4e839b8267d170c054a00292d0d93440b9709066db6f787132f866dcfa8a9dd4

Resubmissions

23/07/2024, 00:52

240723-a76dzsxhnh 7

23/07/2024, 00:47

240723-a5lxkaxgkd 8

23/07/2024, 00:44

240723-a3t56axfkf 7

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EclipsePlayerLauncher.exe
Size

874KB
MD5

7a1acb733866558632ab929bef57828a
SHA1

3351f2d2648aaeadad4d6e7d212152f6ed7bc615
SHA256

4e839b8267d170c054a00292d0d93440b9709066db6f787132f866dcfa8a9dd4
SHA512

b074123fd9b8e01528ef49c9d46a20c9c33b634e5b367b8f8e575f6b63687319648c822ae4d54b71bcfa8477f087c1cb29bfa72a64a58c3436cd72e11714d91c
SSDEEP

12288:ljh5+ZymNqi1Uc6Tn0aYWBsTKIgCTsjfLxLS+AMDRFJh8H:ljeZjN5t6Tn0a7VI9TifLxm+AMD/Jhe

Score

7^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	EclipsePlayerLauncher.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EclipsePlayerLauncher.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\scripts\Libraries\RbxStamper.lua	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\sounds\impact_explosion_03.mp3	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\RecordStop.png	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\ios\textures\sand\specular.pvr	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\android\textures\slate\diffuse.pvr	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\sounds\action_get_up.mp3	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\sounds\grassstone2.mp3	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\Plastic.png	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\Settings\Slider\Left.png	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\android\textures\water\normal_13.pvr	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\sand\diffuse.dds	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\fonts\characterR15.rbxm	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\fonts\safechat.xml	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\chatBubble_botRed_tail.png	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\StampToolButton.png	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\android\textures\fabric\diffuse.pvr	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\ios\textures\aluminum\diffuse.pvr	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\pc\textures\wood\specular.dds	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\sounds\woodgrass.mp3	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\ios\textures\granite\normal.pvr	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\ios\textures\pebble\diffuse.pvr	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\ui\Shell\Icons\[email protected]	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\fonts\gamecontrollerdb.txt	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\sounds\uuhhh.mp3	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\chatBubble_bot_notify_dotDotDot.png	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\particles\forcefield_alpha.dds	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\MaterialButton_dn.png	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\scripts\ui\Modules\AccountScreen.lua	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\ui\Shell\Icons\[email protected]	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\pc\textures\sky\sky512_ft.tex	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\pc\textures\woodplanks\diffuse.dds	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\sounds\grassstone2.mp3	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\water_Wave.dds	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\android\textures\granite\specular.pvr	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\ui\Shell\Icons\HelpIcon.png	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\android\textures\sand\specular.pvr	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\fonts\fonts.dds	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\scripts\CoreScripts\BubbleChat.lua	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\Exit.png	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\Settings\MenuBarAssets\[email protected]	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\TinyBcIcon.png	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\Vehicle\[email protected]	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\android\textures\granite\normaldetail.pvr	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\ios\textures\concrete\diffuse.pvr	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\pc\textures\sky\sky512_lf.tex	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\shaders\source\smoothplastic.hlsl	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\ios\textures\water\normal_20.pvr	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\android\textures\fabric\diffuse.pvr	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\android\textures\grass\specular.pvr	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\android\textures\water\normal_16.pvr	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\terrain\specular.dds	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\cobblestone\specular.dds	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\ui\Shell\ScreenAdjustment\Background.png	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\water\normal_23.dds	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\ui\Shell\Icons\[email protected]	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\fonts\CompositExtraSlot4.mesh	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\[email protected]	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\Settings\Radial\Backpack.png	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\ui\Settings\Radial\[email protected]	EclipsePlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\scripts\ui\Modules\EventHub.lua	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\scripts\ui\Modules\FriendsData.lua	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\cobblestone\diffuse.dds	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\ui\Shell\ScreenAdjustment\[email protected]	EclipsePlayerLauncher.exe
File created	C:\Program Files (x86)\Eclipse\Versions\version-five\content\textures\advCursor-openedHand.png	EclipsePlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 10 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2433E01-2A13-41E0-B36F-E4B999D72C11}\Policy = "3"	EclipsePlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2433E01-2A13-41E0-B36F-E4B999D72C11}\AppName = "RobloxPlayerBeta.exe"	EclipsePlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355BCDF0-086F-4A38-8CF4-8E02BE4035BF}\AppName = "RobloxPlayerLauncher.exe"	EclipsePlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355BCDF0-086F-4A38-8CF4-8E02BE4035BF}\Policy = "3"	EclipsePlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355BCDF0-086F-4A38-8CF4-8E02BE4035BF}\AppPath = "C:\\Program Files (x86)\\Eclipse\\Versions\\version-five\\"	EclipsePlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2433E01-2A13-41E0-B36F-E4B999D72C11}	EclipsePlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2433E01-2A13-41E0-B36F-E4B999D72C11}\AppPath = "C:\\Program Files (x86)\\Eclipse\\Versions\\version-five\\"	EclipsePlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\eclipse-player-eclipse2016	EclipsePlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\eclipse-player-eclipse2016\WarnOnOpen = "0"	EclipsePlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355BCDF0-086F-4A38-8CF4-8E02BE4035BF}	EclipsePlayerLauncher.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661691548400999"	chrome.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eclipse-player-eclipse2016	EclipsePlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eclipse-player-eclipse2016\ = "URL: Roblox Protocol"	EclipsePlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eclipse-player-eclipse2016\DefaultIcon	EclipsePlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eclipse-player-eclipse2016\DefaultIcon\ = "C:\\Program Files (x86)\\Eclipse\\Versions\\version-five\\RobloxPlayerLauncher.exe"	EclipsePlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eclipse-player-eclipse2016\shell\open	EclipsePlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eclipse-player-eclipse2016\URL Protocol	EclipsePlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eclipse-player-eclipse2016\shell\open\command	EclipsePlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eclipse-player-eclipse2016\shell	EclipsePlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eclipse-player-eclipse2016\shell\open\command\ = "\"C:\\Program Files (x86)\\Eclipse\\Versions\\version-five\\RobloxPlayerLauncher.exe\" %1"	EclipsePlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
3544	EclipsePlayerLauncher.exe
3544	EclipsePlayerLauncher.exe
4236	msedge.exe
4236	msedge.exe
4716	msedge.exe
4716	msedge.exe
3436	identity_helper.exe
3436	identity_helper.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
4936	msedge.exe
4936	msedge.exe
5988	msedge.exe
5988	msedge.exe
6896	identity_helper.exe
6896	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeShutdownPrivilege	6084	chrome.exe
Token: SeCreatePagefilePrivilege	6084	chrome.exe
Token: SeShutdownPrivilege	6084	chrome.exe
Token: SeCreatePagefilePrivilege	6084	chrome.exe
Token: SeShutdownPrivilege	6084	chrome.exe
Token: SeCreatePagefilePrivilege	6084	chrome.exe
Token: SeDebugPrivilege	60	firefox.exe
Token: SeDebugPrivilege	60	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe
60	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 4716	3544	EclipsePlayerLauncher.exe	97
PID 3544 wrote to memory of 4716	3544	EclipsePlayerLauncher.exe	97
PID 4716 wrote to memory of 4220	4716	msedge.exe	98
PID 4716 wrote to memory of 4220	4716	msedge.exe	98
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 1616	4716	msedge.exe	100
PID 4716 wrote to memory of 4236	4716	msedge.exe	101
PID 4716 wrote to memory of 4236	4716	msedge.exe	101
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102
PID 4716 wrote to memory of 4360	4716	msedge.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\EclipsePlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\EclipsePlayerLauncher.exe"
1⤵
- Checks computer location settings
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.eclipse2016.top/download/thankyou
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd88446f8,0x7ffcd8844708,0x7ffcd8844718
    3⤵
    PID:4220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:1616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
    3⤵
    PID:4360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:2780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
    3⤵
    PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
    3⤵
    PID:4264
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
    3⤵
    PID:3176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
    3⤵
    PID:3588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
    3⤵
    PID:740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1746262137833280462,9016529607578252401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
    3⤵
    PID:3332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffcca0ecc40,0x7ffcca0ecc4c,0x7ffcca0ecc58
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,6031729509877228962,11369871277326519674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,6031729509877228962,11369871277326519674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,6031729509877228962,11369871277326519674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,6031729509877228962,11369871277326519674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,6031729509877228962,11369871277326519674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3664,i,6031729509877228962,11369871277326519674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3152,i,6031729509877228962,11369871277326519674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:4984

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd88446f8,0x7ffcd8844708,0x7ffcd8844718
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:6888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9017855361459564139,11230484192752417384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5608
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:60
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 25675 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4453b5dd-d18e-4700-b3e3-7dbdd58e1819} 60 "\\.\pipe\gecko-crash-server-pipe.60" gpu
    3⤵
    PID:5456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 25711 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71f5e33b-d1b8-42a7-906a-17fae9f5fae1} 60 "\\.\pipe\gecko-crash-server-pipe.60" socket
    3⤵
    PID:6068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3084 -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 2876 -prefsLen 25852 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd195219-7bf4-418e-a470-5e1acac41da1} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
    3⤵
    PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3544 -childID 2 -isForBrowser -prefsHandle 2708 -prefMapHandle 3608 -prefsLen 31085 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3574a7a-6865-46b4-b8e9-2ce9b0eb8f85} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
    3⤵
    PID:3692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4884 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4876 -prefMapHandle 4844 -prefsLen 31085 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54eaf1e0-2832-4a14-82bd-61aac50f0d24} 60 "\\.\pipe\gecko-crash-server-pipe.60" utility
    3⤵
    - Checks processor information in registry
    PID:6472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 5504 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fdb8711-4d77-48d9-b06c-2d11e4176cbf} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
    3⤵
    PID:7048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 4 -isForBrowser -prefsHandle 5668 -prefMapHandle 5468 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0837dff1-2f92-4d02-a07a-e9e873f7852f} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
    3⤵
    PID:7060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5920 -childID 5 -isForBrowser -prefsHandle 5840 -prefMapHandle 5848 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee44af38-5ae2-48c6-a6bf-0c6b88da09bf} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
    3⤵
    PID:7072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6016 -childID 6 -isForBrowser -prefsHandle 6156 -prefMapHandle 6160 -prefsLen 27211 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b06453f1-92e7-435e-83b8-934b5b96bf8f} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
    3⤵
    PID:5880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2692 -childID 7 -isForBrowser -prefsHandle 6016 -prefMapHandle 4204 -prefsLen 27211 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e0a44d4-99b0-45c8-bb3b-ca038eaf4d66} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
    3⤵
    PID:6292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 8 -isForBrowser -prefsHandle 6036 -prefMapHandle 6088 -prefsLen 28048 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d13bb019-2be9-4602-a1e3-aaf3fabf0a25} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
    3⤵
    PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\android\textures\diamondplate\normaldetail.pvr

Filesize
76B

MD5
c95b632eaa85ee45533c92f9072b1b7f

SHA1
940a0f804a6e22fa81abc194f5fabe20fa3bfb06

SHA256
f0f8c09f264a70500007579b065d78dd2cfdccb647ee2c3e386ffd36cbe0937a

SHA512
9f5e1d55c6452a853d7a6564ed3ecfbb009ab5fc94b800b07cdeaa814a6c8cb4fc11abba8285af0659093a0db3c8cabf9b139793263e662d7b6e6c00c70a5980

Download Submit
C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\durango\textures\cobblestone\normaldetail.dds

Filesize
176B

MD5
620e055b9e500e85a131d8be2a65c11e

SHA1
d7fa8af56bfcfd48f38931e3ef8606585664a248

SHA256
2a51ad9239a2102af2c08ee23e18407c3500770a931332a722c643ffca90a60e

SHA512
551a93a5cffbc008f6d6b122f4c45d686faf1ef5a90975b8b2ef906123d7981e40efc644494957544832f5f605dac434714239a17baea97fcb38175d589d8794

Download Submit
C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\ios\textures\diamondplate\normaldetail.pvr

Filesize
148B

MD5
76b5c6a7250cb51ef7e5393dbe7f5668

SHA1
b06bcf998544656116b60e930fe973e220359a0d

SHA256
07d105fd1973fcc0183714e21d509b04f71cfc9891982e9547ca17fd493310d0

SHA512
d5bea6224a3da9c7185b5f94fb0c6c05ab03a71c1b81d81c0f67cfcc717a1a564670cbcd39a54167a09bcb0f8fe124fa296c774985dcdc2375ee5f2f58ac2732

Download Submit
C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\pc\textures\aluminum\diffuse.dds

Filesize
152B

MD5
b79e6464c2a4e060275c1a947d2c46fc

SHA1
cbc5d75c02e4613e9002e39e9ef1d00d63183fd8

SHA256
8552dc6e0cb6d92005d531258fdb0648f943c720eafff55b51659ec80b7c3e3c

SHA512
79f8c6437f1e73b2b130fbdad2e4890bd0510cc47cfa77fa96f44e1ff4dcaf7718a7677df929e423f5623d59a94e1876d72be73c0be411128b29702237c9d0fe

Download Submit
C:\Program Files (x86)\Eclipse\Versions\version-five\PlatformContent\pc\textures\concrete\specular.dds

Filesize
170KB

MD5
a4dcc342dcb963f298003a63d488ab76

SHA1
e5656b38670fae67de13e70f09ed6258aa365289

SHA256
454ee746e774d4a1611cadb2552eacc28167ff3f3306018198a8e203274ccb47

SHA512
6074081ad0cdd4f69d3ded98bd34f7c7ecb91dbb92e3146ec4013156e4ee2c728ca00d3ce5f45d312438df2cbe5a7a09dbab2957489ac4ce2e7af8a9408c19fb

Download Submit
C:\Program Files (x86)\Eclipse\Versions\version-five\RobloxPlayerLauncher.exe

Filesize
874KB

MD5
7a1acb733866558632ab929bef57828a

SHA1
3351f2d2648aaeadad4d6e7d212152f6ed7bc615

SHA256
4e839b8267d170c054a00292d0d93440b9709066db6f787132f866dcfa8a9dd4

SHA512
b074123fd9b8e01528ef49c9d46a20c9c33b634e5b367b8f8e575f6b63687319648c822ae4d54b71bcfa8477f087c1cb29bfa72a64a58c3436cd72e11714d91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2b41ccbb454faa754ca81270e285a596

SHA1
6129d2facb38b5e3a73e02c5c4b0310cba085334

SHA256
f7e124c13d6f1ac6edc8f053ddf7063cd4e13224272168217b548319d17c5d0c

SHA512
1b30f525504e220ecec30e37a7e02fc9177bd4154f3f8e007ee2e90205bb5d6821f83e80a4f28fbf1d2adf1219c465f397170c8a61485ff7263f888ac97daefa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ea3086eb0285eb305add87a4b6c67a11

SHA1
e34c8975ed235a270d6f0694a76a8a2c130624bf

SHA256
9f7a995ec090589cbc8e03b53bb8691b3c810b527692d2db82c814aa249cf48c

SHA512
cc922bd4a6ffdbd356d941f430a2e6667c97a2be2c46285ad626b08277910abda76a242c870153127d7c140cdf7351d6ea1829e1f8991ab441e0c426808736c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f6a9be56f8bcf6de0aedf0c4dde47d82

SHA1
83ed80049033ef82ef78ff452ff6145107be668f

SHA256
3a739da71ec950d915c5d74ab65f30d7e513ea59a998f4d602877475e4800348

SHA512
8f3a046514f380721103fdd022bce89e051d6f42948d4c2c001e3cfbef69e73afc42597f4bb3d0ce9e485e103765bf9120ad897a247875ad993ee843708aea75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bfb757340dec759b133d2453d76c8500

SHA1
dd782a16b65461dbc9fb6058a470618a40ddfc03

SHA256
6e4681f19dd3b940230a9eabd693f6cd77afdb64da49b53d147208bc139b3b78

SHA512
918ce87083f78df4c30e16e6cba07f84845165706cf3a83fad555ae109d6dd6ee36735824ed252ead5a29dab101015df041227bbbf843e426745bdd6daa64e69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
ae731192572cfe190ccdd8c1b745901f

SHA1
93890cbbd999dc9ce5a8eb423cac9b80bf5bbac6

SHA256
c7efa6a05079f804ac6fe51f49eedf3ee79c8fdc399edcb1db8542921eea0790

SHA512
a7151ccc983146226a61f69b26ba5b279d37167ef15e493294c45391139fcd6477edd836990dce737cdaf2dbf0b0ded0447dc90ded8cc4f0368bb132c0fe1cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
bedde110863383406369891656cd0034

SHA1
e13ac753ffcfb4cfd5446369738b81024b8afb60

SHA256
1d83c19dc149b55a1c32123ac9cec71f5f46cae6564253840e5810e5e3ffcec4

SHA512
2ffda5edb9e6df92c66496e9d27f7d919862240b790e94a7aef84a9d29e17725f06b630e70975a7403bf7fb846d9e40804537b9fdc371441c94572eafd57100f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1836b63b7c2cd3844a7a43df08b70c4

SHA1
a8f86aebc20a38e21ade087d9cd97031cdc8b48d

SHA256
977f3f0738ad1381b4a9519cf784dc83b9c6b5c88e946f341dc37d98543cf4bc

SHA512
2e026310d457ff8be443aa1115a5fdf875befbf1419391444d3a56326134a44ba88bbd092604bc67a2d1b1763c2e6016ef8c6f8c92e141c92350b64030c90664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f6c8aecf5af8f61c09cf1717da3dc98

SHA1
4114d6140f617e36783c841a6da6a67d5822e0be

SHA256
58b5bf64ad2dc1712be6c8aca411300d3d5ef087e42a7ffbc2ede635e420cf45

SHA512
42a2e94137623cb999cb945eddd913a6ed2fae9f85e34d8bb7036c22b3a0dbdcd717adb86acf6b2d2c923ae041a9a057638693304b0cf3f8b1024bc9e6e2dcbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\47ba6f99-6204-4342-bfba-0569dd8fe852.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3df9c9f41da56350e358dfab50646dcf

SHA1
28c524b2e9bff1a44c66d3e9c16c3d4dc4f6ff64

SHA256
0fe0ba71c896a51b1ec76bead86b283e46fee3b08f6551b7e32ae6697f7edec1

SHA512
509dd41c99e7335051258d1d54484dbdf781c7f3536ccf39cc0d8b5aa1eb790b7bb04f068f76b70acd4692f90d4e7cf9c2c0f1fd3da6d37b001be1fdd3264d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
03debe1f5495b00c782cc181302a106c

SHA1
83f6e35a196a5e900c937c17d1a9cdf33a3ebc48

SHA256
f36668f3ac0b6a019ad34c8da8e780f0ceba6c4bcf6e1f182081d2c33ed14e4f

SHA512
da26b6369c0bcfff054058e66ac07c78ea7bc1e7bf5539651b08e03d224b49ca10c5c76e18db47c5e0a2f9b2f7211255aa267f703476af0dd6a80bc11fb2e405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
8fbffb435fcc63d17e0cc44422cfa0ae

SHA1
b348e4e5d916d09be7ecff66d320c8438644b3bc

SHA256
f4f858689d496493793959f912ae057e498676f376a9535ec4145faf562e3afd

SHA512
80b04c394dd1058ca6689a2e7047a62476a71a34708163eb275029ff6f4aa870f34f91e3ebeccbc9ddc847bbf1476e14a48ac0a970c6bd814bea09c11930429d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
8851c241c208cab06c46b704d52a27d7

SHA1
431ec7e5f98c38a857e520c0ecef0cd1695b7f17

SHA256
97a8e0579fce513dcb0f823fc64aa2ecab3d91be4d75587d85587e9ad9aa2ac3

SHA512
0a2b7223f5796d5c16b970ac9e0dcffa3aece4920b567e26df9cfb13996129440e49d9f3bd2eefe40d161297f0113fc6816cd374e1408cbbe98e57aa9984c805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
5f490a19a3413f64c616e84995a82d68

SHA1
f4a85787be7e2b227c30b06a7801d513b284cbe6

SHA256
2d20029169c1317167dd454019b7b819f444f4cc72227477822934da41c783d7

SHA512
9efe433165ac59553b286dde75a4fb8d2d2e74b5d0b3f8826b17cefa072a099efc0d89f371745b127f4f5f40a86b2b520b405d6897b05731520e90b8cd7c3819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
62393588bd869b164e2738f954407dfb

SHA1
4b7a1cf3d4329ae44c25bb2b337048d9e93755b5

SHA256
29bc7830a6868af639d2851aa4d590628e58815cc292e85c919c54edb13a1068

SHA512
f21523430849ad08cac6ac7a3beb4ab1bacfffc4a87169605531fba1f58313232ff15fe22b8ded0d021ac453b1579b5dcc613b441be40c0280b15466b71d89e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
712b6b3ae4a32766ef282502b849333f

SHA1
6b08190ff0caddf391c46f957c06518ff8343020

SHA256
25c258f406db5c951ff8cee5088efcdc0a66e41463a872aec171e9eccc52d328

SHA512
1349e40448b8864d8b5b2e03ba3d7a9c363a4389a62140eb378a9b34225cc11a9bd88aefe98239d5525f276770027b121883f1fd503296d181677e42056386c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
5535bed456dd92f3622835d0af79774b

SHA1
32ca599ade576c761c949495570c93a73b9ea503

SHA256
3a3955c09146af3613516fa8a744f90fbd1bf9d14e46acb0326c0c7b12730504

SHA512
e68613409ee53e8b3364da7cd72e9b32e2a4fe48bcb67a783b98f94398120340adb45a875ef1c927e181a8e674a904b8c6ab9042830290e18fd3e8e8af9cb5fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
cf13b49546dc736db28d58462b93f17f

SHA1
b99286ffc69bad76f62d93880bfc1ce8ef518811

SHA256
a1e750ddb7c2fc576a1ed13a5274caedd475e0d8e76ddc6296556cb50fffbbce

SHA512
59d227fb2d5b4ce77609cc20bfe888f724f580c16c4c2195a1041ff16bbf86872fc50e72f349f50a433b312d13b274b78926cec8e65b34e554021a657cce5f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
871B

MD5
e2fac37a581553b2ad5aa6fcc4bfd011

SHA1
9062f3eeb529c69f39090c5639ea27299939d693

SHA256
85be41981c1d7f5bfd34c885c61960981c3a738fb4ff5ef3d2550df7d1afb0d4

SHA512
dc6070634228cd1dbe66f786c0b33bf50921348d8426e1c83796ed5caf92084c212a51855cbd65c1f647d62c82faf8b97750ae0def844973a72db67fb3232f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
871B

MD5
3e669a127501312c8452b42c9465bbdf

SHA1
a3288084a45b968560d6fa15a7e43b90ec68b1d0

SHA256
4f8604bdff724d769389d4233369470088052cf270978cd3477f8765fbe9d363

SHA512
51fb74d0fbce965a0db9aaed17b0610fd96c49b26ac95be309506290306682f4031ab796173286ff8e63b6f43b98ad593e6e5fa149b158656bcc201dcdd0ac65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6a4177d1e996d8ca77b4c05c9cf6f85d

SHA1
1e43ffc58e72b9ed26f8929796883c02eab53a63

SHA256
36dcba9adb2dd9172bd290cb622d167b7cda142af1e7ec8b356db2e43f884d29

SHA512
f901cbb09a9cea79e496ace68320d050b17f8dd9d5eb82d519035ce3158f4ed61bb93564d4be198b1cf6e90d559d8021b0e367fca300bcfaa67eb678fe12071f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9de3154ac558b4652acf88c473492e91

SHA1
af406c7975c109bf990672eee31c1bb74fc54ae9

SHA256
4d124ab4fd7e7a435616dd14f2b029372230b06a56b3af158c9065a550495cb1

SHA512
b8defaf955dd300bbeb0fe284c1b6d9029cb277918a2964681b99399f54504d1744d193496768b9b7f2f63f8cd65756d27f254bfc30831009e8c6f92862d6ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfbd94c7664dd6be69e4dc197317ee14

SHA1
6f8d50da5c258d8eb1d1bbee2b30c530c0839cfb

SHA256
bc182269fb47d23694332f0f188b5a3696b6abffb236767736a1ce3f6a4fd57e

SHA512
1ac1094a780d85defe5d4fb909c6070f536258ce2a1e1b6c4a32947a0939e15d2fb9e0b108c9d680d321d37dbdd40309be03b76851be4895ee65ad1919658b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f67b7b1b5013b6639913ce6ec7e73d39

SHA1
cbe968daf9071cee701623b4ede7ed25cf27b321

SHA256
95e00faade7ed116552a204cc09d18b9ea80c1588437c7241484b945c08b4e04

SHA512
0370a845404a5760c07190136cc5b1926e479a9397134784dabdfda13c25e65f9347811f9535d4503f908ad7091fe1a5731b5dee523d8adec8bd18364b30dfa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40cc74499b67b5d315c063b87e2f8e7f

SHA1
46c903c40688fbf365586b81ebc69bec5baa51a2

SHA256
61a8cfe539b6a91d58b8ecbeeaafe824806176407adb8cfd3b08989d3b6c39f8

SHA512
27a62c9ccbae794a19c5c018aeef02cf0568c82d83e4dc9399a5d569c85c695535daa184cfa93af586a836e3566123e78c4250939fed208c779787b21af0c71b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ab88d09e0e58b6ac1d5453c874aaa57

SHA1
787b1e51c6084e5ac77abcced4bf1271422d2c93

SHA256
6613e3923bc9afac95b6c1bed1a316a53f92171f927fc6651ed9428277503f73

SHA512
8ede1f5f7acda596aab6b1a7e1a0da6cfb8033ed9f952f0770f9a3239a8aa7d6dc7e10498a73668d06f56bcb4bc3e0e5cb8c924d08258b9e453e10502270e948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
21a9c179604ef4c29e4ec8ab47067dd2

SHA1
37b7d8a9263a043437a2188aa23d3fc9c7a72aac

SHA256
fdf38df2f2a48e9810fcf3dfdc0e69d01951d39151c5f182eafac77cdaa8a02f

SHA512
2475bb8545fabdd8c82d6221589a8c573e77d4d18d5c2beee5031b823b6c70bf0981dcc0f51422f0c5259749a911b051e17a532252b125a16861136ba60d7a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
344B

MD5
da71b4555df0677a6a077c9c9cf58ef4

SHA1
3c9bdbaeeb2fcc64cd87a002bf7c7ed2a2e708cc

SHA256
4c2b2acda929ea5912cda70c78480f64a3c2a55e49b4772ba5564c4e1ae75537

SHA512
f69bde1ddce29b2d9ee4db06b7e4f2450efa3fcf8394fbff41e69ae7ad7d7f8438777402f91aa78a716d209c20418790419bbf5260716364e24368543b5ac403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
028b91a28cefeed114b3614ba5b9ffd4

SHA1
8ca622906700d56fa11a2d093540a6291bf615d8

SHA256
7a26084f22b6c815af3760f0dce7accfb6480fae58fc6d2dbc028ddd4678bfdb

SHA512
dcd31d00f5878aa13e1729fe2244dc5b191da1f54a4bd273055435749682ffa38ab1a53167414d26db3fdb1b7c0f761a39152a144f7743f155b5d8a5e6355ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13366169119212021

Filesize
5KB

MD5
921f474e323e3c2e61054b5cd31bc26c

SHA1
0e44a6bc7994b121d822a7ff9b8d3e9811e18d90

SHA256
76dcc5aae245399a3c130e91a58a762d4578e917a8a522ed57e9e61fe64ff32a

SHA512
3a122bc6b80f01033de82fb8df5b9ab63e5ea56a6c3a0c479c9909ded8760a67774fb9c215dfae2e1ac671127290765be76673a2b140864983b33a05eef82643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13366169147649021

Filesize
2KB

MD5
f70a92e082163a251947997b88d89fd4

SHA1
81b18ca26823963148180bf0e2b3cada95853dff

SHA256
cc98d920e4eb973cf93bb673c18d25c0493d0e02ee355f4d8a14118e912d269c

SHA512
dbb64d645945b5c34dafed87e9da132c9bb388ef195228f424312df70ce84999661afab295e08704c449cb5190deec3bf63ac925444e4b45b3dc0ad5f4c47c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
dfd24086f9af4b172fc0cb0d0ba11909

SHA1
9f7a4ab752ee40cc90b6bb9a1e3883ee5a3d7737

SHA256
4de91c089b5d22ab68a737dbabb715a8f074c4adff1618914c4ff3d06a4bf3a5

SHA512
6b0f4d1220c751c4c320a4dcceec934d6a213552d2ced68293a56fe1e572d89d1e585cec755c2b23b4a0986e4f7ccc2bf9ba9a8737e8e9ea148c801dbb875efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
81fa4adb3265f09895c81cb0b2353569

SHA1
5d4a1225a93c977fad411c97aa071da015fb6965

SHA256
700bd79d568ca4f94cc2a45e76d9dbeefb3c1bb9d9dd11a5136ad3cd2a301218

SHA512
f41d38abb29db88053b5ec7f23c421c19b239d2f2f40b3da3610490fb0885ad7ba60f2a7533418d6debd2f6444c2d14aac142c580b887c111f1f06761a6fbeae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
b4ef0f77df09639ce369f4f6199bba06

SHA1
0b17e680ac66f968d148f9a9aaa4278203b8f0f2

SHA256
8691b6f504afdc8099c9c113e801e6f31844f2853f7363b13ef0bc93698ff0bf

SHA512
47e6927987c398b2cf07e5831103a5e835aab87461dadffc5aec54c8d2d19041ceda5c35f2942887a80dd13a03b59339954f3aa61385fbac62cc841822ae6021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ebf6a4a0b53d02dc3842528dd9d4a268

SHA1
f0b6fe8df575da68bd485462c263af426768edc1

SHA256
01134cf922df3119221e00ef99c769e26c6a2d838f48b41eb91af08c183c2681

SHA512
3e011945ddfa4015d3a5d851465d96b11bc5a8d5f6adf8e96ee845eda92979ad5f3e410a6572e9bfff3a43c67e72c3f456f67ae79e73c2c6ff5ffc01f42da73f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5868a8.TMP

Filesize
371B

MD5
e1635ec629a56d424398f2b32db26017

SHA1
4249c21ee64efa9d65f6ff4d203e5e1d768b1cda

SHA256
50cd03769fad6f775f59fe7d6372fff5ce2f1ac13dc73932477a7c691cbc9c05

SHA512
c08a2281c4970f66cc5ac12f8f34ef9e659b9382dc932c9ff49c91cee1debef4b17d5fee8bccb6e2869d77cba4ac7df120c6f823075baad787be1c803c92c9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
639408b0a845ea4b0ee449e1add83d7d

SHA1
157ef788226dd7cb0c4f71da65db990d3a070358

SHA256
03fd13275b12ddd18a730f65773ba7c95ec4fba47f0dede2d42a15ab1e43727d

SHA512
7e2a30434e029d38dd3cb8e9d670a59d069bf2f68962c94553c1580331f85a9149a22ca984267b76bfd1130609448321f3594f6f451ab7f62b24bf2f57f2a920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
c3b5efbd127d7b3e3100c130b3392379

SHA1
1b85db3eea3707d3885fb3ba7c4135a3e06f819c

SHA256
bec10b599f3a81f255f75a43dc65623a2df01e190bd4446ae4f0408bb11bb0d1

SHA512
e7cd696d72adbd293575900ee60a8cabfa9d293eba07dc90e3a3a2f7c93a3b00d44714c0b7b66863d42c25510170f96b41cafd1da2d0ebb22d4b2f27c2b31569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
a10e617b751c663e9497dbe52901377a

SHA1
698f2cd15465e538fbebdb64ffdf38c85e33d18c

SHA256
37e302e870a5b0f0a2e7d77e12061aefdf7154bcb9c02c05b0c4f50b7f5cab0f

SHA512
223d2ef54eb312d24eda2e9e1d42252651c781b68b324060b860db4b1fce681a7b5ca9eec8449dc18983280f99a9600077d2834ee68fac93811d3965ed5e2884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
adf4728703ba0e030f82a8bee76f0823

SHA1
cb6d5e379b1067af038fb6d52878fe3d6780b36c

SHA256
8946e42659f727dd08f215bd37450093526f2d2397aa51d2155d479d41f0269b

SHA512
6639faac3fc44f3b5db5e37ba134dcf3a08a33e2e501f326e02540d3bc2a6be194c7b2bc5c81ebe7c14df79c2f88fbd388384611cab1bf77e55b20dda554ba8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
43bc3e3b19e832df1229d3454f41dcfe

SHA1
d14c2932cc53e1d56c2cd954f8f0f2c48a42eeff

SHA256
56aade29f09375f3454e0988e5519f2f46f9f0d9134f431a0c6bdce7c56d85a2

SHA512
6fb122f04d987048403b7ae5a432031529a676432d79315aaa49d854110fb25e55cdfe601b30e8b6dcad5513d117a2a5ddc59b301450c63b93fe926e58a8a690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
16e8284b3ea5a1de2d027dcd53f88213

SHA1
bd7e3e47c977d466b9e00bf23c0c9f61dff163f5

SHA256
8b9e1f7fd68c1e6b0ff247d37ef31ee00b1d2a5b1e331dc8746624adccf8add7

SHA512
7504c7281c70c9e12ed8e64c84b42bb7db53763df49dc4381854f4981b2171aa7082dc0e4c4fb0217e51243eb8376adbd429bb04dcdb93fd4cfa57c576e88479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8a4f913e92dd44fd60f1b334cca19de0

SHA1
d658f94ba06a04646311cc08171affbf314a1e3a

SHA256
fdb28937ae76a0c70f432534845f2ee4d20bb3c85a0ff85c2e36d9f1d8895fb7

SHA512
2ec81e70c9121914b680f813348615475cccaf094ec7ba71e7e6b88aabb333333eac6c7e13b9ec34d0478ec6c838c120bf1a3fbd71f91193f690682d2891a707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
3a394cd67f0c1bfa49e6cf2420f4951a

SHA1
224e1ffa81a6e04393a25a2bb955444b29b66907

SHA256
3a37c0464f503fd7caef411b81c553839ae0ebf3f6473d661b4a2788a1fd1c86

SHA512
41319a641d79bcfb4b92c8dbff4e97a4bf769dfcc95dee8ed22ecdd06da631789f4f78129572bfb9a3eefbe89536e708ccc81024ddd5ee1724bd60b88918c02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b2071d075bbe274bef1868cddd38180a

SHA1
52af4ad866521c65fda12c95a1306075da88aabf

SHA256
b838c0a4aa23a37fe5012ab19fd538a974577511614d7fab6cb3499020a551f2

SHA512
2114d0ef09eecd7845a22a678780606f298929940f26cec4c2878d425acee21f706383fc936e6a2631d0f56758a7a169aef94661942487169bb00b76e333f252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
10f639f04004b422bebbf4812def0eb1

SHA1
66ac302b27b26878f3b0261a30a4dc3e2c9cbcab

SHA256
636ad0a1f7b1ae485973d8c9580ea9154c42c66ee4cff3c4c80936477d3d34d3

SHA512
418ade3bf5360b76add315ac56a3a539a8d0e419ff4635b171307d343247aca042b67999cbf7f80836ab8fc6637e3f4df75dc8b484c91a4041f175238dcc635b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3fac1ee2e23d5711c8424284971ae170

SHA1
5c1828de6783f54f455dd0580cf3d24167b55377

SHA256
08fba99b72daf352a9fd73cd0e6b0efb3555ae8ac45a4aadb064d11286cc2539

SHA512
7194e109bce0e02bb6be05fc183669ab80243e67e77e62cd595f3dadede0a4acf00ea2531ff37b99db79792155e4e093a0464af54249c99fd160c609ebd131c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
783f6c25578550e44732bd8b3f68d929

SHA1
046a2ff55047eee5362137f7be0422b778bf7e64

SHA256
daec9a1c6feb598628d466a12c0b5fa14ca17de3d2cacf20fdb5bc7c570a677d

SHA512
4cfb2fc2abd76f79e5f1dbce5dfa10fa698a6953d26e05475c342ce34cdf8c2c220cd1a71dff590e4bc278644fe8a4e3c71b3e30fb18054baffbaa7cd5ba0e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9f06f0032c08f659022c034826de60b3

SHA1
6b1be4b4e0ca75f9cadcc20a2c0cce5190c7d2c1

SHA256
5875013ee46fd9dd6d86f967036854101cce933f804d3c92938e3a68e58c5eb4

SHA512
e007707835da0f2afd195907eeb0fb4619f4d64d445b97f7feb1caf4e5599c0d6287fce84da0d6f6df81439144f1c4088932d05190533fd10f2c354c492a5d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
58ece531f15d3a592b3200a44ebe6bfc

SHA1
60c02db4a72ff1cc8f7857bbd8281764f010b72e

SHA256
af34022c3206a8070048a207cdae98f54c846020f7f57f9505f3a2352d08d67c

SHA512
0b55caae03e43b4596e2f2fdfbc0b95d0a83098fdcc08db4e51c8d2db339dd249320152db5c7c42d75a5c33f48770e19e2f2e6471d46bd841124ad9594573ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Filesize
2KB

MD5
59f4bb559914c2e69d2a5afbd7f2f741

SHA1
b8f7eba32cfa1d549448a5c1859816a301590e85

SHA256
1766304580d0c2a1ce4b727f470f2d17a59a3cf0c9ee8bdeed8dc8e152f6f2b3

SHA512
ebd9513ffb766e71347ffa7c602d46a51d9a4af9b39752c45658523e0ca4c51aae3a0b78768f7f3a714c9aa01584388b207c93bcea46e2c0c6468c89efd9252c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85t3rifc.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
45b70ea1f7fc6f8105cf14de67e8859a

SHA1
9c22aa24f44a4ac57df12d846b58f1cb6bd80963

SHA256
f2368ace4f4459da3ee5a85465f9271cd84efb774ef5dc9aec80141457b95317

SHA512
363c5d9cc5fbc9eab3a3446b6093fd0ec570e451ae4db80f6ee35a45eb37820cbc1c836d86407455533726bacb541273494492d54ed01326557f7c4eaa2c4743

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85t3rifc.default-release\cache2\entries\C1946175EE07CA1A09A3BDF4091F65844DB3413D

Filesize
113KB

MD5
2b135a2217303ee4e36997d30ab802ed

SHA1
57e8301a6de3365b11662a7691d50f6275279efb

SHA256
e2345c7e5d630f08dcd761fe51b208a29054fcd5025349c82f85d75cce2a15f9

SHA512
ddd5923c1defaec4566b9b9e7d2022b029903c52b1abddad09599acaf468abd3a98f994b63a2cf54bbe4d23fa451d688ffb5098fe4ddfd2226ba7d04f7422d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\AlternateServices.bin

Filesize
8KB

MD5
3dda1533ca4efd65bab057c72d8ea419

SHA1
52d08044f20c14333c4c9a97eec3a8173eab4451

SHA256
10896933398afa6e17b95257967d5c895c499be94a98f22e414ace988e2310ca

SHA512
88c26e493644696679f72b6ca8ea31407327780166a6996fe781f695a4df0769f8329391e5f3a437a6c588cb4ceecb2f80a31114c310bd23691beea4626e5d20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\AlternateServices.bin

Filesize
15KB

MD5
d3c0946141aef6162eead862c0d170c6

SHA1
eac8a19682dc2777b0b0d3bf9c8e057f7b8f5111

SHA256
715f80f7c7a2a5253db05f006738ad9304186a52645af14c01e4e84b05d7f604

SHA512
69e251eee0bfe01dfcff34aecffbfed16a6ad80b2297c65cdee03a3f3954b34c0ba3cd1a22e6d39a0f8b89dd364327319bfec74114b897cc88519fc962add4d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
c71ca2c543ead77a20b760207e5ed51b

SHA1
14c0b1d1cad671a547c646a3d5415d334a7c5cd3

SHA256
590b173f4bdb093fb8a2de35105d2285ed15d8c59e35ef3723a2049b172853a1

SHA512
c11da86d409dd1e2b919246173c23da96c1a1b4cf75bb2d00b059124591c6c352c049990a089fcf0290765d93c25c83df272f6aa79f9aa974ceeca0681515914

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
fbf7a5046fd76f69b39ab2356277258e

SHA1
fbbb349ea92e18ec14fa619bf900ab6ac4b8942a

SHA256
fbd5fd0beb6cf061617ab0e26f445332e246d90f4ec915d723b888aed000df66

SHA512
92428e8b3fc01c12010281f9b1ad8d88400ad7a1c84802a618ec64fd423167ca38504b0863724b95f0880fa258316d2170d9a9daf83916fe9e7940138d71cd3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
847b53118972ab983ef90cb5394a3497

SHA1
ee2d309abd251563b98ac3bf6580262ab23caa38

SHA256
30678ae8ad8f9351c53d742dab0638fa84efc1c270aaca37d754901326ff1c3c

SHA512
7b87dd3c37e040299cf93d778f102aaecef184c2e956b244f00c810397c77b6e34d3031869aa5d670c00f1cd827a57b899a433b60a236b6fc3e9b1fb158bcdd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
851295e894b72b895f47e87859638c1a

SHA1
da8ea3b0dad8d1d4a4d9e6535dfdbb6cbef401b9

SHA256
45e7d2333ac21745dc620f1dc7feb5148196ad7931f7535f0386356713ea9fd8

SHA512
3cfd603636008ed91ef2b247a448697340b479677d9dd658c88f57c0fa502e0355801f9fab8a8c9d0f24e5d41caf6243cab37baa22999162e6d11ed1b056e612

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\a66bafd6-52ed-456d-9e74-d8745fad0a45

Filesize
659B

MD5
c5b807fc7ccb05679c49ec482035e735

SHA1
8afdce4f20c08836f10841b8dbea34c0379b2190

SHA256
53d9fbde1bcf20ecd9731fe325581fbe0660097bee160627c87e634eb6a5f21b

SHA512
221a1f586de08e32df76f98cb21997cf46c6edb105da58986f4110989e02e9b1dfbb743653ac6dec1b8465912fecc16e25c425a0eb0af0606152fd9162ce918a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\c07a217e-b30e-418b-aa71-9e62004d7911

Filesize
982B

MD5
e4c238128b5c6feff8c25e25e020b7ad

SHA1
ad2d4f086ce2f537f978a71658d109e380971a05

SHA256
864f597ccef969c410d8d88096e366a20b0a0ad8bc768071b0195543b5b0eaf1

SHA512
cb308ae1fbb49b60e37d7ee4746c1ad9a5a06309e36c42d1255503d26d135eb5ac541ba7eea111108faa3c51ed001ab45fb0f42ad5be40cefc095db281acf173

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs-1.js

Filesize
11KB

MD5
b8767fae2255c376ffacbfedc7eb35a8

SHA1
eb414a4b7023de07a26ff6678c0fcb3b4dc207c4

SHA256
c43c88010065e10fe7d8f5c23a9f78633f2e1bd2f2dfa8ddb1f5b1dea0c01974

SHA512
93c5f90adeae471827592ea0d56701738cff542269debded01145c88af099ed828f23257fde8a1a7662f5549afca72bcf773b1068a1ebd9b42f815cbb27dbfba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs-1.js

Filesize
11KB

MD5
15a432ce1a0c66743ee9d58286237e92

SHA1
7bbb0c9ee8195591ee74cb1f3e3d8bd419f06f09

SHA256
4691141e38d23ea01872c2c3a63e9f56525273bff750b48c8255c018b2531804

SHA512
1f3737a8aecb8101e6ce9cef62f98612f2aa373f64742237d8cb9cad12de28b454858d17e57712549a60b30c5241749188323b1f52f309742c20f31c8bd1c345

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs.js

Filesize
11KB

MD5
9dbac7333cb2027d32c212a869a1e18f

SHA1
a6cae86ddb0a11d27c80e614c32e09f383dbda9b

SHA256
9787eac2d4a3e3892b7d31d9e657f9b95d3c94970236e27a4c4b90ba5f2fd631

SHA512
e1e68b78a04363311ac7b79f93d15502c324789ec5201a019afc205585886081fec303754c7a9546c020217ff27cac169af236e893a83fd3162736522e232fe6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs.js

Filesize
8KB

MD5
33e102e6712fd4fc32e7c053472d3178

SHA1
7afcf77683c7a7738cfe92f235255d99c7505eb6

SHA256
539d931dcbec432478f9929054f6844a02e5849e17cc0fe71932767e48606a73

SHA512
3180a787d175b217f69812e425b3f23265b70fae286b1d547d6c0f062be69cd20ec82938fd2695d0a54df0997e23899c30bcd6ecf4c3124eea0c44fade804af1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
dee3bc42adce14376d461032697f98be

SHA1
b40c9985377d7d15ff529b7cd7dd3707a116e323

SHA256
e174a6932791eb5239dd6238e5ef18c7da3821d8a9de111eab80500cc3e03dd5

SHA512
360da139a91252c15230104bfc6facaf46bcd5ada6ab7cc43b0c457fea07cf7f1951aab5f5012bfa4aad8d20ca21d8d8118fb909af373cfec49172bac1b099ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
026d109518c990b4a4a19030eaaa9589

SHA1
7cbcb8ddd53dd51a488e7340b961c907708cde9d

SHA256
15cf04b11f9672f7bd0975a11395ae6b0a1c2ac1779e3e042047edad079fc00f

SHA512
f20cca81ddb6784e36098b4098aa2625796afd01968a1240534bd784a4cbd05928ffcae2274fd6f3b3658fc3977658ccb8b75119c0d631abe7e1ca70e1522f46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
e1d854a657c91355cf71f514d71506bb

SHA1
fecb28f6f7acdfea054701baeeda8910461ca867

SHA256
59deddbeaba311f0b565c8917bcbcc496fd2c65742ed499d609e1333402a73a0

SHA512
589a15bd53df52bbe18922e3018eb1145e8ddadd0df8e197ce32028e86830b9ab815e5a0b26125ec3a4b30be8e4c8167f49457dd5a30b2864dd8440817ec0da1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
e8bdd695dc37a072317b6046e02ee6a6

SHA1
3b795437aaa218af403a6297ddbb1105c5bba94e

SHA256
adc67a346777e6c5a7bf3e7a4d23f06d239be92f92915080e1f3f47d93f39eea

SHA512
0871f821f8852de7fa826addf633a8426770d3b2130db747d59d584f10b01c22b59fe1ce01761c876aa7c72b7c069f014a7a10073918d46a346e572442b8719f

Download Submit
C:\Users\Admin\Desktop\Eclipse Player.lnk

Filesize
1KB

MD5
d45453cb7f584192106c7f4d7fb1937c

SHA1
1cf61716bab99f79f77ed03d5bb5cd273b331309

SHA256
75f6d50824790c421532c3d6d4840ec8d19149ca244b3667834f1175e4ceb9ea

SHA512
83ad37fc01a3b0f60fe306ae2a5dea0543d4920fbc250275dbccca6ca86515f5147128a70dfa55bbed8b38178589ed44e737bdfa7e8c76a3a0dbe1442c0df9e1

Download Submit