Resubmissions
04-05-2024 02:39
240504-c5lynsec26 804-05-2024 02:37
240504-c4at1seb77 704-05-2024 02:33
240504-c1tsqaea98 7Analysis
-
max time kernel
920s -
max time network
875s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
04-05-2024 02:39
General
-
Target
Styx Client Latest.dll
-
Size
4.2MB
-
MD5
10f9853fa1b839fe3f9234db75745456
-
SHA1
078b7fffc7763b4e237c5da77be5cde421584e93
-
SHA256
2d1307efa269e7f18f1818e672c028c76de3cb3c8ec3cd3c2bf9816bddf1a8de
-
SHA512
4a0ff0304867312be0da118f9117c42eb1967b00ddf827a3c7d2f41d6b6aa2a2acfbd85302d60d0b70794663becce7bee0543c770f66ec6cc4b306e35ba9e844
-
SSDEEP
98304:cR07jKsGPxbGp7blGwOYS9gHm2Pk8zFcdaWlz0cuMWZ:97iWvRS+nudTBuFZ
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 6 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation SKlauncher-3.2.exe Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation rundll32.exe Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation SKlauncher-3.2.exe Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation MinecraftJava.exe Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation rundll32.exe Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation MinecraftJava.exe -
Executes dropped EXE 15 IoCs
pid Process 4776 SKlauncher-3.2.exe 3040 i4jdel0.exe 3036 SKlauncher-3.2.exe 5696 i4jdel0.exe 5704 SKlauncher-3.2.exe 4824 SpotifySetup.exe 5008 javaw.exe 1596 MinecraftJava.exe 1708 SpWebInst0.exe 6440 Spotify.exe 5496 jre-8u411-windows-x64.exe 4132 jre-8u411-windows-x64.exe 8792 MinecraftJava.exe 10080 i4jdel0.exe 10160 Spotify.exe -
Loads dropped DLL 60 IoCs
pid Process 4776 SKlauncher-3.2.exe 4776 SKlauncher-3.2.exe 3036 SKlauncher-3.2.exe 5704 SKlauncher-3.2.exe 5704 SKlauncher-3.2.exe 4724 plugin-container.exe 5008 javaw.exe 5008 javaw.exe 5008 javaw.exe 5008 javaw.exe 5008 javaw.exe 5008 javaw.exe 5008 javaw.exe 5008 javaw.exe 5008 javaw.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe -
Modifies file permissions 1 TTPs 1 IoCs
pid Process 2744 icacls.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 1022 discord.com 1023 discord.com 1024 discord.com 1026 discord.com 1027 discord.com -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat SearchProtocolHost.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
pid Process 4724 plugin-container.exe 4724 plugin-container.exe 4724 plugin-container.exe 4724 plugin-container.exe -
Drops file in Windows directory 11 IoCs
description ioc Process File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File opened for modification C:\Windows\Debug\ESE.TXT SearchIndexer.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\INF\netrasa.PNF svchost.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\INF\netsstpa.PNF svchost.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Mfg svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 svchost.exe -
Checks processor information in registry 2 TTPs 44 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier MinecraftJava.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier MinecraftJava.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision MinecraftJava.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString MinecraftJava.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 MinecraftJava.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 MinecraftJava.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier MinecraftJava.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor MinecraftJava.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d75c3648ce9dda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice\Hash = "XloccveKy4k=" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice\Hash = "Ic2WjTjhAPo=" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice\Hash = "XRrqw2b8yJ8=" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice\Hash = "0/XC9kmCGRI=" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script" SearchProtocolHost.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.crw = "1" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000631eca42ce9dda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice\Hash = "q+XwNltmszk=" SearchProtocolHost.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jpg = "1" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia SearchFilterHost.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jpeg = "1" SearchProtocolHost.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.bmp = "1" SearchProtocolHost.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.cr2 = "1" SearchProtocolHost.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.mp3 = "1" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice\Hash = "GW4N77EiL3s=" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice\Hash = "JS+FGoXvaCU=" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000024ff1e44ce9dda01 SearchProtocolHost.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.MOD = "1" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice\Hash = "6mHckVCEABg=" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice\Hash = "j/tsYAYZGa4=" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice\Hash = "wCZ7VtG/eZ4=" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice\Hash = "B66vHGrjmZM=" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache svchost.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4856d724ce9dda01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.msn.com MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5a04a42ace9dda01 MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomai = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\discord.com\ = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "122" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c01c476acd9dda01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe -
NTFS ADS 3 IoCs
description ioc Process File created C:\Users\Admin\Downloads\SKlauncher-3.2.exe:Zone.Identifier firefox.exe File created C:\Users\Admin\Downloads\SpotifySetup.exe:Zone.Identifier firefox.exe File created C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe:Zone.Identifier firefox.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 1596 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe 8792 MinecraftJava.exe -
Suspicious behavior: LoadsDriver 10 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 624 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found -
Suspicious behavior: MapViewOfSection 8 IoCs
pid Process 3064 MicrosoftEdgeCP.exe 3064 MicrosoftEdgeCP.exe 3064 MicrosoftEdgeCP.exe 3064 MicrosoftEdgeCP.exe 6676 MicrosoftEdgeCP.exe 6676 MicrosoftEdgeCP.exe 6676 MicrosoftEdgeCP.exe 6676 MicrosoftEdgeCP.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4268 firefox.exe Token: SeDebugPrivilege 4268 firefox.exe Token: SeDebugPrivilege 4268 firefox.exe Token: SeDebugPrivilege 4268 firefox.exe Token: SeDebugPrivilege 4268 firefox.exe Token: SeDebugPrivilege 4268 firefox.exe Token: SeDebugPrivilege 4268 firefox.exe Token: SeDebugPrivilege 5032 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 5032 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 5032 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 5032 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 6008 MicrosoftEdge.exe Token: SeDebugPrivilege 6008 MicrosoftEdge.exe Token: SeDebugPrivilege 3384 firefox.exe Token: SeDebugPrivilege 3384 firefox.exe Token: SeShutdownPrivilege 2596 svchost.exe Token: SeCreatePagefilePrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeLoadDriverPrivilege 2596 svchost.exe Token: SeDebugPrivilege 1708 SpWebInst0.exe Token: SeDebugPrivilege 1708 SpWebInst0.exe Token: SeDebugPrivilege 1708 SpWebInst0.exe Token: SeDebugPrivilege 1708 SpWebInst0.exe Token: SeDebugPrivilege 1708 SpWebInst0.exe Token: SeDebugPrivilege 1708 SpWebInst0.exe Token: SeDebugPrivilege 3384 firefox.exe Token: SeDebugPrivilege 3384 firefox.exe Token: SeDebugPrivilege 3384 firefox.exe Token: SeDebugPrivilege 6488 firefox.exe Token: SeDebugPrivilege 6488 firefox.exe Token: SeDebugPrivilege 1580 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 1580 MicrosoftEdgeCP.exe Token: 33 4452 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4452 SearchIndexer.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 3384 firefox.exe 3384 firefox.exe 6488 firefox.exe 6488 firefox.exe -
Suspicious use of SendNotifyMessage 45 IoCs
pid Process 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe -
Suspicious use of SetWindowsHookEx 42 IoCs
pid Process 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4268 firefox.exe 4776 SKlauncher-3.2.exe 4776 SKlauncher-3.2.exe 4776 SKlauncher-3.2.exe 6008 MicrosoftEdge.exe 3064 MicrosoftEdgeCP.exe 5032 MicrosoftEdgeCP.exe 3064 MicrosoftEdgeCP.exe 3036 SKlauncher-3.2.exe 3036 SKlauncher-3.2.exe 3036 SKlauncher-3.2.exe 3036 SKlauncher-3.2.exe 3036 SKlauncher-3.2.exe 3036 SKlauncher-3.2.exe 5704 SKlauncher-3.2.exe 5704 SKlauncher-3.2.exe 5704 SKlauncher-3.2.exe 3384 firefox.exe 3384 firefox.exe 3384 firefox.exe 3384 firefox.exe 1596 MinecraftJava.exe 6488 firefox.exe 5704 SKlauncher-3.2.exe 6488 firefox.exe 6488 firefox.exe 6488 firefox.exe 6488 firefox.exe 6488 firefox.exe 6488 firefox.exe 4132 jre-8u411-windows-x64.exe 4132 jre-8u411-windows-x64.exe 4132 jre-8u411-windows-x64.exe 6328 MicrosoftEdge.exe 6676 MicrosoftEdgeCP.exe 6676 MicrosoftEdgeCP.exe 6380 MicrosoftEdgeCP.exe 8792 MinecraftJava.exe 5704 SKlauncher-3.2.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4608 wrote to memory of 4268 4608 firefox.exe 74 PID 4268 wrote to memory of 4692 4268 firefox.exe 75 PID 4268 wrote to memory of 4692 4268 firefox.exe 75 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 2496 4268 firefox.exe 76 PID 4268 wrote to memory of 3608 4268 firefox.exe 77 PID 4268 wrote to memory of 3608 4268 firefox.exe 77 PID 4268 wrote to memory of 3608 4268 firefox.exe 77 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Styx Client Latest.dll",#11⤵PID:4988
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4608 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4268 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.0.887999712\4506403" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1668 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {973c0e19-468f-4676-a9bc-9a7e3cf7dc30} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 1764 110bd7cb458 gpu3⤵PID:4692
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.1.446050010\874815219" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cdcb06f-ad29-4352-aaea-30588d917ee4} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 2120 110bd13e058 socket3⤵
- Checks processor information in registry
PID:2496
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.2.1730042422\478737894" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2700 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca3adf41-11dd-4081-86db-3f012e2dd24e} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 2872 110c16c9b58 tab3⤵PID:3608
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.3.1237374397\336167953" -childID 2 -isForBrowser -prefsHandle 3416 -prefMapHandle 3412 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70f24b6b-1cc3-4684-a48c-4234f10f1995} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 3440 110bffad058 tab3⤵PID:4288
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.4.1307325138\1903305291" -childID 3 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3ea410e-b63b-4783-88b5-d4cc2a6295a0} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4044 110c2d67358 tab3⤵PID:2532
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.5.2137342071\346219502" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2e490e6-e1bf-4504-9b89-71c9ec27574d} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4828 110c3e90b58 tab3⤵PID:2668
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.6.1978944985\1706004815" -childID 5 -isForBrowser -prefsHandle 5008 -prefMapHandle 5012 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4551e302-0f90-48ef-a9ff-a16fa5980735} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5000 110c3e90258 tab3⤵PID:3808
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.7.1661281400\290559133" -childID 6 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c286bc1-11f6-4112-8373-4d1d4515b70a} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5184 110c3e91d58 tab3⤵PID:1628
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.8.1294526182\1450361678" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5616 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a690a82-b350-4099-8538-fbdf0ec4b531} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5608 110c4d47858 tab3⤵PID:692
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.9.1108011127\1032360864" -childID 8 -isForBrowser -prefsHandle 3780 -prefMapHandle 3776 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {456f2dcf-4a7e-4d90-b771-95064cd7026f} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 3736 110c4cd8558 tab3⤵PID:672
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.10.1684406509\1525640244" -childID 9 -isForBrowser -prefsHandle 4404 -prefMapHandle 4464 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd05fbdc-716e-4f01-a1fa-18d9ed958f57} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4372 110c652ca58 tab3⤵PID:1172
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.11.2086820277\1980549273" -childID 10 -isForBrowser -prefsHandle 9808 -prefMapHandle 9800 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64cc2019-a515-411d-bda7-33184f58c6ae} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9820 110c6e8ca58 tab3⤵PID:1712
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.12.1862435797\700863164" -childID 11 -isForBrowser -prefsHandle 9656 -prefMapHandle 9668 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a93652e-333f-46be-9bc4-34a17611aee0} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9620 110c680ee58 tab3⤵PID:4944
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.13.600509945\1384528513" -childID 12 -isForBrowser -prefsHandle 9432 -prefMapHandle 9436 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a61f0e25-33bd-40c0-88cc-f97293089635} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9424 110c6810658 tab3⤵PID:4852
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.14.1263421710\1911442167" -childID 13 -isForBrowser -prefsHandle 9284 -prefMapHandle 9280 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2a52eff-ff29-404c-814e-418e522610e4} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9292 110c6810958 tab3⤵PID:1908
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.15.544954875\1219671556" -parentBuildID 20221007134813 -prefsHandle 9220 -prefMapHandle 9052 -prefsLen 26795 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8b4fc45-1b46-48eb-9ba7-632d633f8704} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4944 110c7947a58 rdd3⤵PID:1280
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.16.1274785811\1815818950" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8972 -prefMapHandle 8976 -prefsLen 26795 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eda52076-04a6-4806-b7ae-a0da571dc4c9} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 8964 110c7949858 utility3⤵PID:1948
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.17.1855343261\663382790" -childID 14 -isForBrowser -prefsHandle 9036 -prefMapHandle 9668 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e3d16fd-1c4c-4aa1-9931-866f5d81a513} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5228 110c4dcb558 tab3⤵PID:4580
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.18.1285229568\462011077" -childID 15 -isForBrowser -prefsHandle 9764 -prefMapHandle 9760 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c7e00a0-6ed6-4240-b196-bd89ac92fe38} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9320 110c6810058 tab3⤵PID:2984
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.19.1976157023\85722970" -childID 16 -isForBrowser -prefsHandle 9724 -prefMapHandle 9752 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd11a12a-f722-4785-8a98-d700f64bd65e} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9728 110c785ae58 tab3⤵PID:4064
-
-
C:\Users\Admin\Downloads\SKlauncher-3.2.exe"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4776 -
\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version4⤵PID:4572
-
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M5⤵
- Modifies file permissions
PID:2744
-
-
-
\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version4⤵PID:332
-
-
C:\Windows\SYSTEM32\reg.exereg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme4⤵PID:2652
-
-
C:\Windows\SYSTEM32\rundll32.exerundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb14⤵
- Checks computer location settings
PID:5900
-
-
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exeC:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j1321171856815587400.tmp4⤵
- Executes dropped EXE
PID:3040
-
-
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6008
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:1468
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3064
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5032
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5312
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4008
-
C:\Users\Admin\Downloads\SKlauncher-3.2.exe"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3036 -
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exeC:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j5437175824312600673.tmp2⤵
- Executes dropped EXE
PID:5696
-
-
C:\Users\Admin\Downloads\SKlauncher-3.2.exe"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5704 -
C:\Windows\SYSTEM32\reg.exereg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme2⤵PID:5680
-
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exeC:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe -XshowSettings:properties -version2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:5008
-
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exeC:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe -Xdiag -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=16M -Djava.net.preferIPv4Stack=true -Xmx4096m -javaagent:C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar -DMcEmu=net.minecraft.client.main.Main -Dlog4j2.formatMsgNoLookups=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.jndi.rmi.object.trustURLCodebase=false -Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Dminecraft.launcher.brand=java-minecraft-launcher -Dminecraft.launcher.version=1.6.93 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.2.9\brigadier-1.2.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\7.0.14\datafixerupper-7.0.14.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6.jar net.minecraft.client.main.Main --username aidswalking --version 1.20.6 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 16 --uuid 2fdd2deb1aac362294e5f7983ce027d1 --accessToken 8cb5ad04f9f04b2abcbe3775a0ca1aee --clientId 0 --xuid 0 --userType msa --versionType release2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1596
-
-
C:\Windows\SYSTEM32\rundll32.exerundll32.exe url.dll,FileProtocolHandler https://discord.gg/BdCcpDZ2⤵
- Checks computer location settings
PID:2980
-
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exeC:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe -Xdiag -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=16M -Djava.net.preferIPv4Stack=true -Xmx4096m -javaagent:C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar -DMcEmu=net.minecraft.client.main.Main -Dlog4j2.formatMsgNoLookups=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.jndi.rmi.object.trustURLCodebase=false -Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Dminecraft.launcher.brand=java-minecraft-launcher -Dminecraft.launcher.version=1.6.93 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.2.9\brigadier-1.2.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\7.0.14\datafixerupper-7.0.14.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6.jar net.minecraft.client.main.Main --username aidswalking --version 1.20.6 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 16 --uuid 2fdd2deb1aac362294e5f7983ce027d1 --accessToken 8cb5ad04f9f04b2abcbe3775a0ca1aee --clientId 0 --xuid 0 --userType msa --versionType release2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:8792
-
-
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exeC:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j6596417278842007051.tmp2⤵
- Executes dropped EXE
PID:10080
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:912
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3384 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.0.310734679\261061867" -parentBuildID 20221007134813 -prefsHandle 1552 -prefMapHandle 1544 -prefsLen 21163 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c42c6795-e115-46eb-9234-a269b21a4725} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 1644 228d4dea658 gpu3⤵PID:5692
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.1.999463985\584035123" -parentBuildID 20221007134813 -prefsHandle 1984 -prefMapHandle 1980 -prefsLen 21208 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1bbd1ec-4e26-4956-9f7e-3caad0320ca9} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2016 228c9edeb58 socket3⤵
- Checks processor information in registry
PID:5036
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.2.644084541\1739429455" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2588 -prefsLen 21669 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c82a400-6680-4730-8df2-a543b93e6a01} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2744 228d894a858 tab3⤵PID:5328
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.3.547506423\1670157360" -childID 2 -isForBrowser -prefsHandle 3292 -prefMapHandle 3288 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b00cd98e-c7ec-46ff-858f-1e53cf9c285b} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 3300 228c9e2db58 tab3⤵PID:4608
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.4.1609226245\429034330" -childID 3 -isForBrowser -prefsHandle 4260 -prefMapHandle 3068 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d9eb0e-006a-4a86-92c4-a086b857ada0} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4272 228d9a68b58 tab3⤵PID:4732
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.5.1164091640\762926058" -childID 4 -isForBrowser -prefsHandle 4616 -prefMapHandle 4604 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e23c6852-a27e-441d-91ac-7f4c7d84ee0e} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4628 228db55ab58 tab3⤵PID:4424
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.6.331032107\10059452" -childID 5 -isForBrowser -prefsHandle 4584 -prefMapHandle 4484 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dd9139a-b1d4-4001-8a2a-7080867da6b0} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4796 228c9e61658 tab3⤵PID:6136
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.7.1947744249\1925958596" -childID 6 -isForBrowser -prefsHandle 4076 -prefMapHandle 4952 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e37be63a-f43a-4332-8033-cc5ed3756876} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4968 228dbfc8558 tab3⤵PID:3884
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.8.181608869\1441843822" -childID 7 -isForBrowser -prefsHandle 4484 -prefMapHandle 4776 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51b4bbcf-75ab-4f08-a7ea-f4d3c84a2734} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4368 228dbfc8858 tab3⤵PID:3252
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.9.430830265\1510079521" -childID 8 -isForBrowser -prefsHandle 5152 -prefMapHandle 4360 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {982d0d4e-6f0e-4d97-986e-54be2f9dd784} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5320 228d500f558 tab3⤵PID:4604
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.10.850578388\1594658401" -childID 9 -isForBrowser -prefsHandle 4808 -prefMapHandle 4604 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20078405-df0f-4577-908b-2920fc9cf05d} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4888 228c9e66b58 tab3⤵PID:4256
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.11.92302279\621752347" -childID 10 -isForBrowser -prefsHandle 5644 -prefMapHandle 5752 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85b15e4e-90a0-4e8c-a3ad-74923f90b1c6} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4740 228de136858 tab3⤵PID:2232
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.12.1762295337\1763708352" -childID 11 -isForBrowser -prefsHandle 6676 -prefMapHandle 6680 -prefsLen 27278 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {644539db-f181-441f-973f-3f8a23d9ec64} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 6688 228d9944058 tab3⤵PID:2372
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.13.1448508076\1789163842" -parentBuildID 20221007134813 -prefsHandle 5912 -prefMapHandle 9780 -prefsLen 27549 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {721358c6-c7e8-4d69-8833-9be1d25a3add} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5940 228dcdae058 rdd3⤵PID:3720
-
-
C:\Program Files\Mozilla Firefox\plugin-container.exe"C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel="3384.14.1821759852\1634228517" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0" -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb19ae84-9c79-4686-91b1-07933724d733} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9796 228de11a258 gmplugin3⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4724
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.15.2097297651\2122868500" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9376 -prefMapHandle 9380 -prefsLen 27592 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecb2a4b1-dac3-44a4-8177-ca9a193fd466} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9368 228dbfc7f58 utility3⤵PID:2120
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.16.966661437\2128033485" -childID 12 -isForBrowser -prefsHandle 9732 -prefMapHandle 5468 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09ba4202-d712-477a-9aac-040b8cc9ae08} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9180 228d5f36458 tab3⤵PID:3916
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.17.444572219\2089001540" -childID 13 -isForBrowser -prefsHandle 5668 -prefMapHandle 4856 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {880e36f0-8b8a-4273-b574-3c9fb1a49901} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4712 228dd51a658 tab3⤵PID:3192
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.18.572836789\1815724653" -childID 14 -isForBrowser -prefsHandle 4804 -prefMapHandle 4280 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48fdae18-0929-44ba-94d8-ff5055eaa871} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5148 228ddc5ad58 tab3⤵PID:1968
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.19.1949508474\1485909952" -childID 15 -isForBrowser -prefsHandle 9328 -prefMapHandle 4728 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8006380-fd52-4426-abbc-4abeb8625e07} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2700 228d7989958 tab3⤵PID:1956
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.20.1253596689\1815879573" -childID 16 -isForBrowser -prefsHandle 8932 -prefMapHandle 8924 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e9f78c-fa70-4594-8da6-135708d49844} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 6568 228dcdace58 tab3⤵PID:3608
-
-
C:\Users\Admin\Downloads\SpotifySetup.exe"C:\Users\Admin\Downloads\SpotifySetup.exe"3⤵
- Executes dropped EXE
PID:4824 -
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exeSpWebInst0.exe /webinstall4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1708 -
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe5⤵
- Executes dropped EXE
PID:6440
-
-
-
-
-
C:\Windows\System32\SystemSettingsBroker.exeC:\Windows\System32\SystemSettingsBroker.exe -Embedding1⤵PID:308
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc1⤵PID:4008
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localservice -s SstpSvc1⤵PID:3016
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:2024
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2596
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s RasMan1⤵PID:5324
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s RasMan1⤵PID:6292
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:6468
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:6488 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.0.126913019\354562248" -parentBuildID 20221007134813 -prefsHandle 1584 -prefMapHandle 1576 -prefsLen 21530 -prefMapSize 233967 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0fd53f0-ac14-4e97-892d-05c1b1719b99} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 1664 24819dfd258 gpu3⤵PID:6604
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.1.75264054\35064039" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 21575 -prefMapSize 233967 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8fac820-7d65-48c7-a5a1-fb5f1021b5cb} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 2004 24819a38b58 socket3⤵
- Checks processor information in registry
PID:6312
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.2.1828580436\1153027785" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2676 -prefsLen 22036 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a025ec0a-04c0-473f-af60-0106bbdcaa2e} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 2692 2481da95f58 tab3⤵PID:6836
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.3.1619355321\77165057" -childID 2 -isForBrowser -prefsHandle 3320 -prefMapHandle 3332 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25c98c3a-bbb6-4dc7-b458-2e6a6e41bcf2} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 3340 2481eaf1358 tab3⤵PID:6624
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.4.2083619640\1980051544" -childID 3 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {127d64ef-523a-4a3e-a60c-cead13d73215} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 3764 2481f577b58 tab3⤵PID:3904
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.5.2026837024\1053859198" -childID 4 -isForBrowser -prefsHandle 4676 -prefMapHandle 4672 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1bbfaed-7f08-4057-9869-0700ad381ced} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4656 248203a0558 tab3⤵PID:300
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.6.1699818969\1031350807" -childID 5 -isForBrowser -prefsHandle 4856 -prefMapHandle 4864 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d577b92-2589-4549-9ceb-dc964d4b2fca} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4976 24820f3f758 tab3⤵PID:5688
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.7.1816067351\775385385" -childID 6 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47b3398d-1a5f-4ce0-8bd7-5e5f36b0e6ea} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4996 24820f81058 tab3⤵PID:4948
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.8.106995842\1026413713" -childID 7 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d0ae3f2-b839-4c1f-b51e-cccb1a7b6c2a} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5392 24821074f58 tab3⤵PID:1188
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.9.69263752\298070589" -childID 8 -isForBrowser -prefsHandle 5420 -prefMapHandle 5552 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27e260fe-1f61-43ce-b2a2-7330da89531e} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5616 24820fb7b58 tab3⤵PID:5328
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.10.915848417\1108271500" -childID 9 -isForBrowser -prefsHandle 5860 -prefMapHandle 5812 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb184e33-a1c0-48ad-899c-6fa5cafaa3d0} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5292 24822485258 tab3⤵PID:332
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.11.227735943\385685535" -childID 10 -isForBrowser -prefsHandle 6056 -prefMapHandle 5392 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b55fe9c-bd5c-47f6-818e-e398927435f7} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5276 24822d7d158 tab3⤵PID:5244
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.12.512288319\1136000791" -childID 11 -isForBrowser -prefsHandle 4364 -prefMapHandle 5780 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dedd343a-dd15-45c3-bc76-74caa1003074} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4360 2482247a858 tab3⤵PID:3620
-
-
C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"3⤵
- Executes dropped EXE
PID:5496 -
C:\Users\Admin\AppData\Local\Temp\jds241363312.tmp\jre-8u411-windows-x64.exe"C:\Users\Admin\AppData\Local\Temp\jds241363312.tmp\jre-8u411-windows-x64.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4132
-
-
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6328
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:648
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:6676
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5308
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6380
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1580
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4452 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:5640
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 688 692 700 8192 6962⤵
- Modifies data under HKEY_USERS
PID:1988
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3401⤵PID:6632
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"1⤵
- Executes dropped EXE
PID:10160
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5ffab5aea3cb0da8321d5ed023407dc59
SHA17ab2102ea332ece6ad111652731a26336c3d0efe
SHA256afa43775b79cce5bb2a5aa79f349587c998d4d1d42d8d806f4c1ac71c4640300
SHA512ffe37f12bf5ea1aad7544145cff0c923b9b90e88ac41dc9e9108259afb02fb39ed2c4ff826bfa0f028c07df37f46923ff1c4afbf6c18e6d83bc6e99aba23968a
-
Filesize
10KB
MD5a7eecac23ef4649be7dc8c89d4846fe8
SHA128e2c0b77804b9a3724e4fd08d20a26d7c161a3d
SHA25685801a6d046f7d9b157efec4ef2b8eb515d46fa44eb6a9a95395841a25bc3467
SHA512b3a81093150ebe966fe75277ddc0c3c4e84a1b67df930367fc0966ee7d12baac2c02c71d86d0374cf8c773bfc40cf52c2c9752e6fb5e60d8c5890447dcf6ae85
-
Filesize
8KB
MD576ff2ed66b2b5813310dc09cab716adc
SHA1dc49fe3a55e9374673e6c497d64caaae05cbc473
SHA256f652fa5add11af08d6a113c5e4a2f71e06cc8b713643ce7cace82e69555f3f92
SHA51236766bc9c5e6ccd736777d41dc18f29776c425efc3a020d41b4bb860c01d4384ee81d0f6f6bfd6456683904af40acea0d887f63a6f3588636ce97b53541d88a1
-
Filesize
15KB
MD52cc569bfac2b59817575450571cb667f
SHA16386165aa56c121e41aff04942d4b1dc0182abfa
SHA25699f8133f96c9de9be341475c55ae4fa8607fc6265d3e0c5e2fdb02602dab0fcc
SHA5126838fe77cedb80014b73c775c089fe5052eef509414b5b7407776fffbb209e3048b208ede4d3e522de8934cbe29e019d2aa8cf4cdf24d83fe343697df9435afd
-
Filesize
11KB
MD527ae9a77ddd55e8954520805538c4f76
SHA1f3a8baac444bdf2cb1e415139ae63166b19cadc4
SHA25640006997f2f0ebb5def319d5933d848db934e504d98cdfe1687e834017b959d7
SHA5120314efade6d744cbef75a14022789bf2ea1ae8659ee7ecb2a1c8036372a20415a6d63dc0b2b0219fef358f15bd5b68697e9c1fc56181e8f83a28dd029e421b7f
-
Filesize
7KB
MD5c3b52858f0f38382fdad28d99845b7b3
SHA1d1b364ef47a119bb133fc452f6425cdfeb9bac44
SHA256315c5ebfa93653b18923afd8d9b02b261bc8f8c13db0ae1573bb00f93829ba95
SHA512205b01357dce078902312a932b0dac063e4ff8027b1798322b024534f4e4b8112d5f354c3f712e16ce4eb5e721c2216a37ec58c70daedecd338996f75dea76de
-
Filesize
9KB
MD5a4d42cadeeb2312677278660e2d43a3e
SHA1dbaf03398bb25663e2b24b0b48cc7912176189d9
SHA25622c765ee02c1590ff2df3de8251c78197854018f005d78958b5d71d619cd277a
SHA51252c68ddbeed2b71ab14ec5d2a5825dc2d4968889fdc1389e7be17492430cce311fb90cf067f2f4098f58824ad5e1f9620fcc863fff32bdc2d143a7f8f53b0cab
-
Filesize
23KB
MD55ae02d34d43c6380c94be7fa7d77d7ee
SHA13f42765b691b15d88d8a6493e61e083257ff3bbe
SHA256fe455341b59cf8da8258d5842e98581776f00a7bfedbf468797c6a6247c59bf3
SHA5123475147828dbc9616a4828af9bce36f054ab6847e4068812188d429c1b78c0a51329b670e777ce8449209a5e70363480e2b8f13bd8dc0c40ee8b5a7f8a857566
-
Filesize
11KB
MD5c89e28f007ccc7a291fc614569ad0e75
SHA1542b4ddeb9ae5fdeb90d0b46aaad8a3808138d6c
SHA256b6bef9667aee810f35d369920a7227e19daa02e749b4790f6a5b7d7a9937ad7d
SHA512c41aa666f70539b889b56b2ae36acabd5cc2a72a68d49ff451ba36169bd0c647c77c7ced3a30242d22a6ab678ac45f5ca7e330771673e5f270a3a4f02e413384
-
Filesize
15KB
MD59bc8a42d0850e751a64cb53ee98f1003
SHA1f836d810d71c3518c96fe83c9a182290d6cc30d6
SHA2563b211107ece18a679837931460ae76382bbebd02b051af1f203d1a44c5bd1594
SHA5125f563b82c28279764401cf4e3d24ce78ee6f32881a88b20c4e3fc96929b6250e0e4f160c17a36c0effa7930efe5e072d3c7e698f895ff5ab3f0dce7b68a28756
-
Filesize
21KB
MD57f0e8f36f7018e7933ac248f1a06f04e
SHA185a094da1512105c774456f5e543d63aed0ba6ad
SHA2566ac00e5f6f24063e496668813a8dcaa4090d20454af8ead2cf36d454102132c3
SHA512ed21be80235e76bd793afb776618d8e56ba3adcf5519c84ee7d89cb865d21bba2301cdb614757d4c50d0714b70f235e53774e7e677a9fa338dabe9730d1a58c6
-
Filesize
8KB
MD5ec7a996f1c4c4d7c99aada459bc876be
SHA12190a4f5118ead5623da4ba3e1996d1e30bedf97
SHA2569bacac22c451a0e087c04849eb96751b2fa7a409ae3616f3dca8f84108868698
SHA512545e8f098853d8171d9ef6ed4a31a1cbc314594add2c9d5326176724831ca182a01909d2264bdd0cc9a59587c5fb6519efbcd52ac2cb49e6ea257999b9c07bc2
-
Filesize
9KB
MD5cde6c8ba42c3edbc641bce0b92f907d4
SHA1c67861604ad249c1b82e834192786733cf5dbd1d
SHA25665805385536c24490c9b8761f9a0c231c8a903bc26375acdf438b5ec5c546976
SHA5121411120fa933b9a05f6b11b153271f9fd1809eb10eb80d6f05c783e854313d52034d42c8167739eb9de7d92813bf51766954c2fa2144a2ec770346eef5b3c559
-
Filesize
15KB
MD57acd6833e24cff702eee83992b5c0987
SHA1de174fd744febfb9ebf3cb09024d2e2ba67534d4
SHA25626c0e494aef34738b89bef9f4208a2f32ab9871917de429bb5088474d3610fb4
SHA51219ad2865a5bba0639a5735c0f6f161c29025b256ba03812f1329e01e672335418551845b15cc9e8ce71e34d288906a9fc7ff857be4929ece7eb8acaddcab67e9
-
Filesize
10KB
MD54b4ad4c2a358ac92750cae282d761776
SHA102f5790d9898996ee0b3a80facbf3a70cb9ba876
SHA256456ae5a6e3da6af7512ad1af90ed0b674c6be16435d2a600389cf9b47708d58a
SHA51287519c2f3ff5ee1e266578ad87c56d4bb201ad03b314a63311e74cb1941ddafbe6bc450d361bad329249909990ccff79b093f7ddadd2c36f144fea1d9f863fbf
-
Filesize
15KB
MD5e1cdc67eb73b47cb98001c8a76423b77
SHA1f958735ec0904fc220cc38751cda30b2587157b2
SHA256439bf8c5df4f6c7d645a94040e8de2b889aae90f978ecb6a7fc752f567105374
SHA512e729b319daf48b2d40b27d116f4b1fcf38d59eabc82f28e0b3c09d8dc5b5dd44da398740a8075b66d951a6e80c59b39b4b8f216e789829a807cb28e90fbd472a
-
Filesize
9KB
MD55cf14c97c5fd47c6185f19f1bbd3b1e6
SHA10501cd4f3506897327ea5269f1d232e66c7224c2
SHA25698be9e9c2405edc9beb6be33de5e4b193559f34d7da89e6220290efa74faf097
SHA5120a63b699e959ca9da0cdb72ca92d2361f17352386510e2831d586c4930ba05b0ce7bf6f99d45cf6b225ec8401b71d17f378ff6caad72f6b3d85d5c0f72597606
-
Filesize
9KB
MD56d4a2f6d4ee20d727d2a9a682d80e3e4
SHA10322ad449c750c79b55c6d303928f89b9ee61079
SHA256c74653d90a54e8243886352948b5a87440c496cf3e0ac95a04702cd2903e09b9
SHA512ef1ea73f3924df0da88c5817eeb0aea1a61fceb0434626340c08d6481eb5572590dd6a9ac6c8512a09eb7698bd51122ffc9dc3c0e29e345679ad19bc184868c5
-
Filesize
11KB
MD51ed61678748d7df44e8eb413b7bf5379
SHA1d61e61aab527f3f0ed7cd05b85ef5cb675db0556
SHA25663dbf530c2d1a86124d403b1d5ccc5e98375bc4c89b567a7135c41b861fe2703
SHA5125e946d28f50ccd48e7325c07918426748040f3e94a2155071ea0a15c77ee84e84fd31f48a3bd77ac3789ab57d7605852b4a34d0ba9a699754446ce0bfdf27b73
-
Filesize
15KB
MD5cef4aec50664920c6c24b4285558f152
SHA1480aba0792f91a606133f3ac45fc0b4922029c2a
SHA2568831eb6aad16646f748fc34cfc83de885d27199a3331c3d24e5cfae3dc258b0f
SHA512a3d34c715c1b13fd2df4504420e63e275ae8481200f4c85f99a373d6c7514f973812574e9d89b97e3953bb6a1db8cdcc1dfa7e93b6d55cebfdd9659d84aff5c7
-
Filesize
15KB
MD56d00e05552dfcfa34ca0f99082a7fef4
SHA194a221a6007060284379a167dab9b7b3bdaada24
SHA256aaaf9e7c6810716482a3b9fd4445ee84f8136fb5571e1eb8442b14ce10e2c186
SHA512f79c4a52e54dd2c4c112abb103c91faf4ab99cd932fb5a7be9111caf8230786e8991d53f18fea5ab9ccf168fcfe22d7eda854ea0ff88cdde8308a4853e3cd9d5
-
Filesize
15KB
MD5b0822778f4b2014596374df7d8ec7724
SHA1e9a3d2a98ded86274b225ca7f679b3191eb223b7
SHA256a5cc48cc81c900f6b0652efd3c11408c38c714fe0097a64b712c9984154d9676
SHA51251d9066db91c093ed2a4245b163646c7929129b7010bc67075ace99ff183095cda2f894912c1f71b3c9bc23ec27629c4e9b877d8719bb4e9bafe9ba54c6aa71d
-
Filesize
14KB
MD52ee4d9e68206f1788bc744c66e6687b9
SHA1818bfa5fe29755f3d4bb147a0090fc9254bf1cbf
SHA256668a2d991915f8789c212dc10f9f237e585f947c5d8fc888f6ca8753039578ab
SHA512dd4276d08e8836ccda8b67ae5ea4d3179113d0b17b9f5990a2d5bb9435657af9ff777f5729e3b769e188929023d28116b49469cf71a43bda8a37bc42d4e2f317
-
Filesize
10KB
MD5eaf76453a1885d46479aa34f95cdee1b
SHA1426131d60f26c0b082a9d1d12a5d7bc03ca58517
SHA256cf24ce9c5739ff52ba7adbf615a711e36c464498382af1f0641da49bd03980c4
SHA5121466dbc033677e0b948420021eb88b509050f6e3811db1efc08ac05592e0912251eeff08d6a496f344fc62a136cdb93af94b8acf77f25a949782d6751a331313
-
Filesize
15KB
MD504cea0cd4d957f0e192db9749a0f0148
SHA1b933d04eb498d05b5da1b077dde0340bcf214a12
SHA2560a57dff807b166a5c6531f1986e6566a5826cec23122a1fc9e37c6c098b0e569
SHA51203e9c8971e29b128ae1266f6ed2092e0669db394536b4a8aa007e2edb1d1172765e81883db17f8d24e51e3c51feaf810dfa2cfc23bf1d506d5fba7586bf7b31a
-
Filesize
15KB
MD54f27849dcda948f9d1d61fe97c4a2bf5
SHA18065691e2b55167b2b0316984402f098a4e4d426
SHA2563ed448329bbb48a288c70a604784fbace4d8156dc93722fe77c654eccf83dfb9
SHA512176fa15d9640737280ab9124a8e09e021db782f4208d609af0ede581521d6cfc3a0ed2860d6c8795e2cf59592b0b3eefc8023aee1c4b767e492a44bb0d9d6f14
-
Filesize
15KB
MD524fbd8d34db747b35cd422dd19104820
SHA17ec5950128d138c10160b569709475ade3da39e5
SHA2561ea7523ab1723097d2748e5974b2d422d047a2ff3bf8054853b594985d2daf49
SHA512a459f2b703d9f8a9e6f23a37f7a69410f340b19525aa09f1df7d36f1319df3c3000e4c3dec20e7a8eb37f6bba6820b106929eda097f218badd4bebfa4f51c5e1
-
Filesize
11KB
MD5d504a0da6af059483421be85915d922e
SHA165c62fed7d5a5b6a18ce8c0423bb162a1fcd9483
SHA256506d0b2fe1bc6bd6e84b88bed532de690cae6bf6c90ffb99f0ebd91c2c001c26
SHA51201db253b5e9aa433555427f0edfe3e11353d9c8bca2f7171f14a00a85da874c89f184cfd6bee050b69188e61a25129f636495bffaa55994ca0e33922b64560fa
-
Filesize
15KB
MD5f9cec4d047d47182eeb40b4b231c90bc
SHA16cf8ed4214831f00eb2241c1c15601a0c294dabf
SHA256e4eaf957a70868c5c838a0a002aa606ce5874788f9289debb019464fa23448b1
SHA51272c78abe74763afe9ec03e4537da3e3aa2f7317c0e1b303cc422d11b4f457990c31b2a214b8262674c729672e9f830b927ee0ebbd3ffe5a566571c470a1b8b89
-
Filesize
15KB
MD590ab449d6f7e4ef2d3ecbcc685c930e1
SHA1cadbd070b57ddd92d7b47ddb5b446f4507f0d8a0
SHA2566c566778a0eeb42c4c724f9423f32b12da38de33263749e8d8204330ae85ed79
SHA5124b8cd5369ad8f5b3278970baed9976cd19c7443a57b0069cd1261459374490254cde933084552eea9feb4cf99ee38c68dc11362b36724c2a805156df3fd2adfa
-
Filesize
11KB
MD5024d344d29e232abe0798129e62ef487
SHA12b6b8056bce3dc5f9116a0fb711b5d8e1c923e95
SHA256b7b21609c56ee3f6b6e915f6550ada97d370a8eee8360fcbea8b97533b26c27d
SHA512b545c5764c4dd98f3179cd8bf90f9876393b37816a4a8ba3a88c50adfba54f76b6733fde6eef7dbf8ff7b86f4738f8ab3150acf33260c7482554dee5eda53d1d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\0F6E48FC2FE3BA07CF39A943382347AA9FC8C2FC
Filesize60KB
MD57095c62de7cca518ab5ebdb59d041415
SHA1dcde115f5c11b445d0810dfa18330178ad165494
SHA2560c3cdd420c3efeb28c4f0dd9eb445c39908fadcff29bf5d345ee5f78ff0e99a6
SHA512cb11f750f121e3781588af60ce1ecb696e70a71f89d6eec2ab34cffa0c8cb310d90dd335ca234d36cc2f13ce2dd5591a18db109f080324355a2038500b90c1e2
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\10C0543199997E1F7BC198EDED66D97B334F0C39
Filesize200KB
MD5ebf8c65457a528f746c44149718dd2bd
SHA119dcdb7740c01b3e198ad2bfc4654695c64a0c5e
SHA256d9ec5793a26ea9db4881e24dee0acc440bd6ef7c6c29d9b920ad1004394b0214
SHA512f687150f1578c001615b1eac3c8c095fa5fd429cf361d3599f2cf2d008d54def39c98d601db8048ef14d9e59be8bc5637650a70c77d6c823ac50a564b5246f69
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\23497B1A0ED28AAE2C6D515EA7BD9531C3020BF0
Filesize210KB
MD51adf1d59633083ca073f351679cb4eb3
SHA1bf5903003db43ea81ec36caa538719ff599238a5
SHA256cdfeab4f8465668bb5f82653087fbe3e56b55588cb44092edffa907d629c5a92
SHA512627fd311abbc170813cfcb9d063f5f48a9320b43769733c138909b9f40c95dcd4bc69e07002a8f2787582f03b16a89dd18df1ecea3468e644d9cc2c37d2d9b7a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\25964F52691AED972ED9651DC62D2ED649D0CA04
Filesize74KB
MD5e5cd50794c0d2825a42433caccccc917
SHA1b11d9c51ddf38f2d9aa9309c4e4ddc6636719742
SHA2563abf96cbdb0a7ecd910658adb8de8db79623ed44c4f49a82d836e37296bfb3d0
SHA5128523bb6367b61d13ca56675843eefbf31332ac33ba4bc5ed5faa5ee8be401f5d59e05fa1574f1e566f28292b21e6ef605a15240018116698b02b211738737a83
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2642B139127293682A334A3B94AFED2E56EF6902
Filesize17KB
MD55d043dcb366d1de4ea0ed1b79e4a5b3d
SHA1633affca79db1b4030e1e298b16aaf8b0ed1d96c
SHA256761be992cfb1e4bb91576ae3991485946c4880a397dad649757bbf9b4960449e
SHA512487d861fd5c80d12466d18151f4e0509d88315de0d52af7c37bc75a2dc4c8220ef279c11ddae52104818a4fc1ef1b3a32d47b7b9722ad2689ba91a6af9bbb697
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\38080459652B535AD0DE543435FBA672A01C1BA2
Filesize18KB
MD52b134f91d4f845e8d903861440b81b3d
SHA18a44ce48a950286c4a570503902216441c032216
SHA256b09af8e6df0d1e16bc5436009a0b1728eaa0068e495bf3ad41027de6675c71b9
SHA5126457ff3dd0aac5b7c72260ff6088f9ef0f0ae6c1c8ae55d8a37d5b0af3584f1d07079ff14cb71933aba1439c2c2b363868a4a9784d4e171db2706b6c7984d04c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5D725DA1DD35E8A5C0B1026F1D46210CD974636B
Filesize136KB
MD59ba04773a44511a1c69881d5f5f2a1b4
SHA1a9cf5e76ee4d87128e4cf0784585a1bc15e60411
SHA256ab927615d54bfcccbd6bc30de6be6d8a1dc43941caa8a6c3ee7fe4c48fec45de
SHA51222d9bb31a2ce5d335df594aae87d0142e6fcc88bcda32efcbb4d99e6572491df401b3a50200a80de50e36c79ce8d2ddf13855bd24e72efbdb29543feec0ce425
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize11KB
MD5fbca1ff62bb9c9fbd33d62e7938847a2
SHA10b9df1e9e39d203a744b665c6ba16190d27ce88b
SHA2567102ead620661e31d3a7ff430693d21ddc2236e4a2ad19bc5ed8da4bfb390760
SHA5128a98aedfe9ec06f18d0b1c5fd7dbc08c028e88e6f62d9fd1c2677435d2ebf0921b8e5d506c2ad95bcb42a42532707f3257a489767b9a867a8dd379eb9cc9df4a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8FE6BB5B069E32193FA90551D0CABC9D6A7D8B08
Filesize955KB
MD5bb922ba5056ce4f336c29a5a96e016dd
SHA15c759f684f4922d0549540191ce6e41ae599ddcd
SHA256a3046d6a1126064fd36b4b40320216f9db0368fbb5c90870e74cc880acba3b55
SHA512db21d0c8027e3ec669e6006c2ca69ce3af1b31a9260626d6b8dd48352c0ff5f8d598ee65fd7b24bf3231d488e3d65533218ceacecb90cd031faa66e9a849640b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A9820D3AA01082CAD0464F5D7B7ACC7020B5827A
Filesize121KB
MD5dcf1de29a765aec52b0cb9c5d553e6c5
SHA14fc52a7f9ebff65514f97653318c980ca5889f37
SHA2568e8a791b5e513aef213a99d184b1f3bfa96ef111925dbcafc2690e2643b4d942
SHA512961c3a6a7a29052b7ed26aa67255df613c4d93526dba120dac58aed3d3ebf0b1afcbf418bbe458f3e7540aa1ad2d728dde68b493aa828d2ff472b20aee925722
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A9AF614317B357EF73559D5B7C5EFB6999CD6B5B
Filesize4.7MB
MD5d177d002ba370e5bdd026c69e6dc350e
SHA167b1989b51c75133e124084886f43cca2d1bfd01
SHA2566b9fec390d04e7687376d3add5b3f8f9a8afb65ae5174eafa463b5915cb57426
SHA5120bccf171b7158e8f40f35ff1a7c320914164c8ae1c27219ed1338ee8a70a60db5eb872ee2dd3236a580044754c86bf290d5ce9a8b3e026b4d79d7a7eb3ef8f13
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C
Filesize368B
MD5fda1555824339c596c576643aab1ca49
SHA1419ea888d65fbdb87eebed859295a600ec1be5f4
SHA2563ed17f03c33fb305c22297ac40bfd01e55e1fb908dc57e51f4733a8705f69ba0
SHA5122f29804754a7588273859a0ef05392e7d57f89a3cf9729598b21bdbd3aac04fdf82a69cd2d8ab5860392cd3724319d5858624a3892ef825e680817db0f7211df
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FD8B5A19DF57620BA56D7418AA339A3D779BDF33
Filesize25KB
MD534a9e28124f9d2353918f560c91165fa
SHA1392a9467a28de3589e6b831aac5ece47c25ba066
SHA256e1600fb5386ca419986c8d1eca99b69d01b3c9768bc8c0d89788a9b65c81a2a0
SHA512dc05e881a7810eb5fda61195b618eeb69f1634ceff1e155f7c389b35d4012bbeee5063385723d307e5d5f9854d546b8a6edfb8e0d61082b5fc160edd43ab04e2
-
Filesize
10KB
MD545d406883fc3eb362c0ccd7c1278cecb
SHA1e7a23de2ab2c81c57dfc27c691857847f721f39a
SHA256e2ab6aa16223fecca9473199d1f11a24ad58291c43e451fbf7f42bcc2c1dbc3d
SHA51280c9458fafcdc4479853b79f2d0704ff9c8342449ca5d8a7b2d25b3a71eb168a57c9fde4a83ef33e63b01c82f83c9efaa95403d075ddc0f6cc57cea89788c5d0
-
Filesize
6KB
MD5fa729d6f6c1ce0aee67715e18e24350a
SHA1a4339bb16d047d238f9edbedc28affa0019a41a4
SHA2567031c476e4343fc4f2725bc100ef1f1d2ef25fbac01cb68f06fc33caa046cb78
SHA512060110ed8bec51414e5c5c8a4da339fd175f076f00144fafcb38cb5f84bcabdf6ccc745f724314fa0d2e0c0b48656277f69c8dccfa73343d5497b674a90bb6e6
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\n8k18eEP3XVV5fxtpoQkUw==.ico
Filesize729B
MD527d74d899cc3eb145b9c3f4731d03679
SHA1ab503c850078e3e0f4f5682c122cb729b6d07fc4
SHA256316cfafdd8b1bc8579f8dd241a1072c87873cdb11ab6b1e0f05e7d71369a6b19
SHA5129c92502eee1c6d8181d5a17b1b30b9a8542db4a85b4551308142aafc0da648c37ce084a6c7b6409e3780b8bbeb26feba0af9fbe8ee0bb6078b77e0bf47388c72
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin
Filesize2KB
MD5098f635d6d8d9b6eb167a2a3a832fc99
SHA112163efae3f650ab3d75b70c98887b5118dfbf62
SHA256b501582c8cb4a5f568df38be335c9b3d46f975562bd2785511861a2fd6445d48
SHA5125dbbc21a7a5f4fa14c67975e564dcfe19d5bad1475e0979a688576b8285ee2b7785747e7d19284bb33dae3ff1fe2fa46c71fba6bf0d4c66680f24aa0e89f98fc
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HRBX3BZ1\login.live[1].xml
Filesize13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\LU5KO5ZN\www.msn[1].xml
Filesize482B
MD559c807415954a187767fbff598f45afc
SHA1bf7df49f35b7bb36223b0a531560198695f9b297
SHA25619e72630d126e051f4f40f5fa2ecc338bd81db81a7ad2b2ef9ac10f23bb292b5
SHA512d35a827fe4f6ca3c80fa5936162794d37b25ae8023f76003c5f31ea300347b5c3b4be23c252fab64a07c264b4214f58d3b64045ed6b31b884d745998cfa0ad86
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RML28J1S\favicon[1].ico
Filesize23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SGCG3FET\favicon[1].ico
Filesize16KB
MD512e3dac858061d088023b2bd48e2fa96
SHA1e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
SHA25690cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
SHA512c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
Filesize512KB
MD51f5692a0e45358680b4f05ce4d829a41
SHA166bd7695a315783b5206fd57aef1c80b4c071cd3
SHA25618fa8313253ea5b9274dd8b3c7aa161defde8607cf6b3e728b26123c09658fb4
SHA512e3f710f739b75b36189f57ff199eb58cd152e35d95d4b7a7067d07692227b9d4400385ab24067abc4a987d4b5b8f0ec974993d4ad0cccee2f9108aa2340a94ee
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\utymd3p\imagestore.dat
Filesize42KB
MD5432e44c11b6ce57e13d2fecbfadf40bf
SHA1d1807e1f7234911616599f5b6d9bf03a6e8f5f49
SHA256c95c7174bc6ae1f87b895dc18013e19637c063ceea7c20223ce3802777989106
SHA512d5e3537b56f89c9ae2b23186afd99793278939b9a4862062f348c66e652972e73aab6c1626f904cb0f18e9436dbe906692c19d683170b28a3669803fdfd466d1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\utymd3p\imagestore.dat
Filesize26KB
MD5cd5c8be4077db33c28012a8c3891ca86
SHA192abb49a3c6ac369ac698fbbcea9d84514e1bda3
SHA256d43626d8df8991aa19a537bee3602d3c0783ef8febaadb306131fd8ecf806231
SHA512a7306278f679ffaed2fa9517473dcd0cb9f811c4f1c22894ca8b26e55287b621860e2ad10709e43acbe759d19b08adc5c8dd8c60cf7e6a226896e05620b081e3
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF7441BD4DF81C75E.TMP
Filesize16KB
MD56549bd38fa0b5fa11ed4286b84612fb1
SHA142ed26e812a8110c96c08cdde1cb87b62b1c16f7
SHA25677ee781f711b1e46f05cc1ad6da40d5b14196e3d91e21e29d78db724fffde8bb
SHA5123bf35c0fdca75713e75472c85dac49e9372416e5eece704c15d14245d33b02639c3205bf659e28759b7e74663f1ec3c09e4cd5cca3c9e8119549987796e9e715
-
Filesize
405KB
MD58f2869a84ad71f156a17bb66611ebe22
SHA10325b9b3992fa2fdc9c715730a33135696c68a39
SHA2560cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA5123d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834
-
Filesize
403KB
MD5118abbe34a2979b66d6838805c56b7cd
SHA17f320cb81660fc6dff9cc5751f8fcc0134847c77
SHA256d054d998ae12be33820b100e0ed3923d513fa5c79c6d4e7ca1953afeb262ea9b
SHA5125bcad4a03ced2ce76c5ebf78cd2c1328a4ee27019807f56a48bf8a0f936c57f351f10726c176952f0cf08776a5ce53d34c14d6a848925be2789408a61678f381
-
Filesize
410KB
MD5c4c47e3d7ed51a6bb67b7b8088a4b0e3
SHA1b190f4e4e8f838c46ffe9507d966ea4d8b37d8ce
SHA2565e606f805a71432d4875de7dab737bf9dea1187090f0a5190da9b1bbab09f57c
SHA512b4251618479c52398ca71cfc61ad88230a14145771ef1085ab9288486d7bfc841f0ea222909f8ba6882db6076df26bfe37e1c23917569270c86d6e7adee7cf13
-
Filesize
393KB
MD5b97f16379b4c106616f60f702733f5c6
SHA185c472fb9a7f256643bc4bba10f158dfaa1d1e8b
SHA2564c392dcc8ad916f0f9df7559ab5563b01dd94f9f3b2db34617fe392e00060339
SHA512d124af2c705b97cbb307497f88c47a5f7d320174d48626ea14ac27d42bcf8016f32810cf7ecb6af1261297b8c331a6ea89e2e35c3e2536390d8d6e500ed8d61e
-
Filesize
397KB
MD5fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA15c95e5d66572aeca303512ba41a8dde0cea92c80
SHA25664f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA51220ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53
-
Filesize
412KB
MD5c5c41f7587f272a4c43a265d0286f7bb
SHA1916224c963d04b93ed54ce7c201108f398e7e159
SHA256d549110689cdde0821ca2c7148f7b47a097166b4169786a4a9ede675f5ce87f3
SHA512d4b4d01088d9f506368dc19d709b4ba6be764929b0dd05775841e14cbbec674f216b81515ae529e95abfd22ed2f3e2d2774363dd4284c8c8b57d203599555f76
-
Filesize
398KB
MD5ff5fdc6f42c720a3ebd7b60f6d605888
SHA1460c18ddf24846e3d8792d440fd9a750503aef1b
SHA2561936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3
-
Filesize
401KB
MD5a473e623af12065b4b9cb8db4068fb9c
SHA1126d31d9fbb0d742763c266a1c2ace71b106e34a
SHA2561bda81124d6ae26ed16a7201e2bd93766af5a3b14faf79eea14d191ebbd41146
SHA5121fbc2841783140fe54f3ab1fa84e1ded2534bcec3549ade2f513491b32178df515bd63a0a4a2c35017a6850ff9c3a24f8602357d912acf8ca92b8d68ba846d3a
-
Filesize
404KB
MD54154321279162ceac54088eca13d3e59
SHA15e5d8c866c2a7abfd14a12df505c4c419a2a56f7
SHA2566bdebeb76083e187c7ae59420bfc24e851edb572e1a8d97c1c37b7b2dc26148c
SHA51204ca175774cbe3f2d83543c01cc388e2715ab7b1378143db41bacdc7e7eddf05d3beef476f6acbe7ddeb34861984efb5fd7f299ec1820697c440b372d258aee7
-
Filesize
405KB
MD54b1ffad3c0075af22674765ff1ee2f56
SHA11f7b05d0ed1c6c15736115a59ad844adea5f1f66
SHA256fe3714926082ac5764327e3b67ae52cb6f0cf6b8c4221c064a6cacf821079414
SHA512427db3fe5860676fab65a9b895d205620a1ec0aa172f45aa9ecef261820e25b84f3413bc5d0a9d0c1311422a8da1f5706ac4f6211a60aacc82974cf00ff036a4
-
Filesize
407KB
MD59a21378c7e8b26bc0c894402bfd5108c
SHA172bd9f3ca75ca691ce86fe1ebbdb269f5f737bae
SHA2560d34f9588400a586b774be97e66ae8c076a8807b8455df0587b39d2a4a1a3b42
SHA5124a9d23a01f1a7474e0339d4d8b151d0269bfaf7d9e13ff6aa34d7f929002e8ff185f273e6f7afd2d40df3e0630a962dc7767d870dcf1766f3e04b8029a7b452e
-
Filesize
400KB
MD512ec66b825b504d752e8c333bf81dacf
SHA156896d3e6011466b7e6631c714c57e20ee8366d9
SHA2565fc09af94a447fae6f82c00f15dfaef9eae7c560e6cbe46d3e84524019a574aa
SHA5128cb838589ac4f9819b7e2204517445df94663d3217297212973e8b2d9fece162155130ddc783e7e89ef2832d38bace731b2ae3b73aff36ad782c707813bc52b4
-
Filesize
266B
MD5c335b272daae33aeb2c83e8a90461e8d
SHA1c7bcbf1905586bd39303853087e44e86a47c8b54
SHA256e3c1fd97b905ff659aafd4220812d1747cd30bf83c9a960aca3a0b2399872722
SHA5125aec223b49bf45f86ef78a6ff9c21a8b6ae709fdee9254aa05b02aa2cd9aedd218b65e66a984577225b0a71ce8ddc5b43b9808b39a860915497f21c5412e3389
-
Filesize
1.1MB
MD54d653e61ba01a521c56b9a70a9c9814e
SHA1de855dc3dbc914b497b58da92e0c21fff660796d
SHA256f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def
-
Filesize
62KB
MD5bd8451491a92b1aa5fe6d44bc9f3e1c6
SHA1fe210263b4bdaa3719b00994e665839c8987094e
SHA2568a416dab7b3028f3e79b41521b65432ab2d25dec9f85e220ade0157badc0dd41
SHA5123c1892e9f8812ed6e895936ad16f3f457f50283d88d37b45d780a1d5f0bb2751bb74585b03227d10367b9367c7c2eef68d88d914b8e3cbcca0b2dfca05ad0ebf
-
Filesize
862B
MD5e269224895c7fb1d2083a4d5a5d0d51c
SHA127e1afdf2330f5a4b384091fdf76d8551c03e0ac
SHA25651ab9d24f1e8deeb397ce4586dbc771841d19ae6d80dc809e120602a6df424c4
SHA512156420e4c2a9c0ff8cda952fdfccaefcc0c9ef67930f48f3b87864ed59b8db5bf11b9e1c1f3fa771836c1fc5653202837c0a52f41090495d488766a3111d844d
-
Filesize
862B
MD52544970a9292699f5c1311c2d27160f3
SHA11b767d299fe08fe78d2860cce730eb5702fc5a3d
SHA256cf96f15ea83c1c1a2bd6f971aae59b0f7dac0bd02d40133950b49ac8e19f4b48
SHA512d429b7a0daaab5e3a751101c960472460b70eca09d0be19efb88dde4deeb6f34312d3ad157176611cdaeb0600fa3b608787251d6f4309954d89db940828867d9
-
Filesize
93KB
MD5802d1182a4685e1b86c0a9dcb3f2be36
SHA13aea1c3d1925ec0e6c4e534adcccb1271c6a5f04
SHA256e48ef14933f4eb6071497a5311ca0ac6e115f7a0d57a60e519296f8fd42ad4fe
SHA512ebde9d7c89fed73ea1766fdbaf716e5ba69068b5b0c913490c9ad8703540945e2cda248b0365d6a49acecae960a8fa846da53cfbf8e19b98a6da382267dc562c
-
Filesize
1KB
MD54bc22d05b225a34a3ddb4f17d2469b77
SHA111a7a273129b3deb9cd2c77ef1834b5643469d3d
SHA256face76c9c4fad9476a1d80483d41772c805808a1383012b1c22065e30d32ede6
SHA512e00b03ba7550af9676c56c1ae39c00ccbae42a06011b37e3faec174ee1eda3dd16a223194824ba3f11e7d8bea78e74991af31b51a9066c3941864e13c91c45df
-
Filesize
12KB
MD58ee50698797304540fc85117d67fe39a
SHA12762547e578d3d4ca469b30a94c7535e57c5c72e
SHA25690f1e2bcc7b6c2e9b5acbf3211ecb0b58f9e36b4f3db56acfc07f2a3577b644a
SHA512d0497ee7a43d35c06ea7c8052311f0c4c9d25b17329f93ba67344871d7441a77dcc381a2474656f8ef4a0f1b5bdebc906c6ec46713d04dc9ca82aa470c8a4a25
-
Filesize
154KB
MD59f5c4807dee20e35df749052a9b6c7c4
SHA12b16fd4a41999bbb67d97f3cdb9fcb1f54b7b094
SHA2560f7cdcc92812368bebc2a9861a004773e5fafcb9e495830fe5acb3669a7d622f
SHA512777b1a763b94df20f2309ea069a3e2b3fc3db10fab4f799c98967cf0cfdf1de2ffb4ce9cda44860ac2a0380fae13bee452e4d23b6cd03167ee56519ef5c2e921
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
434KB
MD5f342edb6b13da9caf67f6ab25d8a0b4b
SHA12424100100917826a5933159802456d10f50d99a
SHA25665c4941404715a1090a87d5e799c70b0e5b51be9971d3db0cec2b687de2350bd
SHA51204e8057c56c4e6c009f46c7f626b0e13ab244f01813a6186e8b1cdc3b29e5c14cfb14053b2ecef35ca612bd2f31a3b3c7adb61cbd5740fff58472dc8091012ab
-
Filesize
559B
MD5025b9420ef9449d52963b795805b8235
SHA1b8c2f18753d4ab11d8861982da24f31fb78b18d5
SHA256a3dab7338b766b3b4d8196a459359ff52ea3dc63771ae333969b7119db578dc8
SHA51235653735e71571f242c4b9c1ff72748f270482e5481390c6d4760e2ae7b5551dcaa6cf57b36fc3f6f21f1d90a19258288b0d5c6b78a462cf34b4d0e81f01ad31
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.internal.vm.ci\ADDITIONAL_LICENSE_INFO
Filesize48B
MD5512f151af02b6bd258428b784b457531
SHA184d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA5121a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.naming.rmi\ASSEMBLY_EXCEPTION
Filesize43B
MD5bd468da51b15a9f09778545b00265f34
SHA1c80e4bab46e34d02826eab226a4441d0970f2aba
SHA2567901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA5122c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93
-
Filesize
32B
MD5663f71c746cc2002aa53b066b06c88ab
SHA112976a6c2b227cbac58969c1455444596c894656
SHA256d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab
-
Filesize
17.2MB
MD55b0bfa78154b1c57ab68574af285fc6f
SHA1bf9f6b357352f81a2e4427c4e5d839b89b32d3b7
SHA2560e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f
SHA51295dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26
-
Filesize
409B
MD549752a0a39a19790fa3d12ac59bc94d1
SHA11312bb92ca265a577ca152978895fb1f69ab4cc1
SHA2567fab60561b867a476c71e51249aaf7ef3452e42dfde01e7cd91220cd112cc666
SHA5124b64f1b11ea90af35e402ffa2392a9deb4454ebab9dba072710838f6448d0b3075a31a88bb74771a9c6c71c01507264ad22fc9ef19297354ebd361788699dc39
-
Filesize
82B
MD5616097195b6350dd5271aa6f30cc167a
SHA15e2e2d48a513ff1c4b9612e16c954e060c34831b
SHA256c0ad6503240446061d7da9181b625f149574430135e0d6ab32fb61f176c831fe
SHA512de5646740c390dcdaa94b020163f532978c11eb2d6896ff4c06197c0354e50d610926d40ff97d9a56e24b4e122d94f430efc76cf2539a989b9885d527c7654bb
-
Filesize
1KB
MD542db12bffac56e4a4930e4b3aa92ee62
SHA14328daa98c09fd77e139efe138fbd4ecf605b0ce
SHA256ac45002b2aceb188d5372b9a818329992da039b564a1261e069685c0dba8c674
SHA512a10ed3cde6bb5afdd2bd34a2fb69719130c6821dc27eac0dd0b80fe33ff75059387aa0e1bfcdba05f5fd80edb8e7db290d0e30e03e9e700f285557d64f42924e
-
Filesize
484KB
MD58cabdbe3d67546771b02af5d42073cfe
SHA12e19147110b9872a52814956bab151a7aa80ce58
SHA256affa7e54eb0dedce4a5721c327c1a16035edbbd039cd402e08107d6d2d55eb1a
SHA512b7f46feef779e5772fc7711fda601fdda6ee4bf41d4fb87735a0b8fdc5fdbbdab23ba1760989e15d66cf9ba65409933cbce858eda169d04f13f401198245ad1f
-
Filesize
389KB
MD5e58d41175587d4355fe06bf8b8a1ab32
SHA16403f8243ea983a225b3bcda6c821a0029ad9ee2
SHA2569abf0095066ebab37b78968e11370a8078313e48cb5be8eda01f67623c6a6248
SHA512fc432ddb67dce8a672ac268d25f01d40c1d614e4ef34cbac6c4a2c01742ebab5d00c7ef5d9f0ef46ce0b3b6a4d5ace581fcf8c247d492c3882f561015d9e2ae4
-
Filesize
468KB
MD5d8ea3886d9f59b514bfa5b24ab69c0ab
SHA12bf57942dff5360889f0e89c58d5acdc54e5f1ea
SHA256a39adf52947fafd954c2a86ce031abb8c59825f7ee50337ac8c41e4280abe82d
SHA512ba8af0415c7b0454dd8bdccf78ed59da3bb5cc5f631dd060d3cd0eaf74d8f55d7531248b6b8a995ba5b672dc0386d3fa198e8c761f2e1cc0304da0dc029bf29e
-
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980\lwjgl_tinyfd.dll
Filesize246KB
MD5e7349669dee3093d266849685efecc60
SHA1e7c3d94ad9d83f0762dfd82780d2a683d5d9b3c0
SHA256ec7d76e6ef7a99628ef6f8b6e544294b700108c341837779e6e2c01c0bc3da9c
SHA51241d772a4a9673db43a4584af78d5c128278b27efc01b7da47a9f8f629fd004aa8e4c63186d93b6cb7b664325272f0a291a1e80d9ae799910989171c1cdec34c8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4106386276-4127174233-3637007343-1000\83aa4cc77f591dfc2374580bbd95f6ba_ebaa0802-254d-4be1-a642-a8a5c0b06224
Filesize45B
MD5c8366ae350e7019aefc9d1e6e6a498c6
SHA15731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA25611e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA51233c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms
Filesize5KB
MD53e64827b712d0b179bbb4704b64589d9
SHA11af9f076d8fb5cb370ba9c353ed8decc636c1f06
SHA256e8dbad0bc20ee85b96b0dd345f16348c7110fdc7870979fb908ee36b1acabac0
SHA51218db4c470787a71cc1ce90afaa9f9206bdfe8c12a1400a48a22c9c7f3a4c10b793bcb694c281ccaaddee18cabd19315a43e62492bf0ed95a7cc44f68eb3fc9c1
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize7KB
MD5f3100902e17ab595d1f75dc634530ea3
SHA18903a8a992c3d59ee53a3f4f5af50c159ac15835
SHA2560d0830f0d593df158b36eb356480c1635b01bd8ad9e53bb536e2ea89d2c6404a
SHA512813c19d5a8703e0b9b0834d95d3d57abe05ed9525aa513fb1810752f2e00142effa665ebda4c45d8e881cea16167e16e71ae37657589ee951482a8c1e358748a
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize18KB
MD52992a843b6825e902a42e2f2afa751af
SHA1329b89c8904c28fb3f35d758a40bf1fddf579c42
SHA2567b1091bf034ae7a218f7a90425a88352bc414f57a7770c3683c22308ad92d912
SHA512bc0215c882d33edd8d8ae40234748541684bbbe9167b561043a3ed35d90bb55fc278230f788879a6bbb614e21e41acfe4af806858d3e8ff909ba731a9fc005d8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt
Filesize5KB
MD567b95a981d750bd67fb8bce0b5030355
SHA16dc54909fceabfb9d0c96e0e40a9200aa7916291
SHA2562059e05b0282a145812a3861104477f40a30e68c4bc41764282601f6ad6c6c12
SHA512a359abbd264c78491b31f10580c07bfa783aa0e669c1b02c3fa48f99768f7f3ca45974f3902cf006967afdf1611e3ff81512039fee03a54ca6e6d4707b2e424b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt
Filesize493B
MD59207c39f8d415b1867b5a2d1fe533221
SHA1a533890a8b04613f72d27a7d439ff17c741d0c88
SHA25663723e42e61082c8026af2f47d93c28b60e0569f8083b499f28099ce403eda64
SHA512bbe3d7d8b120d9d88385c4d3334b4cf91dd8d3faaba115518de4d931463df84e871581fb06f96b19dc8511a1f10026ddb375088ff3f477d8404ada9bc1e6b53e
-
Filesize
224KB
MD59ca000a0bbce4ae88d0d75e81f630404
SHA19b2380d97a0d77081b22e3ab7071688c573eb637
SHA256e113485262ff51848347e9a15ac38a3421537aa06c7e3060699c82f2ba1417c0
SHA512470e83127b15ba0d6da6576c4d41231ae3f56f4d56de46e81865cfd59972e7bfb11525c26c30da36baa5769d78c63c84f04eb5ee5c2e896b20cec86ff77af14c
-
Filesize
512KB
MD5a4554613ffc799dd1fdb119cbcc77227
SHA14a46d113bfa7b7f38cfafd8da7870bc67f407706
SHA2562680e6c3b206f3828c76801471e6ff49d9cccf6deaa93eb57af1ebcc95827731
SHA5120b09e56e84727bed7661263e018e21488d77a7e5417db8e3d7bea5114a441553ce0f22891bbeafea6f630149f28eaee8f411a1484fd4a7652d2219e74bccf0d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\store.json.mozlz4.tmp
Filesize66B
MD5a6338865eb252d0ef8fcf11fa9af3f0d
SHA1cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize17KB
MD5db963a7840de1003c7c6fe0ee8370381
SHA175fe298c38e4b70a66e3f9fa629506bc837cfb91
SHA256257dcee5f2ddda380183b364cd8c06f81184dd4544b87756564a3e05ff08b6af
SHA51284be350b74df9ef2b7a23854600a862417d2914fd73d3d1c977c7029e789382c09108cbe2bc9375e1249303e74ef571fc963ff598e2cdf65e616f5d7e1c28c36
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize8KB
MD55f580d5729d906e8d3dc102054013a38
SHA1e267215fae86dd7d5dc76977e4b6e58ea6af2c0b
SHA256eb4f4702e7ab9d7d69d40b2087f6ab6dc648125e0f9f1b65b3209be821e0e49d
SHA5125e6894907634d6ad20bbe48b554b917bc1181c217132355af8d66e62166034fef8b2e8aea20c585b2093b3209f93e5b79d49db20bd9bc8769cc07a702fbdd9c8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize16KB
MD564b29e316ddc56896f299f708c771138
SHA1be8b2aff02aa0a6f530121f92c6850df06d37469
SHA256d97d9c6dc363ce5c517e777cce8126e6e284dc9dd1810b765ebd15b20690f22a
SHA5124722bbef3e998bdf8b4359b38596ec34904717d9f30984c3a280af5ba6d7f5f01ac902c56da3fe0189f143cb88676e11ed6d9627aa1b79aefe4c6420aa5d95ac
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\events\events
Filesize486B
MD59cebd3f50eb9a3d2f84a84d82aeea34e
SHA1a56c3570fa294b301df5fdca4008fd76fa70042a
SHA256cf6066120f0fe0e7bd423e05c50e15ac5443b9a8674d8f6554af796bafe41769
SHA51241f7380dedc98ab7720e70d217e8b3e1c509ca3a367ead8f98be5049e382efe46bff46338d19880ecc317a7a068ac608542d1d137401779b5394af98bc0b3005
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0cab08d3-af1d-4294-a413-b78f641e77a0
Filesize734B
MD5d87f971cfadc118e4cc7cdd0a1678a3c
SHA1b880ac0867eb8f3f4a0187faf6f0df10dcb0fb19
SHA25627de742a1f901e702dde80af6a86a908af5e6719e0bfc50d0d59d5da82e90134
SHA5121a749fb1e24c0cf2f9ae5740d22529467b633689da9be3583c3081cb4404ec3e26ceba2c4e5b259be24aadd732c677325df0dbba89025e9583805975c1bba7e5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\8b6e71d2-6f6e-403d-bdc7-8cbeab97e352
Filesize1002B
MD5d83a1f2c1f9ede5b36c42e2541935992
SHA15aff57ecc62e050814b8ba00959697e72693553f
SHA2566dc45e93ff41b36bcce61e3083b773caa2da2a0e3406ef76e97421310a8dfdd9
SHA51294adc85da874d986fe04e99cd476eaa38bf8cf08a1b7bd106c3b1f9083544e7ba6133c690b95df807e2326a4af27e5f6e0daef4756d127e4bd05622401703e0c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a149d1f5-3d4e-4589-a1c4-b993d26988e8
Filesize768B
MD5a6c51e0dfcb0aa17624236538acd65ed
SHA17365559fd1d0b35e7056370143bd7d3a7b3d6499
SHA2560eee2948f74938d90c898a7a9fe6fd139ae29d450f46484a28a7385463080b25
SHA512d7eb1133ea91c299460eb1dda158e3c81a2a16e88dee81effca1281b017683a8c410e74f3fab4c2110e0d17d6efda1c09998b82afa8213cc9420918b0330510e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d4aa142e-ea0c-43ce-beee-585a4b509048
Filesize714B
MD5306185fcc8de0806e9f3abacdc09ad69
SHA1e31179d352cbc5d84891f1ef06d9de84c6da7fc5
SHA2569b2f585055c4d0d75490b6b765104c529b3d846842eed564cb5e93a9695277e0
SHA512102abe0d66ddfb2f157665f7ba0f80be47c988255c90b02bd18a3b291533b3d5adc4b810a2b3d43e91f4d2cdaac76c5f1e215e59e043983e21fd1c437f4ac214
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d857d081-98b6-407a-a213-d9de81804e08
Filesize855B
MD5f92e2b03778f8a870960262dfc0d77c3
SHA17ede44ce3a4fcd355b6cd95f1ee738618e4cfaa9
SHA256e2af15a2e422d6b7efc0c6c67843e63e4169c92bb70115ad56f18653a48a3aca
SHA51252463acf31a40fbad6b74a8141ab7989c1ace63b4464eb2f3b7decd83840a235c838c74d82546919b466e641fa13e1b2ed5c8308ac14cec718618c1620b586a2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\dd616d1e-88ae-45e6-a2c1-06971edf59bc
Filesize714B
MD516f6bc2554afb0143a54e088cfb50df5
SHA1a61da7bd0b528916c400769d832bc3c11f5fd52b
SHA2568481d0f22b917bf9511b164b4f709670abaddc3009a2ca7e967e59924cb800b9
SHA512bb2bae1f5ecd87b2f2eaa85eee0cfa0048f00d6cfa533b2b3709a75552a141d2590049917d001682617444db3abf0572b606b145ddb7040c4b5199e1388b7882
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\ed9ef829-5f3d-4622-8621-8a0a3bd52575
Filesize1010B
MD5592d30ce2242bfd8b098d439b54f5d0f
SHA11a98457a0a283421a18c5ba9f66d57fa91a2b9f8
SHA256c1c9725681b250a73b20cc7b744eff5d30c6eeae38988cc606d48b4efc493561
SHA512fcc50fbbf5af130ee765390ef63d5c070c6704d1902a38e2b36a0bd855494c78eb99b84473f947b5c6f96e37d8b9ba5a95c62c6b36e1b09f2274113403b434e0
-
Filesize
5.0MB
MD5101247fea8ec2cf02a32b78437b770d3
SHA11b721902a6a448d5ef23c46b7973e0fdf52eb820
SHA256d53aec18c789f0ac6e87c0a14918190a48d1b91dd83e3af96b553712756115f3
SHA512f24f7176183de45f72515a396a4881daab93b2209230aa63e83cb7e0120cb4ccf2ab13a2a74734d2f5e3765bd7c1400530a73364eff809da489ec58a3421c3b2
-
Filesize
256KB
MD562237228461d36a521b3046c9ebe543d
SHA1039baf8d61896f3ae462d6a1c337196afb29ae21
SHA256e30b8ca951675088a21f75853b689347f38553b435de4530d096ecce2d58a661
SHA512656b4fc9827591d5b1ca4bd59010f20d69e83f5b1eb1828e8ebf702b652e1d85c3134dd60d64ec1ef72ce7ac059d33d622cb99051b8517b7be1678e094126c5b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
96KB
MD525052fa1c053a2c30505d5e62175e435
SHA11294b79b4640067e73b6f1488dd862d2cd7b7c36
SHA25611a21a2466757240307e382cfb96536f60ba391296f17ac56e9fc77914fd64b1
SHA51228def49a85db2f4e115b2dddf17a5d3bdae890291f04b4f5c9757c78802d3d947d707db6e26a4428d5803cb7438d17903ff34bdda9ca0a4375c5452dc21903d4
-
Filesize
5.0MB
MD56ff0ed7be7040846fb30175bbfb564f3
SHA14f9ec6935e6d40e5d951710fdbbfcc8ba6fe4da9
SHA256290476623db9d4d5cb424626ffa8419692202745dfcbc2bcc64312357a6181ab
SHA51230f5499daa6e006cef3a3b1fc5d8980ea41a6be918d4f62ace16d43bfd64ae027a9cd52e7823675b0c2f1fdc934970f1e9ad9ab161e9722d1d9ce6f6d2d7a39e
-
Filesize
5.0MB
MD5a35b2ae2d4664e541761d6071cc1fee5
SHA1ed033c0403aa5e93a0f5a082c818a97e391f3f47
SHA256f792cadc16eacdde791001bcf62ab3010add4a2bdc297e1eeca53f0c5e5b3b34
SHA5121ce2116ea1c56fae128214fc134863dd3832f2d429d3b55d4497072585b813cf4c28a82ea2e794ddfc7750cab7977f3a4af4c91aa09ac1e6ab7dd325cac989d6
-
Filesize
7KB
MD509c775b1dc56a24bdde3bc03d97414bc
SHA1f75d00cbdaafb0673580ecb8230fc352fc0c96cf
SHA2563bfa148d4dff4fcecfb8472491f3ee39f02eb6e038aabe2c65ff00cccb614dd3
SHA512e748a3dfd54a7e11e3aa3395bee644e17999da86ffaef83c2c6b99cbb42e1e57753d6a875ab52a4c75728c1faa99bfe17e89e24b79f83d32b98e71de4cd80c48
-
Filesize
7KB
MD5819f1a97cfdc1dfd9dcb2ccd706f4471
SHA16acd78e07d545c8d7fe30e9c1c07d10f7ac590e3
SHA2563a3cf8750b1499ed31cb91ef6026c03c323258e8cc5ed6c87039f8f0b2fb255b
SHA51218b7b980772ac49cbdafd9e4b37dc5f52eba6059ab8bfde0ba3fee5e5b8ae66876b57191a6b6ead2de780790650a6793ba1872790768923b57c4b405eb3e7a85
-
Filesize
7KB
MD51174ffdf635b04dd16dccf89b0bbfa0b
SHA190d97ec441cf2604a2af6a04bd396d76378396c0
SHA25636a78df592a303a00bb51565528c3c903edb7546d3d2f4ac44424615de04d690
SHA512feac0168d9bfc12fcde2357de5b3a4d4cef7b8a4b34399dc10dcf8e55d731f3eb97aa50cc280409d6389f18897f5c7c6b63dba88bee5dd3d563e5e34bf3c97da
-
Filesize
6KB
MD5615b87ab68ab7ae870f882f6a0d05c49
SHA1641ecbcc9cb62a3f07ee6d635097219bf6a7c548
SHA2562d89f97df79c1b4801fbffc4d1adf99a10595fdae6758afaa527bf7aca7770d9
SHA5126a76a7904f15f1b09bd46cd2f6ec5c7333e31fca1f4de96d8ee30cecf837f4c3cceac11937679d0edac2c8052503e01a059136d7a4c26e261a745b4ea5c18197
-
Filesize
6KB
MD595ceb5c879576e55da52ea8f9d63ad32
SHA12a52dbf80dc99540a01533f65b2f3c52603992fe
SHA256683b7fda4eca43282e719c0e49de04b28a75f8843decf5983a020d80e8678c00
SHA512737630a9964031584f2ff9c4a35d1abbaa79d6cec2f45201e39aa2ec95e7b8666326933eb378544549aea5f7f9bec45745c04ee968df1d35f919e7974612217a
-
Filesize
6KB
MD534ba09b33f64c6be138b74bf68503e54
SHA160960511c231615255f5c838a582439b860fefac
SHA256f0332f29fe1327764cd1dd331369678bd858c364e625d1883a5c28e16cb0c73c
SHA512d8dc989adb073fc99ce50ef952b33c84e8ec42fd2c8273c4846b550835682a6b759cae15329fbf7893e1521db47b4bc234ba317bc9ff2fcb558b26732b18d8db
-
Filesize
64KB
MD552f81dc1949409647056ecb7b7b2775f
SHA1e746d8bf5f2e5c07d371833685a0d6317cf3859d
SHA25602ea9271575c3da7a83e99d3a1c068a4bc6a84d0bbe083a1b5fba7541ade4654
SHA51218423ad9ccbf09689f8b2f4b3f7e3e4258819a929aebf1366f52875eb2cb72c320e04d42785e6505e0ce330757567462e6bd9e8052f956f9e7c6451ee3989f8f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
Filesize288B
MD5948a7403e323297c6bb8a5c791b42866
SHA188a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA2562fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA51217e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
Filesize259B
MD5e6c20f53d6714067f2b49d0e9ba8030e
SHA1f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA25650a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize122B
MD599601438ae1349b653fcd00278943f90
SHA18958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA25672d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize53B
MD5ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize146B
MD565690c43c42921410ec8043e34f09079
SHA1362add4dbd0c978ae222a354a4e8d35563da14b4
SHA2567343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize259B
MD5c8dc58eff0c029d381a67f5dca34a913
SHA13576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA2564c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize193B
MD52ad4fe43dc84c6adbdfd90aaba12703f
SHA128a6c7eff625a2da72b932aa00a63c31234f0e7f
SHA256ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933
SHA5122ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize15KB
MD52d7ed6b8d3a286c7a16f2453cdff10c3
SHA10bc175e95d3d51d2e9e3ede3b15b00d9ba10a19a
SHA2561bfadfaa06013526189a06448369ae7d3788e29e2efdb0cb74512f04f1280e70
SHA512a3630c14c8f10faff79c8ba9a8f4725c6892e08d2a218f9fc7bc97f74b2ea0143695999582270e731c24b1ba71c767126e54ec06195aac3e1bc124e8dba0e7a9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize9KB
MD526d651fb1a5ac6059fa0b49dd9330728
SHA1422489cf56bdc0a376bff824c5e3817d6f726679
SHA2567b6515319a1904ea151e361a85d223a6be64c8adc49334be4f4dcb55722845ec
SHA512e50020f7ccbf4ade858c6928e58d86f8309a19894de6ed0ba742e802cd66a46e8873c2f40ba0bd3e2e973f9bb69cb4a43fff258afbc939e98dda557ec4fb3258
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize15KB
MD55d20bf190065566a124a6ab96129471b
SHA16eeaaccd0e64357607bfcf93581c7e3dc7fd856e
SHA25615b14f7b429afab372577d0ba2a92e754f46ba29e446e19d846419db7a56a244
SHA51290152a48116b3086e717bc0d3c8a708d4a6805c0f9cb88aea8c769592ef8635af09611441244c2051916f4799d3fb938dbc805aa9f1c02a716d32686286a7ca2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5db2e5b5c2e6f4590bcbfb44d8f735521
SHA1c3685137745099860439806ddb15fcdc41d30f4b
SHA256cceb3c270c0dd5d72bcc56681f0972e9f49586c5122b00d4ad1d6ee3345fa4fb
SHA512fbef2dd46f2890c27254fd3ceac35baa69f3fe8aa944e96b19c21d965a48119b1cba8188ee96ae71facca8c5da98773142662b5bf80bb78ff98a1b5e4be24700
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize10KB
MD5f826cc75a2315542a45f6a228ebead65
SHA1228bc08c95e32e7f7dd97ee6a140e283a45cb8d2
SHA25667365265b71025d972e579bf237f9655014ddf0d2d03018772814e05bc89ceb1
SHA51212c3710638470ddd0a7561bfb01e138092e624e39ed7d8ffa44b1bb53d976929452efce9589e1a871b522f91a4d72348308c3e52b6116f7cae272fe0c1634c49
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5720617bc7211e3eac7226f0ad3c6b0d5
SHA14799a3bafe878e527b215378976a4b73861a6f4e
SHA256246cf925828d370cd8e8a8d8672ab8885d9f161c50ac33f68e4921faac96e1f7
SHA5126151b2a20249bb7a6a08b1cd48202c330951f152c14aca255422a702c6f93784f3fca58b0dccdf41c90ab5ffc703b67d0adb90ccc64ddbe839d298ac24c0ffec
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize18KB
MD521a383d1370f8d29f13efba3527f231d
SHA14c96b6c16aa49633dc695b22fd3d3f297779cfd4
SHA256e41fbc2c4cba45855a961ccf12c43f19d90d673378affdd18b28c68b5fc4b328
SHA51250d058cb2cda9136dec85c966d02873780efef351b24563b5fe7f1b7f1ffb0717a10fac91c9d5f87eb3869acb195aa4fd028644df778dab09d53bd4649753522
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD59537421406476bd61d397dcb0d0873d6
SHA1129cda7bfa5d1a7dcd6e35003d0c595fcead58bb
SHA256055bcb25bae9e180739167c22b9fcd8c669781915043180cb7ca3e3809e7b0ff
SHA51240e3161902bf393a2bc49561458b38d64b3b63959cfb7b3f3be8a25f9a583fc3e08f8829993bd0e68cfffe970ebd02d5247ffce289a83ababd4ebf8606bf23c0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5b0c052671b7c854e587145dcc313e364
SHA1a6dc3767aa0aadb4b5ca17b6ca83f767ffdf23c0
SHA256dc8f6b86614e30097186122410fbdc19f83e22bf82af418588d3b5c5d458c44d
SHA5121722c2011607bbd3f84e563d789320d1ff7a775d880ff0cc8ab4780619393a14b6c3cfd8726f1a595f4c7ed681f53f0aa8db38395c5706e182223bd459a18e3f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize14KB
MD5d3f8cfe547a662b7f69e15ec8e089622
SHA1ec9b1474c41d9acb38f71636352eb647e8efd361
SHA2564b4210490f671b66ba9749ad0e84e9e34acec891573df52aadc667d1b595d128
SHA512b7d10b895e98f4fd912853c30b512a7d48f58f004a9388691d86ec6c3130923418ea5167f1623d864296320cacd600343c4a2303dc96269b52a958458b9030c8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize7KB
MD5f47c25b4e290101b93f307c6db4ad80c
SHA1df41aafc9c741ef71270a56c741dbd8b4bc507b8
SHA256e541b94d2e3b90dcdaa86ef03afe9078c5b91b6f20908dbd2023214f86432666
SHA512c26a961eed62aa83380bab7831e934aa79e8f590b0e6a16026e2e28e9779d56ac4fb57671d51aaaeb40bca5d10d31b2bbfde80033ce6eb89b7f3d1df6cb86907
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize15KB
MD520b553263597f20c7c6f6b0a4574c317
SHA1e7e75605ab684d5285e014199bd7e6c243451813
SHA25602f72736ffd279a2f66628fda1d6d8142cfe4004b844ca53954c2018ef2f9c15
SHA5126d2b8dc3c3bb12ab2d3f312c7cde20180babf397d40a1f01ae9ace200247561ff4c9a5642a897fe386547f8a3414ccfc79a4558fe4acf35155f96f45499f055a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize9KB
MD556f82cf8bafd040cf15786d69220bb4d
SHA19c833ef37a83d6bcd4db25f3bcc5aaae761ce501
SHA256843ae17e793a3a049d154f724b0af28663236c9a88d02f578e77b5cf0cea63ea
SHA5125962aa159d5b3a25a9cbb8ad705e714a9614cac98cfcf2d1665ca6816a85b0ebaf87c44fc66038c0421657330926433071f30cf6adc49a153578d726e745da72
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize9KB
MD557d21d129f04e16170df1ae011eae7f3
SHA152bffca93e3312973326c1e4cee4daf5e3238a74
SHA256a9f4123289ecd4bd4706f3444fcb1657aff6fc7bcd17cc5860c02b11991835f1
SHA512abb778bd1cb1d6b26ad68d0b394b22e7cc945b4aec3edca6e1bfd1d45ffc65bf7b5784464729068f33a511302590923346326fb31e11885789249e2b2e346474
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize10KB
MD5b5d253894269a44eb76f202c9d8c966a
SHA1ba353ac4a6007ef90bbd2484d42c649383ff0529
SHA256fde6c76f3ea3cbf99b1d16f768af2559b5bd2d71c776889294c921532b795aca
SHA512da9e71d3c8896bbc93b9c2b9a8353618322baecd2f37177d5b44e504b86490aa55345dc8da1af37093f121c628ec21d05e529a2782c01319d0d562de0a992f43
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD538755fe7c3d6d0bc49e5e1b8557b3ec8
SHA15658551bd8300c52b3c56c553f250881a276191d
SHA256793495438ea4930528976414838f4b0a520adc94c8d5f9c0bdd2cb9db8db7b58
SHA512ebfe7dc715a887242b3c1b4c7f2f76f14f2c83a042b4966987b11c0a9233da42d6bd2f53df9174c8787cfc9d94452e23451bf8f53d9dfd4e8d09de56ee1ffd68
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize18KB
MD5412b33c60e7ef6330eb6922017b3de27
SHA10ad464d36341cc387d8bdcbfd796ee7c6746fd2a
SHA25670d5a295002bfec362fd299310d28f3c9fc263d0a6715d3871599ad41971eef6
SHA512de5085b7293da932ab2c9f7e9984533dee0cbb9d407fe7817c6fd09bea7ae24f214e3a341e9fa0a0c47099263793d853ce329a5b2b264e6082ba8e5bd4872a9f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD52adc3021bac2bbc4caa517b051c0c705
SHA137a9f18ee5526e1c09bb8a69b63e48ca0b40de31
SHA256ea214d94312ede710d0447c8be141122b59c0b15eb973d3fde87aa5a0fd5ece3
SHA5129a8468a4ee5c96f5b32f13bac4d19fa66d596bb9446deef1e4ae9f5f226cf3b2b519bb8eb26fce616c8a5d99ce97480532052591e14bc3bae86760992a94748b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD51e780a770210e1df33235fc23a5cbb1d
SHA10825cfa417fb8fad2579bb9f45a94bcd1efeeb2f
SHA2562d0aaa45f3e399f6e9d06c31063b6e8e56f6fec289c8d0f200d1da0c7a21f3dc
SHA5126c44e51d46b21a42e8f15e9917ae9b56dd2357b4238db06534d46e3fb169e14fc92dbfa364af13da423271387f30ba8ad4dfe06990e51b97dcdc3bd1bcad4e78
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5275da86bf66d090ddefa598e517c835c
SHA17716fc0d7afb152ad051e1b9fc904bba67c16365
SHA256e97b5ca6ee7e1dafefb40bf961204cacfee5ea9cc5d23ff2c3a79fab61e3eff5
SHA512d1bdbb2069706e78c1b6d51c0d326741042e990abd9fcee8a31325cce60d022589e995acd5f8f0c47f929bd093575b30487341941b7e60ffcb3da17dd14794b6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD521e5ed0a12006291965c4b6ba59ab88a
SHA1b25763bc00d96197f256631c13e3c09264448b26
SHA2565c42d7eff0fd1c720cb040af1fa16489d97bcd0d4f3df6faacb0c4057cd2963a
SHA5128b1d592cb0293a4847c95470dc63b85dea5b72f5aed18d3c48dda651d9402fccaef56cb015180264892bbd077245ab8cbb816c1682d8c2e01451333d041d955c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5055d98f0940c27795f1d7b38ed26ebb5
SHA18d0590b9992b263bdac77af66b1660efcbd7dd3b
SHA2568013ac3dfb0309d52c0c93871a7325baeff9a7bc40a2a1dbf4a35ad798c9ad0f
SHA512f4c0fc08dbf467dcc73de5b3544dd1a113ad7c2e1209dadece0337f9f146ba39f9385948268d18a7dd88ac8fd43949951ef2daf58765b3a41b941127df8d9659
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD52af81c22326ea3ebcfe987678712d455
SHA1b4a305985ad2314254ce4c386185f8f7145d86a1
SHA25643b603d500c92e84300c1a30c33d4efb281b252b7e476b26af4291a81f278da4
SHA512ef945ee60890cfc6f04d8a9ab0799cebbf7e9aaa6c808020afcf0f86380510187fa93201e9316af4654497ddb7242c4f9ebb8b5a508064437138e85f587f8270
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5e13d98b7c5c592e9ab29c285480dd5b8
SHA117160e14ac18cc3d6003e9684aaa3878d9e47e6f
SHA256b287af7379daedafeac0c8b5ac33ed25b664e89ee7e594ed38695a21083a9526
SHA5127de380c466b30679fbf3bbf55bb733f31d4d7d0e1cc09a22b6322e8b85333ae96f7579e14619bbda88a47eb215a7604b930abb975033474b4cdf7a62af684e6e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD507eeda5905d94c82e71de138820c89a5
SHA15f79aaf58ed052812f29f2d3be425c873b6992f5
SHA2569a4673d1093fb2019673da84988806aeb141fdbe58ea7b5ff490a7ac6f0a6d5c
SHA512bb19625c6924ca3fa44938ad18232835fa5f6e219ac9655c03919721200fe6fc3989ab8d030e3024304e6bbe9bef5f2921d1e2b2982b07df84ea2f4fad03c7f2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5d9012f853c1825c7179fc7bd98de4cce
SHA15c6deeb4d5cab5417507648a6b36217a821ce692
SHA2567b87d014ecc9fd1bdf3e8d09f63f3ae676bba3ac5dd2984a4f82c349b0895d67
SHA512f83219d6dd3c0c63c9a34d098c03824e47f8f38e9f93b2e61dca7646e460cb9369e850288b22866adcd082b859d8d7bc8f548611b8c7066cd0af00b8fc843716
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5cf5570288e8832b72b1b91b608cd3f72
SHA1c7864936e6e48cb1757ad7d1d110fd8065f0fd92
SHA2564a1241dc5443795bc05c62a34dee2f54ab707a920c61a36df49a6b0092889a67
SHA51200271798ceee32ec9416d3c779be385bf86d2afe523796ed1b871626278748f04b8a7f204624f7b32321493c3e9089deb6e2211f82660256bd8d95d85e49e81c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize9KB
MD550150ae61392cc657891b4aa72270157
SHA18f8880ea293cfd13a5cefed5089201421d8a32d3
SHA256adad95e3e8fbe799d821179ee84ab3eda09d551d2445dbf40ae598bbab8240d2
SHA512b7223c3507b6b53428d8fdd7423d6f798fe0ed961506916b602de2fe2dd0c427ea974107e56dbfd84e56dfecf61244d7c3dc2a538d02bf9e461115da5efddfd7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
Filesize13KB
MD5d0fe97f4d35082c0ce77beb8362ec643
SHA161248aff38f3fcd18741de6ffa4fc12078f90bb7
SHA2560286ccc6c8d5d160833af587b93edb1376b46a8a9a4be889744a6773e0bc3ca1
SHA5123fecda21df6c9aae2b69513c0f5c4081366379b440922400649ec13c2d584fb6affa75eea3529ee1761b763825f4b37f18e126e1c2ffa38c3f42a9cd4c1b365b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
Filesize3KB
MD5ec822112e6adb9eb96e96322cfd89839
SHA18d745b8587f74415e168176b10215f38f531392e
SHA256308b807ea50c72e520c3eec4bf9f360e75696b8013dc9942175376946073706f
SHA512777c38d1ff7c14615167c6ea4c67b10f15b8f51ea44d146661507b07ba8e4de9105d285bdbec44db6b2a7fd831905e524c6ba159ed07bb2c75237c6085bf3355
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
Filesize8KB
MD51575102d67c5dbcd216d2fcbf15c344a
SHA16454955377f8771987c7db2dac7499681f74fa23
SHA25698dec316692a9568907c955beac1352e1432745931c13f6ee218bdfc435d9655
SHA512415a248e8e15cd376daf6405530351211b8d5fc14db7035daa48157cf87e51fc774185e7f7068954273c86a01a0d5b969aca95254b5e3f6dd4b2a07b2bda8bee
-
Filesize
4KB
MD5debf32ada80a2241dfb3b9fd13ffc2a4
SHA1122203cdd1f11536ab975d536e39fbd594157f76
SHA256694b5cc8cfe554135252e03132bdca940a13bfb02e0ee205bdcff5ae7537026d
SHA512d90c80674a692629e5ef3d2d71b67133cbf69224fb6cf6e852b6b4fa04d721ca7243be2ef090ef6cc77980c186250cc82a0506b289c85f51135d955fae51b8c0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++open.spotify.com\cache\morgue\120\{a62b87d6-d776-4a1d-ba6d-d8de18681178}.final
Filesize23KB
MD5a8a7fd2141ad855f81d1ddf519364693
SHA197f7f3f17943dee44dd352681985a0f7293cac91
SHA25643648804333d60ba9cc91e77ab8216c723b2fb71f8a75dd4892bbaea53184e19
SHA51269ef0b52e9f74a10e27e625d65a202b620cb810cae0d6812d306331f4a27824dda4b21bf6f83b9e8cf9a3156bdb7e39e11eb52bda0078f37ec437a54e8b48fc4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\.metadata-v2
Filesize62B
MD5b85ad3acdc3748abdd4ce4894fcaaf73
SHA112277eeb5899e1b33f57a1a6b4e9f920a48feeb3
SHA25689117e18bf7915c54bd8aa2289c5a0cd3f279e3756a9b4b4fc2705a36bd4a21a
SHA5125030701858889f72f12b6687759ac6301b62461f316fd17039f6f3d83d09b6c9ab27967b2fc235e8fa4ac5748c8dbc5196519db61b73dd059cc4e5bfb029fb1f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\ls\usage
Filesize12B
MD5bd528fcca9960597ca63fa020c5b1082
SHA1c0ae420c7d6a6487479a757894bdb61ef76a64b5
SHA25689ae79ea8815f86407797af5e46f32547c7920320e427a0b1818a4fd1b82208e
SHA5120eeef6d2f38bbfade7f7b992efb37e93b886dc82035eb5f518ea6c729d1a7d672c033f92dc88fda27b3f99e96f6a05e6da5a901178e3b2f29276b93b5abb5fbf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Cskmedix.pl%29\.metadata-v2
Filesize176B
MD57f843187587ded2fc81ffea60f2e0339
SHA1b75e4234b97c092000999e51d42f5b02e60b900a
SHA256debb8dc821a7cb086bb6a09cbc2318bcd5426b7ae4dc1e6307e2723b1038617f
SHA512d14b2e68a9f5f7f80de2eef8c2156ddb180ba891cef9e7ac335ef96cbf4ee7c563c82f253d7510815184bba565842b91f23f0282ebc4244acf532d1c73141376
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Cskmedix.pl%29\ls\usage
Filesize12B
MD5ef5bef2c23533b20775817e0acf08128
SHA17e6292d37817cb31904c13795ff44f14e69a7678
SHA2560ef72b88336bf69ce23a2f09cd08268e0eb7ef6ce19e7fd0632c7179a22f7f31
SHA51261c57a8772cbfd11f9118704795d4ac30259b447ab34575ae25636fa1f7138d015e89514ea9025abf3fbce791cf597023a3ac209ca3a27031aa2f01aff2cd0c8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize48KB
MD5038a95e8f7bd5584c3f99c0e018b6961
SHA1feaa021d20a70e343a12bd85239ad9039af70649
SHA2560008e107a2485ac77c6e224c6752f58ccbead638db55d383b0666647c79d84c9
SHA512f126ad78fb2331245b20c3766945d436fbe2ec8353896f1b90175bf2067582fc876284c14706f72500d520c0f117d53602709f71dad5f9e74e373d71e43e659a
-
Filesize
219B
MD538d5de040f836f59636acbfcb9b4854b
SHA150c0629a4ddcfe74dc1dc108e2d8a65545c74259
SHA256685d07ca85d5bb59d1e21526281281930e499dcdf9553e135f9c441c44593ae3
SHA512423fbaca940b262a66dad4afdaff52c95d56cba0ce8b11fd797fc40ac6ad7768f5c9757d65512eea0d9bca6e6cb9bdb0416db204158c7b6ad09dbd01be24bd58
-
Filesize
1.6MB
MD5b63468dd118dfbca5ef7967ba344e0e3
SHA12ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA25605ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548
-
Filesize
68KB
MD52bfc98e213a2f0708ed43f0f2bbcca32
SHA19c777f1e46ed449d5b45fe8b0a8e0938e23159b1
SHA256cd6ad49081e1244265ef98475218bb843765b72702e2c7635f6a2be6164439c9
SHA51254d3a8e86bf0c6cb1b120ac339adde49bd3a3ab54ad4781791d80a12dfc80948b6076a42adb930f1efdfbd2ddc08b0e8f85d29dfc6692c4a748bb042a1013068
-
Filesize
152KB
MD5cc98845b2100c8598411b753cab5ea58
SHA1a253a714fa68ff34391be3476f307c8edbf637b2
SHA2562bf4be1f2ece869159c1f8d5c0a8a4b806e8b9007c1bcf2193a36621f99279e8
SHA512a48b77a9d255221e3f72cff6499f063a5aa7c0f25369734422934b6844fb0519af31215141a11c09983bd2bef737c34517c30e68dd6589b0d0808459931a0893
-
Filesize
15KB
MD5c352b03e421407a2aa9eb8ad3a12856c
SHA1f75431d84190b539a76d47bbecdb0c9fbdcf7667
SHA2566eada6e5391930544fdece53aac83be53b9b4b66bb1dd02ec9b39650eb0e7b12
SHA512f659c09aa8632b27981ee94a6b4846edd3e28e3243c4cbf5efa42d2744e5c24839199b42129e109fab169e17c1070930f02c2c76c6f0b49aef4871a1cc7466b3
-
Filesize
22KB
MD5dcd68a87b7e6edbcfde48150403b22eb
SHA128e4839a29725075772fccc39b44e194eb91e477
SHA256ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71
-
Filesize
248KB
MD5719d6ba1946c25aa61ce82f90d77ffd5
SHA194d2191378cac5719daecc826fc116816284c406
SHA25669c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b