536	powershell.exe
Token: SeSystemProfilePrivilege	3536	powershell.exe
Token: SeSystemtimePrivilege	3536	powershell.exe
Token: SeProfSingleProcessPrivilege	3536	powershell.exe
Token: SeIncBasePriorityPrivilege	3536	powershell.exe
Token: SeCreatePagefilePrivilege	3536	powershell.exe
Token: SeBackupPrivilege	3536	powershell.exe
Token: SeRestorePrivilege	3536	powershell.exe
Token: SeShutdownPrivilege	3536	powershell.exe
Token: SeDebugPrivilege	3536	powershell.exe
Token: SeSystemEnvironmentPrivilege	3536	powershell.exe
Token: SeRemoteShutdownPrivilege	3536	powershell.exe
Token: SeUndockPrivilege	3536	powershell.exe
Token: SeManageVolumePrivilege	3536	powershell.exe
Token: 33	3536	powershell.exe
Token: 34	3536	powershell.exe
Token: 35	3536	powershell.exe
Token: 36	3536	powershell.exe
Token: SeShutdownPrivilege	2980	FyreMC.exe
Token: SeCreatePagefilePrivilege	2980	FyreMC.exe
Token: SeDebugPrivilege	3656	powershell.exe
Token: SeDebugPrivilege	1680	powershell.exe
Token: SeDebugPrivilege	2228	powershell.exe
Token: SeIncreaseQuotaPrivilege	1680	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1504	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1748	1692	msedge.exe	80
PID 1692 wrote to memory of 1748	1692	msedge.exe	80
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 4352	1692	msedge.exe	81
PID 1692 wrote to memory of 3136	1692	msedge.exe	82
PID 1692 wrote to memory of 3136	1692	msedge.exe	82
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83
PID 1692 wrote to memory of 2956	1692	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fyremc.hu/kliens/windows/64
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeccd13cb8,0x7ffeccd13cc8,0x7ffeccd13cd8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6692 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3220
- C:\Users\Admin\Downloads\FyreMC-0.9.4-x64-Setup (1).exe
  "C:\Users\Admin\Downloads\FyreMC-0.9.4-x64-Setup (1).exe"
  2⤵
  - Executes dropped EXE
  PID:1744
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3184
  - - C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\Squirrel.exe
      "C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      4⤵
      Executes dropped EXE
      PID:4668
  - - C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe
      "C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe" --squirrel-install 0.9.4
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2356
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "chcp"
        5⤵
        
        PID:1448
      - C:\Windows\system32\chcp.com
        
        chcp
        6⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\fyremc-client\Update.exe
        
        C:\Users\Admin\AppData\Local\fyremc-client\Update.exe --createShortcut=FyreMC.exe
        5⤵
        Executes dropped EXE
        
        PID:1468
  - - C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe
      "C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe" --squirrel-firstrun
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:2980
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "chcp"
        5⤵
        
        PID:4660
      - C:\Windows\system32\chcp.com
        
        chcp
        6⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe
        
        "C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\FyreMC" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1664,i,14853928328067475221,1878453637709705097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe
        
        "C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\FyreMC" --mojo-platform-channel-handle=1952 --field-trial-handle=1664,i,14853928328067475221,1878453637709705097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe
        
        "C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\FyreMC" --app-user-model-id=com.squirrel.fyremc-client.FyreMC --app-path="C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\resources\app.asar" --no-sandbox --no-zygote --node-integration-in-worker --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2132 --field-trial-handle=1664,i,14853928328067475221,1878453637709705097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4964
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2340
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2208
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1180
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3536
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3856
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4764
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3908
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
        5⤵
        
        PID:2328
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3656
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1680
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2228
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:2356
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
        5⤵
        
        PID:1076
      - C:\Windows\system32\findstr.exe
        
        findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
        6⤵
        
        PID:2372
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
        5⤵
        
        PID:2064
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4668
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        6⤵
        
        PID:2816
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3824
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2524
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:196
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3656
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:416
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:420
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4288
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
        5⤵
        
        PID:1124
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        
        PID:3256
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        
        PID:4680
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        
        PID:1832
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
        5⤵
        
        PID:1632
      - C:\Windows\system32\findstr.exe
        
        findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
        6⤵
        
        PID:3936
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "WHERE smartctl 2>nul"
        5⤵
        
        PID:4288
      - C:\Windows\system32\where.exe
        
        WHERE smartctl
        6⤵
        
        PID:4664
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        
        PID:4764
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        
        PID:1800
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        
        PID:1824
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid"
        5⤵
        
        PID:420
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid
        6⤵
        
        PID:4344
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
        5⤵
        
        PID:3360
      - C:\Windows\system32\NETSTAT.EXE
        
        netstat -r
        6⤵
        Gathers network information
        
        PID:1420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        7⤵
        
        PID:568
        
        C:\Windows\system32\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        8⤵
        
        PID:2824
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        
        PID:1928
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "netsh lan show profiles"
        5⤵
        
        PID:2328
      - C:\Windows\system32\netsh.exe
        
        netsh lan show profiles
        6⤵
        
        PID:3948
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "ipconfig /all"
        5⤵
        
        PID:2488
      - C:\Windows\system32\ipconfig.exe
        
        ipconfig /all
        6⤵
        Gathers network information
        
        PID:1824
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        5⤵
        
        PID:2948
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe
        
        "C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\FyreMC" --app-user-model-id=com.squirrel.fyremc-client.FyreMC --app-path="C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\resources\app.asar" --no-sandbox --no-zygote --node-integration-in-worker --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3340 --field-trial-handle=1664,i,14853928328067475221,1878453637709705097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\fyremc-client\Update.exe
        
        C:\Users\Admin\AppData\Local\fyremc-client\Update.exe --checkForUpdate https://auth.fyremc.hu/game/v2/launcher/win32/x64
        5⤵
        Executes dropped EXE
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe
        
        "C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\FyreMC" --app-user-model-id=com.squirrel.fyremc-client.FyreMC --app-path="C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3256 --field-trial-handle=1664,i,14853928328067475221,1878453637709705097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2600
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "chcp"
        6⤵
        
        PID:4680
        
        C:\Windows\system32\chcp.com
        
        chcp
        7⤵
        
        PID:1924
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        6⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe
        
        "C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\FyreMC" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3272 --field-trial-handle=1664,i,14853928328067475221,1878453637709705097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1888,1411796567166680258,5765102506733866246,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7152 /prefetch:8
  2⤵
  PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1120

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:2208

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\659c8435-f705-4708-afc5-1d6d8d9fa839.tmp

Filesize
3KB

MD5
e662f1cf048a78292651c40a0e251b08

SHA1
bcb03e1f9523f6e8dd336a1d6691dbb7f7d2bc02

SHA256
9ba156b0b52f686674ff5339654387ec204d1d7c6a4649229246df121faeb137

SHA512
4cab59a234865b04a349b23b829ed039f79ae2186533a665e40cfc47ff8718f3262fb048fa9e7f4416ad072292d969db4ba926069b091bf52b42d61c25d154d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
37KB

MD5
47cd0f9ecdb7f3ce3c16db7abc2f46d5

SHA1
307c836095a2a73635133ba3c0a7753c5851cddd

SHA256
8b3342a18aaa96aa2eb22adb9011a32ffd0b23a1760350bd89811c17fe003f46

SHA512
9d5caaeaa31c3626c8f8a02ecf108f1fb53a82a930a17352a2fb06bf16915b4b27435af09fd7e0921b80cf66355299ab23f9c96b8443d2f29e6649cc575ea895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
1.1MB

MD5
798e76073abe579251a34ee1dacf9b3e

SHA1
7e9294eec6545c8e1bbdb7849a73820cdca2fbd2

SHA256
8657f6d3867c20699a230df7939c02ca5fe065db2efcfecf5d8d864ca4873666

SHA512
cf5d69395e47fd4da4de0019a77162736c38f88ef0dd803d114388fbfb139a66083f51bbedd8ab205ab5d41f8464a685f4e0f6b5d3a13f7b91cbb211de14c7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e26bbc3e6f8528bdec0787496a227966

SHA1
219f4df1edf70ced5230f1e3155631a8d8710806

SHA256
13831bbcf7935e202366d6d93b948de2b905b93bded35b56f86b9c79edbc41e7

SHA512
e0ee8a81f5deb01c41e6999fe84ac53724ceb55c0884c7d51f8b12e1766e24fd8501ef3576c7b77b93ee3f9aad66deb6cd87a799bd6ad1f66540d8dc4e8d314a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a4f63fa57972f9d5f230fd78cd7416d6

SHA1
a391436652a44347b5aa9e12cb60ba3920110d36

SHA256
97403c2c9ab3f6e188d4e6368949c685d692d5e6edda8d1ddcaac51e0edc4a5f

SHA512
033bb8b02d31071328fd3e40e791769c0de402c49f3967665eea65bd19ed0117f2f6561004f5b24475ece87610e67f5b372dcfb643208a852355ab649552d77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
988582ed11b9ffe42c652c4f75cb9e8d

SHA1
b20202ddf66d7dadcccbcc740117a75586e6dc19

SHA256
cda8eef9e2b5c8cc9a5587e179f76c77e84d22e6c379644eb40494b0cfa5fbeb

SHA512
409a8194367ea91c9464105fdec781d8ac34a238949a66ec624a61a0f60e72a48c5ab949b53e2ede5175feb297aaef7358e48c6dc18eb492b87e90ac82975bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
141dca9eb1345a453f6b385deb96449f

SHA1
1e709efc2f7d79d71254dd8d2ee603a9e4786226

SHA256
e4a1ec7b98322bc9c6b15797a86927a168b0a702a7a75327394b8d7223be36aa

SHA512
ce521221743f730dd0bb43c02b0a739752f9506d15fbdc74aefff3e9c89581319ff1c31d836ecf9466b7910e09f0ad0157e34331869b9db22b685c2edbe52296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
419ce1891d0f5994344c67511816f955

SHA1
0e923f45f9f0333c339ba9ad93550444e72a0f37

SHA256
afe1ef4af20a32d1909b27fcdd520b28ccd3837e36d78005a4510bbb4e1e31e9

SHA512
42a57ca74a94f8ff35c36c7f03c4ad5d665b479d00938c400a641d8c8099d8192ac63c8fe900b462151878785093ee6ae5fde68eec02061d9132fddccd585a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1355017bcdb08124bb3d9e2c4a833007

SHA1
616d6fdaaf194198503f23901cec744c838f4708

SHA256
086150e06853709f440bc30756763b66167bd47115e0c06e3bb3ff36a9cb0c0d

SHA512
841727746b63ca9f2d47c9d2f8e515b82472ab5f5c7bf8f2f33396b2d33fb749a1c90e173baf0d1692e06bd8d866e891f9f9b1510efc6992c65d231782a8cfe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
10d65ea9d12d0996a048baf1235454a5

SHA1
0eadd8c42cc49b9d8cd246249857faa64846d688

SHA256
eb6b253b5491860dd2a14c96129ba578292c6f2c056bf8dfd06ba25deae0cd5a

SHA512
2964eab9446fed3a05622228eb9ba776ba76e66cb0481cdcdf6aa1e73b022180e469f61e7470615232ee43916a307034fe3326203b7f9742be4669801aee292f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d7dc9a0883f9d90e152aba41e3091c4b

SHA1
cb48b5cb1911f354564d5e8f503f4dcda4fa4349

SHA256
1379479052b0574af606d604307a45012371445cb8f53ba7a62e3f4da87630dc

SHA512
542029e2394415c42e42e65c9e0a25cfd397b531035330b14151d75b5e7b70557fa9a5a1619893d40a73e239c31955b9a197f17e6bdd7f30ae31bf9ecfc54987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
723b9bc7693aba2735b4f2b37627d340

SHA1
59e8803841ca443af90e8349baa630958db3213b

SHA256
c6a79f30ef8adeb091f1622becfd41679b37c4230d45dca8e9899ff84c5dd8b5

SHA512
cf9818420c29275e0c4c5d410d314d69505074d19f63778fee9fe96da957611a22f1a8d913f71f7c93f8836508b9e7d9054fffb7ac71c93b61448689c7fd8c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c7d3dbcc1d39ae4d1253bdd4c0751dd2

SHA1
b3b6bab94f058e92dfa948242bec886130cff1e8

SHA256
be3ce06e7dbd94565df57feced1579f25f810a9f560982f7c0c6c63d4fcf1fac

SHA512
c7e7c886af1b69edaafb82407304c91467e90b213558134a3462f5ad6e40e82afffffe49717d225f0d44e9ba96bb23779ec36903beba84b8ee2d654610ae1005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d777fc33969b0fc1f46ab73ed5a9f26

SHA1
14a74ffaa7574475a0205223625272763490fbdc

SHA256
a80239587453cb9b463550624a093163eee3db03aaba1d5e4433cd721f977ba5

SHA512
616f3bf4ebfab198d3d37b9b6a4595b0dfdc5d1f742fb86c11d9d7c6024eb3068e0f73f3ab208439d774481be035476cabd23fa8af73b1dad8b0df2c85ab1982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e09ad7d97cadab647b73fc2ff77afd7

SHA1
657eb9247758ec5c2a5daef7dfd26134e8364f5e

SHA256
3669567f14f227f439db85e4fd88b42f082ddc893bb48ac53aef6c081e04efbf

SHA512
84be93adf288db2dd5a93b445c0b51668b11f5526d288c4c0ac42c0ed657b44cd04bb7500f35df2c21dd98925b5c44a0c7c9191f36bacdbfdfe417acc0523ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e2b1237af20c1b118fb931cd796d246a

SHA1
cae96bde815904fe30e6a7ca212d6cc52048e7ff

SHA256
7f5c17632dcecb94dea9ea8f156da98e9f6f34f02f76a8401390630e959a13ca

SHA512
530beb2755fc6463bd13a2329d38697b1525551b53accce8480894c4f4d851a96bb4b06d168762fcad1f94f00b7ec79a06496ca40a74be4e5490e2417b551506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
477272ff7495d64945f13b27e3d825db

SHA1
623db5908556902b6b1336f76a22eedf1d8f4616

SHA256
bacce00cbb2d0c7bdcb7bdb910316983e2c3a6e1776cd47a25c3bc618b70f7e5

SHA512
f9095a43c79a2d29337f2d9e13037027c0c83f2c1a2a32d11803e9e02d07e09160c4f3277fd2b826021b1096749f1b0a9c0b93828b66dddc693c7631195ace54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
65a7d67dba288f37c82d66c952f9a523

SHA1
b529cb625d61faa937ca2cf4255dc96e9dce7570

SHA256
6844c7ed6f596876c1b7164715307ac16c854a686a2e6d05d3918702a0820e7f

SHA512
198412a9a48ecc9c8ed56630c6c1f3620d4aa3c6d2a7bb25b87f19838661240d1d1be8f7efaf1bf66c20410c0e65f848a40e1fa1368c7cdc7b0bfad2e0e8ec10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
25a74a00e58762b93be49a85c60c1558

SHA1
d83348e7c1c1716f9de1a8f5377e6da9100b6593

SHA256
e76d8dbbe5aec9dd6f0d7b4e0ddd4bb5580f9d2eff0579cf923ed3558a245b2e

SHA512
8172b718f3849e5996608caf9a25e26879fef749916217a41773d4a453283d85c5eafc48b191ccb7cb28324e9757ae258b990afb793be3b8fd2d501f8d969e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fbbccbcdd0e1ddf85f56e2ba8d0de2dd

SHA1
4af293205bd20012cedf64c6002f5fb4c096db57

SHA256
26ca94c7ed77c2e4cc0339f49f2aa1746811eda03750ac5b31fdfc7e96bf2825

SHA512
8382de158c26d42d0ee594c07555674b43b35a5ddd0741714001bfbfafecef4e0e765700ded85fa037acbda1ac1e3baa1cb0c935f70cf3cbb5db486fc9abf32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e99302d8549c685245bc5e8d97f0ba81

SHA1
9966ae07e5e5df58ba550f2cdb8720df495d35c9

SHA256
2d79887d216c547d1a06b7439829b710639ddb36ef841f4fded641383dbfdd7c

SHA512
7cc212ebb0f79402c990520e6753ceb9b2e318d60ce5882b457c82fec95182eb560d788c2d5b68fa5ef49037cb19ee55e61124e5412340dd47a195572dee1be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe625f80.TMP

Filesize
1KB

MD5
2ab903da6f3e58b96a068fdfa34ce65a

SHA1
bd33ec9cf05044af700f4d905de0e59819a5aa0b

SHA256
0382e8d5157ed49f4ce1b22e8379c38722791476988e5562ba717d4a1e479ccf

SHA512
534cfe52f7636857ff588fb833b8e1297f0d2a0f305334125f5e312f989de23ec83653ed3ce679d562fd8b89995135d6a49e1c71d217146b01248f692b8aa295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
889240b6ca9feaac9436975a13093727

SHA1
e4b1a90c2433646a66156a999538dbc983055b1f

SHA256
97586d925d4c78daa59e31681d8e1130bb0a546f7d1444087b1932e8677fd0d4

SHA512
126e8224f1ae7abae1a3f2a31ee1ef9b6d3e6ce043f4cfb781e6a0a71d20be153d7bbc41234d5178bee7f489d1c342faffa7875c526780591d446cb4867c2c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0b97b80f42ab61482cb1da80b20d9dc3

SHA1
1fd641099aa159f424d063affc133692612c4c14

SHA256
6cefa6386dffb6fee734d9ebee5b9721815a909aa7b4509771ab61471a364781

SHA512
c1b934db079fe44ffb8c819f405e526d835f4bd53a9e86ce88bc5d07686b6e428e2d0fa047197cca350e549452dbd575afe668391cba6dea64c14d4c78d0cf12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
87094afa68e4f907fdf645d27c232af0

SHA1
9f180b533619b27eeccbce58c83444a78e46f374

SHA256
571a9241ff9ca18a17c83995d77a56472b6005b0e3e8beb7cfc28217249a262b

SHA512
abe0c357ea0d068d10558a4b831bfdfb5450fb81f6d5168a7b197dc41f0522098612a2acc10285850038157fd8765917f57ee289b96efca263ebe7daf9c06b9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
03b4e699c8c27118cc09540146d2d24a

SHA1
c0d958d1a130df6267daba88b0c55c9b1b34b405

SHA256
1239750beaf6becb0c2856d54f7e89e1c838c99ae364c747eb5d266b9aa17381

SHA512
2e85b5e26550b5205ec532022665561d49d27bca03466edc39788a7d833fdacb744aac4ef82a4720813e1662569084c4f10712e776abefef750b096319ec9e53

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
84B

MD5
6017e76f1f8297bb674c470d54b3ab02

SHA1
6f81323a482c8e0c8c35912ea6c926b78b6e4a8a

SHA256
b86693eca763320f74a2471464443ebd78d0d085ac76047f406c55a76f4b7ea0

SHA512
d148488ee1b0f7b3862e05046ef807a2473f1d34018af22199fe1d259d0eb8f590ba59d9c129ebfcb0c6019633aa9173cefc04546cf9703b387f2161e4ed8463

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
a560bad9e373ea5223792d60bede2b13

SHA1
82a0da9b52741d8994f28ad9ed6cbd3e6d3538fa

SHA256
76359cd4b0349a83337b941332ad042c90351c2bb0a4628307740324c97984cc

SHA512
58a1b4e1580273e1e5021dd2309b1841767d2a4be76ab4a7d4ff11b53fa9de068f6da67bf0dccfb19b4c91351387c0e6e200a2a864ec3fa737a1cb0970c8242c

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
678KB

MD5
9a96b1b30cb3cc90e80e5446ff6da176

SHA1
be1d60e0854d03566920cbd63e242bd91596f803

SHA256
7ff13da2160be8e273b95a2395ff4d68024a2585c5870ce842c795c0befc4ec3

SHA512
53c7a8436dd5b4ec00e566633d98a72bf5b7e0771737d9ee8a3ad6cdb4445783bee816bccde4549f850591ae1436ddab48277da8f5d839c0a2709ad4bee43176

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\fyremc-client-0.9.4-full.nupkg

Filesize
103.3MB

MD5
165a6225ba0228ab844a4bcdebca1f15

SHA1
9edb8c38ab6ba4032c395d9fb6a2c35e57ad73f3

SHA256
e9e0fe63f277869efeda5f7e2ac8397263b1b262b5a7596a2cd3d92941d12a38

SHA512
8e81181222f2973cb3a32f9a40e9c17ea2dd643e0b2c9ccc12bd06e28e3693a1277ee7970d7892d3b6027ab3c850781cb75c8cb7b0875dbf39342f78e963d73f

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
164KB

MD5
0d5557a52af6276cc977570c6ec70517

SHA1
636d9debc88db0f6a2db071bd853d873fbb737de

SHA256
0eeabd507fcd1f1c0dd8e8cf1b8ca7fc9fbd840df741eecfb229c0c0491b8444

SHA512
a0a433c203aded9d4477bfcffa7d2c258713a6c67a10c592272264d2dd4dfa7b55d09c7887705c4f1cdbf36a365e142e13a4237fbae620ef09fb85b531f2c6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qpbwfhh1.2p5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\FyreMC.exe

Filesize
414KB

MD5
c63ae5795f3e032a8fcc1f78f34a108d

SHA1
df4b1546130b308ba239e74a5ef2746f23a68422

SHA256
884b624ea925303dc8dd47c5c906351bd0c6c742e5009b450e7a96fca330ee9d

SHA512
d41a5eaf701b99f97d77a3788dcb74360994728fa419c7831fbcfc4381c4c861817a0748431d46e3f08e4f6f92f4b742a061baf7b254271d91dc2d03d0d0e5a8

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\FyreMC.exe

Filesize
142.1MB

MD5
49c869e228fd28109efc11492f282119

SHA1
6adf852d50600436d2a4300b503706874ea4ee37

SHA256
1bcf671331e22afe6403815f9180deb56ad3c84e19e700737e13a4ba91e2ad6d

SHA512
20dc4c78a415c29035b442ee331219eef1d35cfb42004c42716dff2e03dc56324e64e508805c664a88a274071a7a9a1dcff42b6e45c1a1f92a2185f27ad64e68

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\ffmpeg.dll

Filesize
2.7MB

MD5
0cdbcbc33ab3e567dddc20dc7d36a289

SHA1
3bce9d0b64301c7bc733bcd86863ec325dd4b432

SHA256
74380e1e9674cdca25f2660e6780d0ecbdaf33e1faae4ae6a9c751012670d43c

SHA512
a3961cc0cd2e2bc174850837f7175ce87f199f3e6c93c2ffecca5075df1efff6c728f6b16125e49f42cda4ff0f8f508f3c19e7aef4c0d0cd7e6ecb172b0ac201

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\resources.pak

Filesize
4.9MB

MD5
d6d49082afa523b96083e2a3f6618cf6

SHA1
832947ff81074a75b9480a59964844a7a7cc3add

SHA256
00d4a32f5f0f01de3173ba6bb0a1358791066ce6cdbeaf332dff91616dc0f630

SHA512
8a33ded38154eeac67f547386743ac03b7119da90ac3c0e6a3f5da6f4549d1b8f883a59348c26adb836474168ac7d4004b465e437165ad16f93ef0c8c8b48f92

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\resources\app.asar

Filesize
33.6MB

MD5
233aced4def7f3c5f770704039be7b8e

SHA1
b1486bc10ffabd79dfb7d7bb91d8be03fab965bc

SHA256
102b92e0f2202ff6744a48fd0721b664e9376acde10395c393881e2e687d3439

SHA512
17051bfe7e71efd98e3ee15b9bfc8dde57884d0e961223520a843e0a8744efeab0f919afa8151cdf18b572ca8a4d62d9802c386312bc1116d370b36c37bd7d1b

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\squirrel.exe

Filesize
2.0MB

MD5
a9bf6973b23a9e0e6b2123d33696fe46

SHA1
76374b5f56f6c49bb82d261fdd94d5fa5485af58

SHA256
02553cd3e013561f0b21084ab3289ef174cdba46cdb7e3ef36288205f44d534f

SHA512
d171c4fa43aa91997db62ffb49256d761c489a3319ba89a0bb2dfd487fa4914d9c0447c92a99894f8a8717cac5a1a59aae906093be048b0a2d41c5dd99acb0a7

Download Submit
C:\Users\Admin\AppData\Local\fyremc-client\app-0.9.4\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\.fyremc.hu\bin\runtime\java-runtime-beta\x64\legal\java.desktop\COPYRIGHT

Filesize
35B

MD5
4586c3797f538d41b7b2e30e8afebbc9

SHA1
3419ebac878fa53a9f0ff1617045ddaafb43dce0

SHA256
7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018

SHA512
f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

Download Submit
C:\Users\Admin\AppData\Roaming\.fyremc.hu\bin\runtime\java-runtime-beta\x64\legal\java.desktop\LICENSE

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\Users\Admin\AppData\Roaming\.fyremc.hu\debug.log

Filesize
2KB

MD5
66e8c38ccbca2fdec709f4ed5b893793

SHA1
f1306dadce12ccc166502c480ef3ec600f32b816

SHA256
20b7fe025efbd55d994dc39b6c7d8cc6e7c6c684006d27c878bc12a7e4a6a13a

SHA512
0dce823992c7dcb81ba0d490930daac7714754cee84d5fbf7f6623ebe94647278f95add19d817d5c25766dfadd970de3d9e2d2a294b3775548dc01a50afc943d

Download Submit
C:\Users\Admin\AppData\Roaming\.fyremc.hu\debug.log

Filesize
2KB

MD5
7ae3905c2ec4c1586442f68c1a32cced

SHA1
d912680a29bc3c09846405b86da68c0a7a5bd9cd

SHA256
ee029a5044dac2bd973dd0089f92728c1ce3af7dc6086ece8b0c90b0f8351f6d

SHA512
e1c549a62064b849e7be84f1f8de718b3c72bce26753751c9f5084554e38012d6f5a41780bc5112335f5a322deef43b9d04d4f198a0df4bd0d63188525c369df

Download Submit
C:\Users\Admin\AppData\Roaming\.fyremc.hu\debug.log

Filesize
4KB

MD5
3ec1e21347b92abea8aed7e50603116f

SHA1
de9080597b3705dfaec034c1c32f16cd0a1ab90a

SHA256
00552fe7b1cf35d47b0760b0ecbea822fb2c99234d7478844b930ebc09c40d30

SHA512
331ab80884ba0586516222a57e962707741e8efe7e28689d0f42fae53a1838f8ba9904a6a8ca62cefa1f52b4997ecfd1f0946ce9f979aaed9835ae973e824f93

Download Submit
C:\Users\Admin\AppData\Roaming\.fyremc.hu\debug.log

Filesize
862B

MD5
448cf5ae1b37d35b49a2ed1b8e6b9fff

SHA1
966ed950285813157a1076ee163ffdcf42954fed

SHA256
d9294ac3f7f0f9fb563cabb8a59c92842ced1c429ebb68f2f11377890f13c43d

SHA512
a890c492239a62f48e983fad0dfd363493f33171d3f34030637dd4f23d8e1242eca40e0a02c5c3c71707bd4fa8cc95c8a7ff7db872d5fb44d086f7eb932e2ddd

Download Submit
C:\Users\Admin\AppData\Roaming\.fyremc.hu\debug.log

Filesize
1KB

MD5
44b5b18f0c35f16845ce51d1b6130fde

SHA1
ce90ae9c5da83568514d69104f3eefd1056edda3

SHA256
34bc0286f4ad08dc2e0b92746f13780f5031d2491dbc14fd234bb09244961755

SHA512
16e545298e28cfdc2ea1bcd9e804c7b243cb0dba11ea968942926a42fd715c7442bf3659e570a5507cf46cf41040b45633e0747fececf00d05cb3edde53d2f28

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\Network\Network Persistent State

Filesize
776B

MD5
aad848cbf7a5faaf69cb7cea15393e38

SHA1
905401693fa7a3b11d2f752059a29f60f78347c9

SHA256
c111725abe000e4d220323035926ee4313a9770748e80c8f5ce52c82de498cf0

SHA512
a85f65686e5caf37640a8b5fea02bd8cf9c5886c26a74627501cf866d7d79223b42d071f3ea1984261a26d5f1a54c7c299c2f0bd900a4b6b3c99facd0dc21769

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\Network\Network Persistent State

Filesize
777B

MD5
e7d4e27a1b4973dd4108357868b135fd

SHA1
8c33768dc35e3de699b4f1d547a4541dd783054f

SHA256
5c877217fb100484554fd20700c6559434e737f822cc2767b43a3b28a57f162a

SHA512
581a38f23a7e13afac9df0b3a07ddabf7e40b4b3fea6e189dc792504392feef8d195ac3bb039bac74c0a24f1ea4e9310de723a118ea2a71ddbba9067a8a66ef2

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\Network\Network Persistent State~RFe5e0760.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\Network\TransportSecurity

Filesize
371B

MD5
77fa3dbb3280e22daea4619269aeb932

SHA1
41694a01ef268d634a828e477416a21f7b692a8d

SHA256
52b86833aa29511ef9aa955164b1dcd2b4f48507d61d09ea645bc8fc180daee9

SHA512
40b92f3cde2a7056bee99e3eb54600321876597c4aa1ef853b3859fc73c90523cc2254300d5de1924e98e327dd396fa67f489d0ddf6cfd827e116db6e6c23a29

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\Network\TransportSecurity

Filesize
371B

MD5
2dfaa3282bf0cdfac02fb7e6a17313a6

SHA1
156965f4e443bd3aaebba9154cc73c5cda1219d2

SHA256
63037dda61a733a11df36319cbbe0fb51ff9514300e72e653b6a8cb691991d22

SHA512
2c0f53885d080ebea564aa8fab90fff795179900e4c6a8556f45127e58a7507706d30cf9d42eb3576bf512fd799e260ff48eea60c95eeddac5cf1756c269efd2

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\Network\TransportSecurity~RFe5d4c7d.TMP

Filesize
203B

MD5
d541341013af0b393d3463b7842152b8

SHA1
ec70cc16b051555a3bf236648560bb61d4ba5de6

SHA256
7866ffe73711abbb7c5ecb27ad697114c95553e6bd7d0d1810488c44dabb2009

SHA512
60103676b4db96ee5a8ee70260aa6bde1cd3ecc1baa6dc140a76a342fc9d9df94d18ee8adfcf1b2dc9308aa223fb822857f2644e88708ec95b046fb2db8d8018

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\config.json

Filesize
3KB

MD5
081ae9b5765cb635d28174e7771f3f2a

SHA1
2326fe42aadc3baf5832b5168a3b15cee65b15cd

SHA256
2cdd5abe5090a9f3040e378b27ceefe03244b48898191b1d0ce03dc3ebaeaf49

SHA512
87954f2bf86c036728f41c9a01fe147bd7f097f2b0a2515ad01c2285dacb9b60d8f9c9ddc5b2385eca879a4ec8070d17ef90c0a64c6b7ad7e678d45e46b4794d

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\config.json

Filesize
169B

MD5
88c1eaa6574a484c4515857f9e5b8a5e

SHA1
a8a75cad71e4845d9aa706f9b56825ae9b224df2

SHA256
f23947c384c9aee7c048278356ded834da7b0f537a3db5993f4f732060535cb5

SHA512
ca0b229850a0778ba0d68936246736b386c2eee130aaf420f6935c7e5fb64cbbc209026df357c9a4404f83d107b0a48d86ed03e7109373cbdb17f9cdc16238ce

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\config.json

Filesize
3KB

MD5
7064406ae47289be92363c8d43aa5237

SHA1
32372bc1a1ade36a1d2fc2ef6e9822664eba4707

SHA256
8ff9efa331f699c363edeea0f1a20db28e98a09f901ce550d22c22140373f0ce

SHA512
4005641b5906d44bf1184565d41bc67c41c64f65f5226ab6313e293b12893d4fb4af76efd907eb1f226b56a4dc0f067c493d567e8a04369bf737bd02da3250d9

Download Submit
C:\Users\Admin\AppData\Roaming\FyreMC\config.json

Filesize
149B

MD5
4d20a32310e5a543e1cc403151cd306e

SHA1
38e366c61f81c5ad10d9460fc1524c6094f6b4b4

SHA256
26ec7be2fc41cd1f94f88b5615b9d1a66809f338b8402cadc339b327701bdf8f

SHA512
7db6a9f0ea3f8ed2edcbfc54a6b7b66dd0477cafc8866a232fbda232b23196370b5b56a81cf4bc27e2dd03df6b4f5a32dc8d8df9ae6d27d5360c49b766bf3f9b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\FyreMC-0.9.4-x64-Setup (1).exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 41713.crdownload

Filesize
104.9MB

MD5
f4bb541872d75e52e78c118f185256cf

SHA1
1d9801bb31684e1123ef1a247998b26ed2e7ccc0

SHA256
f01269f2d23a031b8123f8e01ec08876518f3f38f80155e0f5231eb0ee8bbd99

SHA512
7c78b13a2ab39c31b7920861b57797c08d8465126df628726e1ce93b877e825e0c7aa8001dc2675c468b6269e8a898b59163d89822bbc73579c1aa7f0e34f871

Download Submit
memory/1468-580-0x00000000027F0000-0x0000000002810000-memory.dmp

Filesize
128KB

Download
memory/1800-932-0x0000024279770000-0x000002427977A000-memory.dmp

Filesize
40KB

Download
memory/2116-1013-0x000000001BB20000-0x000000001C048000-memory.dmp

Filesize
5.2MB

Download
memory/2208-720-0x000002C4C71C0000-0x000002C4C7206000-memory.dmp

Filesize
280KB

Download
memory/2340-668-0x000001BAAF130000-0x000001BAAF152000-memory.dmp

Filesize
136KB

Download
memory/3184-565-0x000000001BCF0000-0x000000001BCFE000-memory.dmp

Filesize
56KB

Download
memory/3184-564-0x0000000028DC0000-0x0000000028DF8000-memory.dmp

Filesize
224KB

Download
memory/3184-465-0x00000000005E0000-0x00000000007B6000-memory.dmp

Filesize
1.8MB

Download
memory/4600-1262-0x00000263A7D30000-0x00000263A7D31000-memory.dmp

Filesize
4KB

Download
memory/4600-1266-0x00000263A7D30000-0x00000263A7D31000-memory.dmp

Filesize
4KB

Download
memory/4600-1255-0x00000263A7D30000-0x00000263A7D31000-memory.dmp

Filesize
4KB

Download
memory/4600-1256-0x00000263A7D30000-0x00000263A7D31000-memory.dmp

Filesize
4KB

Download
memory/4600-1263-0x00000263A7D30000-0x00000263A7D31000-memory.dmp

Filesize
4KB

Download
memory/4600-1260-0x00000263A7D30000-0x00000263A7D31000-memory.dmp

Filesize
4KB

Download
memory/4600-1254-0x00000263A7D30000-0x00000263A7D31000-memory.dmp

Filesize
4KB

Download
memory/4600-1264-0x00000263A7D30000-0x00000263A7D31000-memory.dmp

Filesize
4KB

Download
memory/4600-1265-0x00000263A7D30000-0x00000263A7D31000-memory.dmp

Filesize
4KB

Download
memory/4600-1261-0x00000263A7D30000-0x00000263A7D31000-memory.dmp

Filesize
4KB

Download
memory/4668-558-0x0000000000DB0000-0x0000000000FAE000-memory.dmp

Filesize
2.0MB

Download
memory/4764-727-0x000001797CCF0000-0x000001797CD1A000-memory.dmp

Filesize
168KB

Download
memory/4764-728-0x000001797CCF0000-0x000001797CD14000-memory.dmp

Filesize
144KB

Download
memory/4936-599-0x00007FFEDA540000-0x00007FFEDA541000-memory.dmp

Filesize
4KB

Download