Analysis
-
max time kernel
247s -
max time network
242s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
04-05-2024 06:59
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
pid Process 6032 SKlauncher-3.2.exe 6552 javaw.exe 8104 MinecraftJava.exe -
Loads dropped DLL 33 IoCs
pid Process 6032 SKlauncher-3.2.exe 6032 SKlauncher-3.2.exe 6552 javaw.exe 6552 javaw.exe 6552 javaw.exe 6552 javaw.exe 6552 javaw.exe 6552 javaw.exe 6552 javaw.exe 6552 javaw.exe 6552 javaw.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe -
Modifies file permissions 1 TTPs 1 IoCs
pid Process 3972 icacls.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 21 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz MinecraftJava.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision MinecraftJava.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ MinecraftJava.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString MinecraftJava.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier MinecraftJava.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 MinecraftJava.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings firefox.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\Downloads\SKlauncher-3.2.exe:Zone.Identifier firefox.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2760 msedge.exe 2760 msedge.exe 5956 msedge.exe 5956 msedge.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe 8104 MinecraftJava.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeDebugPrivilege 3456 firefox.exe Token: SeDebugPrivilege 3456 firefox.exe Token: SeDebugPrivilege 3456 firefox.exe Token: SeDebugPrivilege 3456 firefox.exe Token: SeDebugPrivilege 3456 firefox.exe Token: SeDebugPrivilege 3456 firefox.exe -
Suspicious use of FindShellTrayWindow 49 IoCs
pid Process 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe -
Suspicious use of SendNotifyMessage 14 IoCs
pid Process 3456 firefox.exe 3456 firefox.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
pid Process 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 3456 firefox.exe 6032 SKlauncher-3.2.exe 6032 SKlauncher-3.2.exe 6032 SKlauncher-3.2.exe 8104 MinecraftJava.exe 6032 SKlauncher-3.2.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3592 wrote to memory of 3456 3592 firefox.exe 80 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 4496 3456 firefox.exe 81 PID 3456 wrote to memory of 3560 3456 firefox.exe 82 PID 3456 wrote to memory of 3560 3456 firefox.exe 82 PID 3456 wrote to memory of 3560 3456 firefox.exe 82 PID 3456 wrote to memory of 3560 3456 firefox.exe 82 PID 3456 wrote to memory of 3560 3456 firefox.exe 82 PID 3456 wrote to memory of 3560 3456 firefox.exe 82 PID 3456 wrote to memory of 3560 3456 firefox.exe 82 PID 3456 wrote to memory of 3560 3456 firefox.exe 82 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://skmedix.pl/"1⤵
- Suspicious use of WriteProcessMemory
PID:3592 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://skmedix.pl/2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3456 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f26e86ff-bb60-4049-b083-28e03e3f5e52} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" gpu3⤵PID:4496
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {284c9eb8-f475-4091-831f-be1e7437112e} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" socket3⤵PID:3560
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ae1851d-b625-4236-a40f-d3816340405d} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:4956
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3560 -childID 2 -isForBrowser -prefsHandle 3672 -prefMapHandle 2760 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {830c8191-47c6-4614-9b0f-cfdd0da89c47} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:5044
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4300 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4476 -prefMapHandle 4472 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3caf0620-6ac1-4c9d-9e9f-bdc495845910} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" utility3⤵
- Checks processor information in registry
PID:3460
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 3 -isForBrowser -prefsHandle 5600 -prefMapHandle 5556 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c643162e-08d6-4b9b-945b-2d5b7861799e} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:1544
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 4 -isForBrowser -prefsHandle 5768 -prefMapHandle 5772 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e667a607-8905-4f88-bea8-5e87bdbcbadb} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:4444
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 5 -isForBrowser -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47d9482a-e590-4d45-9c82-8ec78867e568} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:2388
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6340 -childID 6 -isForBrowser -prefsHandle 6332 -prefMapHandle 6376 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff0cd565-baaa-440e-84c1-2a4c817800c4} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:3952
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6484 -childID 7 -isForBrowser -prefsHandle 6492 -prefMapHandle 6496 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {823f1564-010f-406a-ad60-7755e48d0c1e} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:1852
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6700 -childID 8 -isForBrowser -prefsHandle 6776 -prefMapHandle 6772 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fd0810c-81ba-437c-a9ea-9509af29c59e} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:1880
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6732 -parentBuildID 20240401114208 -prefsHandle 7040 -prefMapHandle 6728 -prefsLen 31077 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87ef2e54-4472-480a-a4df-c270a5d0d3bc} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" rdd3⤵PID:1796
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6720 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6708 -prefMapHandle 6712 -prefsLen 31077 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead9f852-06b1-40ce-bd45-a3ebbcd3f7b6} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" utility3⤵
- Checks processor information in registry
PID:2316
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6672 -childID 9 -isForBrowser -prefsHandle 6336 -prefMapHandle 6328 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cd04143-f6a2-4a21-8e1b-2c387af861cc} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:5196
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3956 -childID 10 -isForBrowser -prefsHandle 3952 -prefMapHandle 3908 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5319f4a8-424d-4346-be56-c070d2d02926} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:6040
-
-
C:\Users\Admin\Downloads\SKlauncher-3.2.exe"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6032 -
\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version4⤵PID:3824
-
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M5⤵
- Modifies file permissions
PID:3972
-
-
-
\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version4⤵PID:5332
-
-
C:\Windows\SYSTEM32\reg.exereg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme4⤵PID:5624
-
-
C:\Windows\SYSTEM32\rundll32.exerundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb14⤵PID:5856
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb15⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5956 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc2ae33cb8,0x7ffc2ae33cc8,0x7ffc2ae33cd86⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:26⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:36⤵
- Suspicious behavior: EnumeratesProcesses
PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:86⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:16⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:16⤵PID:5156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:16⤵PID:5752
-
-
-
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exeC:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe -XshowSettings:properties -version4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:6552
-
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exeC:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe -Xdiag -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=16M -Djava.net.preferIPv4Stack=true -Xmx4096m -javaagent:C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar -DMcEmu=net.minecraft.client.main.Main -Dlog4j2.formatMsgNoLookups=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.jndi.rmi.object.trustURLCodebase=false -Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050 -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050 -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050 -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050 -Dminecraft.launcher.brand=java-minecraft-launcher -Dminecraft.launcher.version=1.6.93 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.2.9\brigadier-1.2.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\7.0.14\datafixerupper-7.0.14.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6.jar net.minecraft.client.main.Main --username se --version 1.20.6 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 16 --uuid 0f4bfd5cb62931c28add1d7c99ab4d35 --accessToken 1edb6b0ad96a42b28f525bdd6b67e794 --clientId 0 --xuid 0 --userType msa --versionType release4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:8104
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7608 -childID 11 -isForBrowser -prefsHandle 3636 -prefMapHandle 7652 -prefsLen 32670 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76c22e9d-c95e-4d6f-b57c-6c671855daff} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab3⤵PID:8296
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5676
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6136
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD50148e98b31991988b0fb612d4b3869ac
SHA167d9b2fe300fe40a46777a09f3117c6f1dfa90be
SHA25660a1ff99899dafdee64a83dd5438e24410100d6d3ffa46aff310197b3048e7bf
SHA5121b1dac9f8c8857d1a8682d5c020853d86dfe957c845aa8c41b172c7892f9c09531f81d03ead1c68b4d714c4ab68048d77765a70b3694f4dfbdbbc93cc0ca4f9e
-
Filesize
152B
MD5b8b53ef336be1e3589ad68ef93bbe3a7
SHA1dec5c310225cab7d871fe036a6ed0e7fc323cf56
SHA256fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1
SHA512a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537
-
Filesize
152B
MD56e498afe43878690d3c18fab2dd375a5
SHA1b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd
SHA256beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78
SHA5123bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD502000b89dad7cc51c8a3a1c5fff0b644
SHA13fc34e531202d71163107da16bc99b4457e84c45
SHA256a75c3bfef4a129339996ffce520919ee5466298f4bfbd0dd20003374029675a9
SHA512954a8cf70e3858edd177bdf75bfa8ad71e6f016d6cf1a18e90fc91095335fe462079558b434209a2a309cf34c218ea11c2164f53eafe23423616d947b242effa
-
Filesize
189B
MD55e1f9068447613da1cf1cef1ac1ecd24
SHA196a471227975a7987934c420f6c0cf3a8457302f
SHA256e018c545680b0da8a04b069210dffb60f4a21c19dfbaa8ad1dda4e64acedc35d
SHA512764d9814b388d8cbaa1892843e951b3717bdfcfbd88be4e881f0694eb96fc6a9a4c77fab9204f42e70142b58dc9cbc55c2d208e704ae0473a7f65175fc611ee6
-
Filesize
5KB
MD59fc8fb53ca4a2d68f11c6fbe14f77f42
SHA195e99124c8b378b562a27d61cbdc1e9aaa27e3a1
SHA2567511c7ea907ba6b81249168bbb964240b9f1653b60ea880b721804b86aa2fe2c
SHA512dedcaccee81ef85c016b3672f5b224ff57a27a2e9a5327e621053abc0b7d8f61d24435b9a3d3b6dfa43e33435b355166073122eec5924ca7f3004220f0728d97
-
Filesize
6KB
MD5cf9566a6a52fa11b4fcb7e1bb1e3e259
SHA1fa77c740dfa4a119f4865618665ff275d8158670
SHA256d0a146c897128452c6d01ef7fbf68c0776d2de777e01bbc4cfb0987ba18c8bd8
SHA5126b300c2efcefca7117d97b6c3fe92c43f183cb935c0cba91b447b635760a79eaacf84375116293a2afe5ddafbf9add13296f23a06c04b318854d6b2bcb2f7fce
-
Filesize
11KB
MD5a744bcd69e6e858317a6ec2ca221a3e8
SHA182cbaa959230c55b79c9fb243b9d950c6aa6abeb
SHA25694ed15a67c71a23915c5b41cc5ff67674485baeb1d327bdaffccacbee5c29b17
SHA5129169f196b0d15291a53c0b4457db3689fb9d27d20fe42e56cce6bdea7f6e6388b8cd22b4c412d3f664bafce2b21cc87d6fc4a80148ae890332b98951a6179230
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\25964F52691AED972ED9651DC62D2ED649D0CA04
Filesize74KB
MD57066551dcb670f080fd6bd773b814762
SHA1ecc443d32d5a20f8c5844cd86acbaf792815dfb8
SHA256cc6d62c5f3cceb6f78bebbb5f1abcb728ee615180b8d2a6b92ce323bb5ba9a93
SHA512883cde697a0969e2cb6b5f40867889c0b4b2e90e2cd54ebd448f8a83dd2b4b6d3994db35c7bd47122ca7de130d393dcd80e9ef2803e6766fb870132b4c4af45f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\2642B139127293682A334A3B94AFED2E56EF6902
Filesize17KB
MD5e5ae82c93342ec30447cef1ae916c38f
SHA11c71836c867c79bd53292ac17280cf2faed5fb51
SHA256f0ea5ed96ac0addc63f0e7ca9e769021eb4239fe44b5a93b696e512d094ebc75
SHA51239f356eaa8b37cb13e1a3b5ac17b0d2294426db2e7ec9ac5ea780c280f4e8444392e06d8f4e9e0f79ddb2b362dd973d83efa382fb9cd91d84e3e54f2e309ecaa
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\29080FEC855CD2187E892DC013F455B0F9E7066B
Filesize73KB
MD583acc1736f8f31e603e602e8a90c1192
SHA19b18cba06a34513fda0e81ea569dcb6b08fab709
SHA256009cc2828fb17243bfaf0bfd1bf39b4952835d12e14197242c0d018501f56f94
SHA5122e6ef7293d17cbd693e6733ad6e68f692ae0c9f23698161834554821c1a67613a008a24784fcc04fa243c25832a9dece9bc5cdf2d8e3f24f241b56d203a36b6c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\38080459652B535AD0DE543435FBA672A01C1BA2
Filesize23KB
MD530f09201a5af0b9e42d5d17bbfd156c1
SHA1b935de3662a680195023403e570633893e9a9d2e
SHA256d3602f31fb7f02bd6cdfec943b1a8bd591c7458e25b80c1ba37c7a3c6ab0eb90
SHA512617d48a6dda55d9c51e6b140a8ad646ef0dc1fdb481c8bb3baba051da3149ac28bd998f1e374fcddccd0389ee0afc86423720cb65e032307eaf2e2a87d3c94ab
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\5CADC9E137EB9BF00D8AB43AC271FC1942D71299
Filesize203KB
MD53f7f161f73849056a1ee6cfa75fd2c94
SHA1462622725273daba41e2b1d78092508c0252008d
SHA2569037f1688938811f08ed474f9a75519429bace6f6eb50a553a1b9b0cb2e5778d
SHA512184c8a43a8bab863f75a17439ec942e19610363a336ed565b916a8447364e1e1b4e29bad65469e51155ff875cf6be42fccbfd1852beecdcb1dc49eb357bef5de
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\5D725DA1DD35E8A5C0B1026F1D46210CD974636B
Filesize136KB
MD573f0a82e3846639bd437ad68149fddd5
SHA1e2514279c3bc698067bc4a607b23768ee943305b
SHA2560ad07721882ae73a37deace123c015d046b118fc38aa417b7a42f19737c10d45
SHA5121a9e29c82410768c4a59fa922057ee1d58ff21f1fd80562bd800395ded8831d48ff5198c58c7a9067eceff4a4a2622787435236c178d25db3814af05c3d5f9d0
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\A9820D3AA01082CAD0464F5D7B7ACC7020B5827A
Filesize18KB
MD5d1495c09bcdd0fba0998ee4a6c3b9cdb
SHA145ce04a0916917e5a53abed9cec8864c686ca258
SHA256129f3fbb599effc387735fc97491303d130a5198a3f8b2019379b18ae456800a
SHA51285ea763f25c8527ab43f1a9e09b6a2525ab56b2e38007ffadc43859229f4307f0a9d21bbc0b2b922270497ba686e6028a9b0bc81d6b93b948dd0ee816ad235d1
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\BDEC96904459D19E2C404220905910C78EFFD20E
Filesize42KB
MD5f2f070ef0fc546f0c113ad74a6ddf468
SHA1941ca2d94136b06ab5bb657e88418dde2b5270ad
SHA2568404fb424058e41a368636d2069603319d25f0e740212f89e6c6ad3e181bf2ba
SHA51268e3f62f27c166252e4af1068edc8d63e4bae2f5054be1cd7d8421d0bc80b6fa1f16f219732c2bd4e2d21cde5d086dbf0be87217c01536b0f98ed3250a1f49b0
-
Filesize
398KB
MD5ff5fdc6f42c720a3ebd7b60f6d605888
SHA1460c18ddf24846e3d8792d440fd9a750503aef1b
SHA2561936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3
-
Filesize
405KB
MD58f2869a84ad71f156a17bb66611ebe22
SHA10325b9b3992fa2fdc9c715730a33135696c68a39
SHA2560cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA5123d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834
-
Filesize
397KB
MD5fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA15c95e5d66572aeca303512ba41a8dde0cea92c80
SHA25664f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA51220ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53
-
Filesize
266B
MD5c335b272daae33aeb2c83e8a90461e8d
SHA1c7bcbf1905586bd39303853087e44e86a47c8b54
SHA256e3c1fd97b905ff659aafd4220812d1747cd30bf83c9a960aca3a0b2399872722
SHA5125aec223b49bf45f86ef78a6ff9c21a8b6ae709fdee9254aa05b02aa2cd9aedd218b65e66a984577225b0a71ce8ddc5b43b9808b39a860915497f21c5412e3389
-
Filesize
1.1MB
MD54d653e61ba01a521c56b9a70a9c9814e
SHA1de855dc3dbc914b497b58da92e0c21fff660796d
SHA256f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def
-
Filesize
22KB
MD5dcd68a87b7e6edbcfde48150403b22eb
SHA128e4839a29725075772fccc39b44e194eb91e477
SHA256ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71
-
Filesize
248KB
MD5719d6ba1946c25aa61ce82f90d77ffd5
SHA194d2191378cac5719daecc826fc116816284c406
SHA25669c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
559B
MD5dd38c2f98a5b924798cf745fe5d9cb2b
SHA172ab0f80dcccb978626aafc8e535616e84e2f6d1
SHA256cb8c0e806f62e24eac4b194d61b463c3306310ff6ee1e27f43db37f1ff8b3286
SHA51285a5cef4a8211b57f7ec4d0dccf89107c33ee02011da989cbc685f141e092a33e972afc1ddb25b878fb8dbf6ff791320ca108d5cd14d6cd97def7f1c571f159e
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar
Filesize956KB
MD575676ac6c1a3c4b0938f73e03eef8cad
SHA1b1d8ab82d11d92fd639b56d639f8f46f739dd5fa
SHA256fef001a7a13515c273f30915915580782afbc45273cc07aa15994e51563ef310
SHA512c1e60c340ad0d603f37d6ae0b5ed5ac2833b382dbcceaae84cca69cbf8c4dc9baa7ff741002da3e408426e5100f6c6402713083a05b1a4e3bc5e98923d7a15d4
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar
Filesize276KB
MD5df6097815738cb31fc56391553210843
SHA1b3add478d4382b78ea20b1671390a858002feb6c
SHA2564241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593
SHA5127503e4b8d05c6cc0ecb3a94c5a2e070e049083a441003a79a0cdf474f4286699b4ba1d2a655ddabb8ba10c50e7c36a7045cccdaee465166d4630db647aba2727
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar
Filesize4KB
MD5091883993ef5bfa91da01dcc8fc52236
SHA11dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
SHA512f8d59b808d6ba617252305b66d5590937da9b2b843d492d06b8d0b1b1f397e39f360d5817707797b979a5bf20bf21987b35333e7a15c44ed7401fea2d2119cae
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar
Filesize2.9MB
MD55fe031b3b35ed56182478811a931d617
SHA15e64ec7e056456bef3a4bc4c6fdaef71e8ab6318
SHA256bc65dea7cfd9e4dacf8419d8af0e741655857d27885bb35d943d7187fc3a8fce
SHA512d683751034688863dc82315a75620abbeeca525cc592d5227b136c29902a0d035f306c6bfaf87d00d95bd1bd967953b00a932286ce09cfba1a0fb35efd852cd4
-
Filesize
13.9MB
MD523a23de561dd4f83e13d46e7273a35de
SHA161ad4ef7f9131fcf6d25c34b817f90d6da06c9e9
SHA25629280822f4b0796acef1f79b90b1d0c1edd86c10e876a848e04b8a6298a16bf9
SHA512cec14b1da327c77c28ac9110af772d771df6297050dc79919c57059486eaf502ca542223c4a0f5bdb1ddf22d645b550f3b40422ee5d5fb0ebdbb07231e28746c
-
Filesize
112KB
MD58d5cc32d757f204ed369e6b27ff99469
SHA1de8bc95660e1b2fe8793fd427a7a10dcec5b3ea7
SHA256319ea7b53b5e52f62ad3e2b81e9db7f0751240edac548bd74f5f19e35dc21a3b
SHA5124390482f1f8cfb65735670efc5ecc14913d6a637c35c30c4ace35b346751b7fdeb5ab1eb9e183b40b57f251ded8ab57e3d77d195d14e21910acc8e327241359c
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar
Filesize964B
MD5fc1420e3182dd32b4df9933f810ebebb
SHA15c685c5ffa94c4cd39496c7184c1d122e515ecef
SHA256830bfd639c8db49236bbd8e45d3a2b8c96c56ff654a10118654958a6235d4c44
SHA51210da612530b7c1e1ef3acd02d2d71fd689f3688fcdcd8b0710a9af646816c88fedc6ed2ea8da2d58e61c6ffc9347a61993bd27dfe04cfc3b646a927bcc48da4d
-
Filesize
78KB
MD561cc6e0f954ff702955aa264c752d389
SHA173e324f2ee541493a5179abf367237faa782ed21
SHA2561f46f6c679ad59ad5d6228e7b91962217a588f25bd259e0691bc9c5a54b68bcd
SHA5129f7c86ce72d4906c8a22bd9dd9140da104416184c20d36211fcad779b20b465f484ddb88ad266613cca6dba188a3a3a2081f0a92044521345c2a7c626cc6b94d
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\7.0.14\datafixerupper-7.0.14.jar
Filesize706KB
MD50196308d39eeb5bf8e7795a2d658bf95
SHA1db3485dc1e6b712bd81170d5ce6dca2fb2f8bd86
SHA256d7392613febff2c7146cefad7c1245ec102432393f7aaadbfbc78ff43ef2076b
SHA512c4ccc6e75e797eec3d24504314da169be708926b9caad594fe46727968809874cd0ef321f3d32c86140263361d1779a73ff37970e201c25b7c6ca55b58cb34ee
-
Filesize
14KB
MD5d01ea99740509a58222a426cc36f5456
SHA124cb95ffb0e3433fd6e844c04e68009e504ca1c0
SHA2563dc3190204bac5f4184d8405bfe1f724f73a6a15a0d3f36ec7f69e6872c1a76c
SHA5124637804df47b9191de9d219a12374c45175e790dc230040946db541022fb06ee5f6c1fd07cd6700465a6add5e66e96bf364e410da32bfacc4044507424a96e1e
-
Filesize
4KB
MD5ff905bf0aacf501149a13880a2d6742d
SHA1da05971b07cbb379d002cf7eaec6a2048211fefc
SHA25616d70e7968b45caffc81576268eb000f473fb60bf257182d3447dea8ec919d5a
SHA5125d66d948fc5e4be401ce6800f36ae896b9315abbb63cc0c0d489ac10651392522c9e52d2a42bdeba095b713917f41ff04121d34675c504da716bafa55355e171
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar
Filesize11KB
MD5f5b05e8db22e2e0668b786e11ac9d3ce
SHA13cad216e3a7f0c19b4b394388bc9ffc446f13b14
SHA256c2a95b499e76fada7dd63e9b0ec797b678d411c2b0ee6f37f4dc674662bfb0af
SHA512e7a9ca0449f1fcde00f242043e6f2890993aed4d98621e77a46858c7c9f4a1e5134cc77c33dd2d3b83b2e7164e99a616e3aaefbe860bb209be23e74f7b32a29f
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar
Filesize352KB
MD56e26920fa7228891980890cce06b718c
SHA14e3eb3d79888d76b54e28b350915b5dc3919c9de
SHA25656595fb20b0b85bc91d0d503dad50bb7f1b9afc0eed5dffa6cbb25929000484d
SHA512eee671e66d808b56b81e15574675cf132d7628c010736d580915bbf8c04849f04df1d95ddeea13c4e119f8f0a564c7003beeb8ab437564e080ee27063c1e52b9
-
Filesize
40KB
MD525877c45f515deeda937a433fc9d8638
SHA1ad3ecbae138e73104eddbcb38547eaba9e19c29a
SHA256c1694de697acb4830726fbd9ba88f94c49ea152900cd353c6feffaedf90b23a5
SHA51209a23ad95f979b462a79ccc2f426d81f5a641ad3ba96afa3f0f9d17f2c7c9c624b10719cd5c5771ae8465466c6f73aa5b2a41dbaf2020b9c98ea8479d885d019
-
Filesize
108KB
MD5457499494ca72d3c07f4e85fbb6ca4df
SHA168906a6cd331bed1fad68b0e12ae0782b1d1680b
SHA25682335b932f11482c5f36d12786a9301800daab0e828b3b16abf68c12d4fbe5bd
SHA5123c2a7e67af1e0522a2c6c3d6ebc41ea942c2bae361b8f04d983f9227afbedfb704a93a8838f2b2ce84997cc5a1a72bccbbf0ba2a7bb07370fad725409174499a
-
Filesize
38KB
MD5f548570563577d875b23595d678f1524
SHA16b306b9b213f0f9a58a48b37358aa8c5922edc99
SHA256b279c3aea41953bf7a674084fd866b211df000855504add21fa0da8bf06468a9
SHA5123686cc38e204ca8a4018ad18a8ba5884dad8b0549ac79b471e973de19ce3435b36d030ff92c826d5b8f371c90640a1cbc52b9118e7a4806d3571894829dcccbf
-
Filesize
22KB
MD5730f42f7933defd6f76cf31831c34d4e
SHA19d18162dcc2f33d36a6e9bdb5e7c0c582406fd9d
SHA25627a502b241ab2071f82dc70580417e99289ec8a9fe29d5363c69d9bae8cc1af9
SHA51294b2db8a2cfda6a00f0ce784e0c37c3beea92ecef944a53f747b919c39c18d8f16fac1943645a437c07a07519fd0f3db2cc5bbd1ccc91a14dd470e3b524cf6fe
-
Filesize
77KB
MD5b8055efdd184b39d15b663f2aa04550f
SHA1901c0e89e9de8c6df0055b2fae83a6d653ff9c40
SHA256e933cf502c14a1af8994f0e64853b98190f0ea2fcf062f7f80cf1712080b4f9c
SHA512b114cc1d6ae7feda2cbe7ca23bb008746be8f72314b097a7d297238c94caebf78f5c103502dfbf9854d94f342962ac776cf215e4d99c40c80388ac5df43d102f
-
Filesize
839KB
MD533c5b025990bedbb0027ebca936134cd
SHA1a801dcd56f41a086337f136cea81ccedf36ad57f
SHA256e1ddd4d366dbfaf78d342e91665cba387d5fa90dd1172efa5567016c689d7f34
SHA5127ebd988b33edd8b24034fd60b107953bd9dd41f9d36facf7b05a530b6c383b96d3582c930244a0f6bfd93bbf8e7b4c93491a61e85119f8486dc682c4f2df4024
-
Filesize
553KB
MD56da7f4530edb350cf9d967d969ccecf8
SHA13e2681ea91f60a7a9ef2407399d13c1ca6aa71e9
SHA2569fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da
SHA5121f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab
-
Filesize
47KB
MD56a223da529e7ca5d493b2c00a82577e8
SHA1ea8856f004ad8d8502b7df086d15c88ac96cc06a
SHA25650491e9ca18a77c3012dbcfb9c4a89786949ba966f5abe9977d18cbde4f92faa
SHA5124502ce6b0b960c411b8ba52ecad400ba844034e36d87eb710ae775af2966bc26645cb1556251ea1f9f29b89aee52e00331aaf9d0f779735349dd49e2c2861a23
-
Filesize
68KB
MD574c61a471c1fefd9b23871fc432762c4
SHA1f1efba66e37d299ab5fce0f0b9cc33d03cfc139d
SHA256819cd3f849aeb6394acc5b28d4c2629bcf04becafc121a8cc5e092f7f42625a2
SHA512c6e542fb04b32545d9656e193f9dce98009830b1da427e5fbcd5b21915252222e75f1a68af34e65a7faa1569a95ad66346cf5adf33c4c61a6b83d89955b63bb6
-
Filesize
13.2MB
MD5e9b6daf0745597cecdac3059143505fd
SHA12c6d4109e1f29a90d54480494dab77b47a6d0d95
SHA256b5b8c413b1a51b9c4c6489b99197208ed676c9a8c1b8158967ddb8f58efed649
SHA512c587d36e6b746b453cbbd2a5920b6e2d32f297e0bdc50b5c3d0323f0a7604adf472783bedcf9e1afb3ed4f7b35087c5bc600677487258f4fad05ded38400ecca
-
Filesize
95KB
MD5f34eb034aa4a9735218686590cba2e8b
SHA12bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA2569d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af
-
Filesize
36KB
MD5135359d350f72ad4bf716b764d39e749
SHA12e59d9bbcce356f0fece56c9c4917a5cacec63d7
SHA25634048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32
SHA512cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba
-
Filesize
77KB
MD569e1a1e6e0ca8fb542e11b4be5c0502d
SHA1c915dd2ce2b7a410c76c6990509eff9fca594d2a
SHA256d030ef0d7a9113051d14455f929df54bf4f95296016a383bb3763b640497d260
SHA5125e71383425876e6a6c6e21a0d285ed3229c7ec7e01d0c6a328b2d3fc93f6ea799251e582b4106090e5633ad7acf5c5e2c151710d8012dc30433490e4a0d54f6a
-
Filesize
32B
MD5663f71c746cc2002aa53b066b06c88ab
SHA112976a6c2b227cbac58969c1455444596c894656
SHA256d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.crypto.cryptoki\ASSEMBLY_EXCEPTION
Filesize43B
MD5bd468da51b15a9f09778545b00265f34
SHA1c80e4bab46e34d02826eab226a4441d0970f2aba
SHA2567901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA5122c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.jdi\ADDITIONAL_LICENSE_INFO
Filesize48B
MD5512f151af02b6bd258428b784b457531
SHA184d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA5121a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129
-
Filesize
29B
MD57ce21bdcfa333c231d74a77394206302
SHA1c5a940d2dee8e7bfc01a87d585ddca420d37e226
SHA256aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0
SHA5128b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b
-
Filesize
67KB
MD5575230bd0c50dac003d275dab323d2f9
SHA14f97aff9b52b3d2736993a35f9fea303c3e09cda
SHA2566e7dcf3dca0f14a9d2e1a20af11c400bf4164e02708d819768fcc4231b4f4ba2
SHA512b9d3ff63f982592f6e28f17eeaadf0549cfbb8e5268ef1dabc763f42b6a27f1f1e1bafe3e901215e95431de5f2ac5abf515864898d8aef5c38deb7a7abfeda32
-
Filesize
17.2MB
MD55b0bfa78154b1c57ab68574af285fc6f
SHA1bf9f6b357352f81a2e4427c4e5d839b89b32d3b7
SHA2560e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f
SHA51295dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26
-
Filesize
484KB
MD58cabdbe3d67546771b02af5d42073cfe
SHA12e19147110b9872a52814956bab151a7aa80ce58
SHA256affa7e54eb0dedce4a5721c327c1a16035edbbd039cd402e08107d6d2d55eb1a
SHA512b7f46feef779e5772fc7711fda601fdda6ee4bf41d4fb87735a0b8fdc5fdbbdab23ba1760989e15d66cf9ba65409933cbce858eda169d04f13f401198245ad1f
-
Filesize
389KB
MD5e58d41175587d4355fe06bf8b8a1ab32
SHA16403f8243ea983a225b3bcda6c821a0029ad9ee2
SHA2569abf0095066ebab37b78968e11370a8078313e48cb5be8eda01f67623c6a6248
SHA512fc432ddb67dce8a672ac268d25f01d40c1d614e4ef34cbac6c4a2c01742ebab5d00c7ef5d9f0ef46ce0b3b6a4d5ace581fcf8c247d492c3882f561015d9e2ae4
-
Filesize
468KB
MD5d8ea3886d9f59b514bfa5b24ab69c0ab
SHA12bf57942dff5360889f0e89c58d5acdc54e5f1ea
SHA256a39adf52947fafd954c2a86ce031abb8c59825f7ee50337ac8c41e4280abe82d
SHA512ba8af0415c7b0454dd8bdccf78ed59da3bb5cc5f631dd060d3cd0eaf74d8f55d7531248b6b8a995ba5b672dc0386d3fa198e8c761f2e1cc0304da0dc029bf29e
-
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050\lwjgl_tinyfd.dll
Filesize246KB
MD5e7349669dee3093d266849685efecc60
SHA1e7c3d94ad9d83f0762dfd82780d2a683d5d9b3c0
SHA256ec7d76e6ef7a99628ef6f8b6e544294b700108c341837779e6e2c01c0bc3da9c
SHA51241d772a4a9673db43a4584af78d5c128278b27efc01b7da47a9f8f629fd004aa8e4c63186d93b6cb7b664325272f0a291a1e80d9ae799910989171c1cdec34c8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize12KB
MD54eb70ca6f22683e0efe701196ee3c318
SHA1b872f2b2e9313579708e71ed36ac266630724d31
SHA25658e93d7ab8107f74aeecf918a249df05a15d9e8206510f120c7a71e5fc2b44a4
SHA512356ab2e47bc2d0314e2c9da50a849f6c1b0f485f16981376fb4b9fcc177e4db9efd52aecb6640362f3118d0a1adaf8a506e1c690c3f4400f2fae37471a0f0981
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize13KB
MD59390643d91caa79c52f21269b7eb5f46
SHA17c5f99fa3431b3b48123e96c7d1b02d622d2cf0d
SHA2565d0c737b442c9396e2df696065b85a57670a915a182bb416727cecc79ce4086d
SHA5127ee075cb2bd1653681851289a441bca5b0a24316ba16b39ea8649c0c53131fbfe25019d75c0fd5451cf2b48b9603b85bbe77a1576fc456af688a18fe5f03e5b3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\AlternateServices.bin
Filesize7KB
MD5cf0d285731d555e9d767fc67453d8f84
SHA19d7f1a879d030a706887c486a409359befe79dfa
SHA256012a29de876f5e97ea3f64f556f71b543aac15840776bcb76a8780ead7837eb8
SHA5128b8d5201ca44a4a945aaeabf4bea8a6d72f31fb4e0b851c252b930eae52c91a42f08dfdf40554ddc3907f4673463df6d1b79c7174f8d95cd09e538e4a13d2cc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5f4f9238fb8d0f412cab9ef4b5f1b9ac3
SHA12b9dd91fb02bac36b2227b563a3bab4b7eddf5cf
SHA256a8872dfc217741e35c1e883ae69012056c66585f89f8ab0058d65725290123ef
SHA5126fc7e4076585e4a162826172a269180777e9f68bdb557d8e215b426b03d6d5e27e5900268a21f55941aa3ab9e89ba84e87dec7fe8a66c497f8cec9ae72ffec41
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5109adb304fc6e5839d8bd4287dbc5a4e
SHA1c2c1c0ee98984382873f93eefe369cc7602050af
SHA2560add6122b96e11e372d52f0ca3ca6f4c87a73aa44af63a0857c57a32a35fe75e
SHA512f1b21c7af81d47dc41eb2b76e601760bc471c6db3b54b3d27d875e185056d0a2b666dfe4831f6162858afda504f4dc205d80e07968488343829c89ba00f87f99
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\5b0fec46-9d51-4313-90a8-134dc4111c43
Filesize982B
MD50ac2b0cfa0e1f55087ee6471ab582874
SHA136ef6d84853561c5ac35ca0a1ddb8e780530568e
SHA2562003b5976ba26e81636c6ec40d49915f6b487f652a29256e67eec2a838ccb52b
SHA512b9909bc75e56109458b4be06c28fe7bc356e05aa4e4cf31dd82900cadd666764007319e847f358c2a30b2442ce1747d38514145aced24d65762985315637f145
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\86ff3948-6298-4bba-92d1-bd9f0dd751e7
Filesize25KB
MD56f8c06642c790fed2256c13c81913e53
SHA1a706fe33eca788493a4131131f15d8ae63ef65f9
SHA256a11e1906066e2df5a8cc7ef466c17cf0a8f5ba58c097450e9711c4ffda62529c
SHA51255f9b1457314e8ab11b05fc02039e57edb1a7d279a4546fa03b195f7f4871f63a457be66637e34b976faa498034e8923ead13544e19091bc1f1f0a5c567317fb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\b7cfbf75-b82f-44e6-b4ea-24454c61f978
Filesize671B
MD53be7e3e7a4269523ba93079000ca6fe3
SHA1ddb1feb821f76c83e74ef56e63efa00613b7d0d5
SHA2560f20282c44952a9f98f94c94167f507821710603b9d3922ca0d7395c1802652f
SHA512cd9b96b405486fb1c3ed2e090d5718c471a5c9c9bb90dae8cdee2e779313a035c5f83e992b5fd4c742c8a21d1680d5a7866de91ccc3a47cf08dab34e2fbbcc66
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
9KB
MD5b1e9806690059d98a918be167f245be2
SHA1d9a66e7c82c3fcbd087deaf2bed432abda5cf066
SHA256020994401bfa9456d96278723eb76f7358790d7a571ff3b32dd45c409393cd41
SHA512f244fc27a2e01168e13161451233263c2eec82c903c6b37d45ee48818e9b597a7c6b5839ac8a1744e13d3570779732a411bcc8e6972ee2406b5d6f69fb3cdf35
-
Filesize
8KB
MD503ea26349805087ecf09bea831146190
SHA12c391a4dfb45c297c900573916069d988d346f01
SHA2562257435068942682d3758808daf8ccda105326f0f3da2f15e9d435cbb55dcf21
SHA512515e58d02ec0682031ca76ef28c2da73b4b09768ebe6a01225cfd11c50553485f08647ed521eb419b4612f035dbda241a3c032960aef810fb79e1acc71596a33
-
Filesize
8KB
MD520c75966c4bd8ece6027df97f7efe814
SHA1aefccaae43813fca51721ce03d1ebb8e7469715e
SHA25690dc621a8c4908a53823cf0174efbc34eec077ae6ce357a0e2d15d5d82021268
SHA51281b1b5b30bcbd46fb3cbb0126e39c7e6b24fe9caeff7589b7caf67a8e6805e1cbb21fb831df4009dc0c911a1752d598bede44b3d9eb6cdbdb1532bcde7f2492f
-
Filesize
8KB
MD5274440e78c26a7b14434e280e084a2ae
SHA11c87424bb4563425e00aed5880af8564810602cf
SHA25693a3940c7184883d08afda98a26fda6950d4a9e0fb1e474b8ac590bbe7988007
SHA5129a2e348c7170ba6239d9051b51b78ae3fb3fdae44a8d1b6b2332c83f0628018e73d5061307817b63207c5b5b72a96664a490f598c8e8a877904cfb60439032dd
-
Filesize
8KB
MD5181e979d8e17c13fb5d063628dd3a552
SHA1e829cd22a735915abf6a7dad2f077d578c0dd241
SHA256b96637437dca24b67163439c2f483ef62454ad4cc6a66723129fc6d66e981a59
SHA5127e090ade23b9a3e2a731358acc3048aff5925338c9a8f64ba99c81a9d30cd9292c6cef4ad3edcdfb43fe6b5a6fbc42d6aa48e74c14b1c2c08458e191f9f30f08
-
Filesize
9KB
MD5639291e6e0b5544c703bde5af136796b
SHA1d0f8a8c5b5a2095ae2c032740cf69d514573b826
SHA256ec98051241a343c4f7cdcabbeb8ad1a1d75c5a04023da608920d2ab8cd22c339
SHA512f15a3721576dec2f93377cbf1e02ef97d08a10752deae521a3c0171cc9e6aece69d2880b3e7c7e1439ebe040a593ca26ecb0fe66fc8b1b4485e78e6fdab529d0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD5b5882b9fdfa44e54ab7c7d5a7d110a8e
SHA1e27908f33abfeefed7830930607eec527f7fbfe4
SHA256d019fa785b1b044366d0acbe8a05dcc9795d0b6215500502c047baef27914ae6
SHA512705865da4b818c5cf6bd8080e1ffe7a882a86d90f60d630c40926c163e48b5dc14d3a0a97a8191cd7c2a6a0c2bb9df653d047d43f2ea33a860acae01ffc4235c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\sessionstore-backups\recovery.baklz4
Filesize3KB
MD503cfaef6f7c712352211a7a6ddd87493
SHA1d1ed4ade9a1c415717667a3671105ceb563e4835
SHA256873b4c92cadedf98f1e5b58b5df16575bc5823574fa336edd91f0939171f98e4
SHA512b9a600fbc176666b3e6be89823a2a63fe18a552567c03f5ecf47df6ed0863b32b5d737d48036d545fd048b4d203082c923e5b3b0921217190154a61a64ff3954
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD5c239b1e19c1458966b47cac439f74e0c
SHA10551a9b3b506703b05ece2e0ab463fe620f681d8
SHA256e6a6167f6ff1d8cb3c7279edbca2228db03a7948748c1ed912bee66fb110a766
SHA512acac95a32a8333741e7e4187c3732e4df7aa0f6d1c9301636c16e34ec648c6bb9a46e3f55308b84453017545a59b8f1a44ae9c8076695de232cce5a71438a0ef
-
Filesize
138B
MD58b52d5f53dfab48adbb7013073a6581f
SHA181668705ae296472b43670efde4a85ac95c1122a
SHA256fbc335b52756077b5e429a442bc4a612b10fd3171d44935e1a13df109faa43e8
SHA5121a77518de358c67e8e85f7bd2b912821fa098c6105f3fb036aa93cddecdb06366aed575b7b7ff220bc63f233814dec16e08c8f9d2f5f3edee2fe0e2f7fd81c53
-
Filesize
1.6MB
MD5b63468dd118dfbca5ef7967ba344e0e3
SHA12ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA25605ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548