122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

Analysis

max time kernel
927s
max time network
941s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-es
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-eslocale:es-esos:windows10-ltsc 2021-x64systemwindows
submitted
08-11-2024 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LauncherFenix-Minecraft-v7.exe
Size

397KB
MD5

d99bb55b57712065bc88be297c1da38c
SHA1

fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
SHA256

122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
SHA512

3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17
SSDEEP

3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK

Score

8^/10

adware defense_evasion discovery persistence phishing privilege_escalation stealer

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: 93263704532955710A490D44@AdobeOrg
phishing
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 7 IoCs

pid	Process
2076	LauncherFenix-Minecraft-v7.exe
6504	LauncherFenix-Minecraft-v7.exe
2788	MSIA832.tmp
2032	JavaSetup8u431.exe
5836	JavaSetup8u431.exe
5260	JavaSetup8u431.exe
5184	JavaSetup8u431.exe

Loads dropped DLL 7 IoCs

pid	Process
2788	MSIA832.tmp
2788	MSIA832.tmp
6960	MsiExec.exe
396	MsiExec.exe
6744	MsiExec.exe
6744	MsiExec.exe
6744	MsiExec.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	MSIA832.tmp

Network Service Discovery 1 TTPs 4 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
4408	GameBarPresenceWriter.exe
872	GameBarPresenceWriter.exe
3248	GameBarPresenceWriter.exe
6268	GameBarPresenceWriter.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\LICENSE	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc	msiexec.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241108043510.pma	setup.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy.jar	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\release	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jdwp.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\deploy.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\plugin.jar	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\java.policy	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jce.jar	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\288104ba-4791-4c63-9ea6-d1229be1aebe.tmp	setup.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\nio.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssv.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\java.security	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\management.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\instrument.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\charsets.jar	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md	msiexec.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar	msiexec.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIB47D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA832.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB080.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB227.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB3BE.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA61E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB41D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB45C.tmp	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\JavaSetup8u431.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JavaSetup8u431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JavaSetup8u431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LauncherFenix-Minecraft-v7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LauncherFenix-Minecraft-v7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jaureg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JavaSetup8u431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JavaSetup8u431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LauncherFenix-Minecraft-v7.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008efbab96ec7941d70000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008efbab960000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008efbab96000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8efbab96000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008efbab9600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 30 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44D1B085-E495-4B5F-9EE6-34795C46E7E7}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}	MSIA832.tmp

Modifies data under HKEY_USERS 35 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	MSIA832.tmp
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "8"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MSIA832.tmp
Key created	\REGISTRY\USER\.DEFAULT\Environment	MSIA832.tmp
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Java VM\EnableJavaConsole = "0"	MSIA832.tmp
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "3"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "6"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Console	MSIA832.tmp
Key created	\REGISTRY\USER\.DEFAULT\Control Panel	MSIA832.tmp
Key created	\REGISTRY\USER\.DEFAULT\System	MSIA832.tmp
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\SessionHash = b07dc718a361b2dde033fd8825cd011d5e5989ccab2561aae8cff08f0e6a08ae	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "2"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "5"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "7"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MSIA832.tmp
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MSIA832.tmp
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	msiexec.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Owner = 20180000dc5fa6959831db01	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout	MSIA832.tmp
Key created	\REGISTRY\USER\.DEFAULT\Printers	MSIA832.tmp
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Sequence = "1"	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\EUDC	MSIA832.tmp
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "4"	svchost.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0098-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0151-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0107-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0174-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0161-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0049-ABCDEFFEDCBB}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0097-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0245-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0287-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0161-ABCDEFFEDCBC}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0300-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0286-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0235-ABCDEFFEDCBC}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0077-ABCDEFFEDCBB}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBC}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0148-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0234-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4074627901-37362009-3519777259-1000\{4400C9C1-A6DF-474A-BC52-7208ABF8A388}	svchost.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBC}	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0005-ABCDEFFEDCBC}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0347-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0001-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0294-ABCDEFFEDCBC}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0148-ABCDEFFEDCBC}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0299-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0042-ABCDEFFEDCBC}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0211-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0137-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0169-ABCDEFFEDCBC}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0120-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0293-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0030-ABCDEFFEDCBB}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0098-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0196-ABCDEFFEDCBC}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0232-ABCDEFFEDCBC}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0008-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0012-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0098-ABCDEFFEDCBB}	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0160-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0072-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0316-ABCDEFFEDCBC}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0341-ABCDEFFEDCBB}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0343-ABCDEFFEDCBB}	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0318-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0142-ABCDEFFEDCBC}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0093-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA}	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}\INPROCSERVER32	MSIA832.tmp
Key deleted	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0300-ABCDEFFEDCBB}\INPROCSERVER32	MSIA832.tmp

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\JavaSetup8u431.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 48 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
1640	msedge.exe
1640	msedge.exe
3548	identity_helper.exe
3548	identity_helper.exe
6608	msedge.exe
6608	msedge.exe
6608	msedge.exe
6608	msedge.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6944	msiexec.exe
6176	msiexec.exe
6176	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1516	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeDebugPrivilege	1640	msedge.exe
Token: SeDebugPrivilege	1640	msedge.exe
Token: SeDebugPrivilege	1640	msedge.exe
Token: SeDebugPrivilege	1640	msedge.exe
Token: SeDebugPrivilege	1416	setup.exe
Token: SeDebugPrivilege	1416	setup.exe
Token: SeDebugPrivilege	1416	setup.exe
Token: SeDebugPrivilege	1416	setup.exe
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeShutdownPrivilege	6944	msiexec.exe
Token: SeIncreaseQuotaPrivilege	6944	msiexec.exe
Token: SeSecurityPrivilege	6176	msiexec.exe
Token: SeCreateTokenPrivilege	6944	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	6944	msiexec.exe
Token: SeLockMemoryPrivilege	6944	msiexec.exe
Token: SeIncreaseQuotaPrivilege	6944	msiexec.exe
Token: SeMachineAccountPrivilege	6944	msiexec.exe
Token: SeTcbPrivilege	6944	msiexec.exe
Token: SeSecurityPrivilege	6944	msiexec.exe
Token: SeTakeOwnershipPrivilege	6944	msiexec.exe
Token: SeLoadDriverPrivilege	6944	msiexec.exe
Token: SeSystemProfilePrivilege	6944	msiexec.exe
Token: SeSystemtimePrivilege	6944	msiexec.exe
Token: SeProfSingleProcessPrivilege	6944	msiexec.exe
Token: SeIncBasePriorityPrivilege	6944	msiexec.exe
Token: SeCreatePagefilePrivilege	6944	msiexec.exe
Token: SeCreatePermanentPrivilege	6944	msiexec.exe
Token: SeBackupPrivilege	6944	msiexec.exe
Token: SeRestorePrivilege	6944	msiexec.exe
Token: SeShutdownPrivilege	6944	msiexec.exe
Token: SeDebugPrivilege	6944	msiexec.exe
Token: SeAuditPrivilege	6944	msiexec.exe
Token: SeSystemEnvironmentPrivilege	6944	msiexec.exe
Token: SeChangeNotifyPrivilege	6944	msiexec.exe
Token: SeRemoteShutdownPrivilege	6944	msiexec.exe
Token: SeUndockPrivilege	6944	msiexec.exe
Token: SeSyncAgentPrivilege	6944	msiexec.exe
Token: SeEnableDelegationPrivilege	6944	msiexec.exe
Token: SeManageVolumePrivilege	6944	msiexec.exe
Token: SeImpersonatePrivilege	6944	msiexec.exe
Token: SeCreateGlobalPrivilege	6944	msiexec.exe
Token: SeBackupPrivilege	7052	vssvc.exe
Token: SeRestorePrivilege	7052	vssvc.exe
Token: SeAuditPrivilege	7052	vssvc.exe
Token: SeBackupPrivilege	6176	msiexec.exe
Token: SeRestorePrivilege	6176	msiexec.exe
Token: SeRestorePrivilege	6176	msiexec.exe
Token: SeTakeOwnershipPrivilege	6176	msiexec.exe
Token: SeRestorePrivilege	6176	msiexec.exe
Token: SeTakeOwnershipPrivilege	6176	msiexec.exe
Token: SeRestorePrivilege	6176	msiexec.exe
Token: SeTakeOwnershipPrivilege	6176	msiexec.exe
Token: SeRestorePrivilege	6176	msiexec.exe
Token: SeTakeOwnershipPrivilege	6176	msiexec.exe
Token: SeRestorePrivilege	6176	msiexec.exe
Token: SeTakeOwnershipPrivilege	6176	msiexec.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
1640	msedge.exe
1640	msedge.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
6944	msiexec.exe
6944	msiexec.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
1676	javaw.exe
1676	javaw.exe
4376	OpenWith.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
564	javaw.exe
564	javaw.exe
1516	OpenWith.exe
564	javaw.exe
564	javaw.exe
6724	OpenWith.exe
4140	javaw.exe
4140	javaw.exe
6444	OpenWith.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
5836	JavaSetup8u431.exe
5836	JavaSetup8u431.exe
5836	JavaSetup8u431.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
5184	JavaSetup8u431.exe
5184	JavaSetup8u431.exe
5184	JavaSetup8u431.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 1676	2708	LauncherFenix-Minecraft-v7.exe	83
PID 2708 wrote to memory of 1676	2708	LauncherFenix-Minecraft-v7.exe	83
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 2328 wrote to memory of 3128	2328	firefox.exe	107
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 2212	3128	firefox.exe	108
PID 3128 wrote to memory of 4160	3128	firefox.exe	109
PID 3128 wrote to memory of 4160	3128	firefox.exe	109
PID 3128 wrote to memory of 4160	3128	firefox.exe	109
PID 3128 wrote to memory of 4160	3128	firefox.exe	109
PID 3128 wrote to memory of 4160	3128	firefox.exe	109
PID 3128 wrote to memory of 4160	3128	firefox.exe	109

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1676

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:4408

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
PID:748

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f03257bb-214d-4de0-9ab8-7bff13876af6} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" gpu
    3⤵
    PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b24da63-d29c-417e-b765-db0106c732f5} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" socket
    3⤵
    PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2972 -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 3044 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e0260cc-e113-4e6d-8e85-ef4101fa4a97} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3280 -childID 2 -isForBrowser -prefsHandle 2684 -prefMapHandle 3740 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5db1b0b-c953-4201-b9c6-3fd14fb02e7d} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4784 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4796 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1614f94-a342-4e3e-a926-fed18bb6f632} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" utility
    3⤵
    - Checks processor information in registry
    PID:5232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 3 -isForBrowser -prefsHandle 5296 -prefMapHandle 5292 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c19e0fe0-da40-4dd2-9b1a-991efe8f764b} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:5768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 4 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {decc7206-5540-4d12-ada0-dd4479c41409} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:5780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5640 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e8068a7-7f47-43a3-b40f-f3819899ebcb} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6100 -childID 6 -isForBrowser -prefsHandle 6080 -prefMapHandle 6096 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50b05093-c6e5-4d56-b839-91bd2ba591c6} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:4356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6416 -childID 7 -isForBrowser -prefsHandle 6568 -prefMapHandle 6532 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04dbbcba-3fb1-4c6e-8734-c237f7198358} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:6096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6808 -childID 8 -isForBrowser -prefsHandle 6800 -prefMapHandle 6892 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e5d9ed6-54c3-4136-895d-90ca9e1b10e4} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:5340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6828 -childID 9 -isForBrowser -prefsHandle 7056 -prefMapHandle 7060 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c54af42-7132-4e29-bb41-2e2f4521dd3b} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:1012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -childID 10 -isForBrowser -prefsHandle 6176 -prefMapHandle 6132 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e95f2c6-e418-4441-81c3-04ad85de2626} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:5152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6864 -childID 11 -isForBrowser -prefsHandle 6848 -prefMapHandle 6852 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce2ba909-77a1-450b-8e2a-3f9524bd5444} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:1456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7048 -childID 12 -isForBrowser -prefsHandle 7192 -prefMapHandle 7220 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe0c8884-dcb0-4cd4-8470-c1eebedfb127} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:4616
- - C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe
    "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2076
  - - C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://launcherfenix.com.ar/wope/register/
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        
        PID:1640
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ff91ffc46f8,0x7ff91ffc4708,0x7ff91ffc4718
        6⤵
        
        PID:5412
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
        6⤵
        
        PID:4256
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2332
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
        6⤵
        
        PID:3596
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
        6⤵
        
        PID:2876
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
        6⤵
        
        PID:5560
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
        6⤵
        
        PID:5160
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
        6⤵
        
        PID:4056
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
        6⤵
        
        PID:5164
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
        6⤵
        Drops file in Program Files directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1416
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x144,0x140,0x18c,0x13c,0x7ff666195460,0x7ff666195470,0x7ff666195480
        7⤵
        
        PID:4236
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3548
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
        6⤵
        
        PID:6224
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
        6⤵
        
        PID:6232
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
        6⤵
        
        PID:6412
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
        6⤵
        
        PID:6420
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
        6⤵
        
        PID:6832
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
        6⤵
        
        PID:6924
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
        6⤵
        
        PID:7052
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
        6⤵
        
        PID:7100
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
        6⤵
        
        PID:6552
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
        6⤵
        
        PID:6500
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3828 /prefetch:2
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6608
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
        6⤵
        
        PID:6636
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
        6⤵
        
        PID:6956
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
        6⤵
        
        PID:3264
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8457537774795051366,16019850791720169940,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
        6⤵
        
        PID:7116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://launcherfenix.com.ar/wope/register/
        5⤵
        
        PID:4344
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ff91ffc46f8,0x7ff91ffc4708,0x7ff91ffc4718
        6⤵
        
        PID:3812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 13 -isForBrowser -prefsHandle 7100 -prefMapHandle 6892 -prefsLen 28088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08522570-5785-4569-a693-0ac139294968} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:3624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7772 -childID 14 -isForBrowser -prefsHandle 5324 -prefMapHandle 6516 -prefsLen 28088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4f5765b-2425-4542-ad95-0aff4d3e6231} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:5536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7936 -childID 15 -isForBrowser -prefsHandle 7928 -prefMapHandle 7924 -prefsLen 28088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc7dbd45-a2b0-4f43-b245-3617357f51e5} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:7048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2568 -childID 16 -isForBrowser -prefsHandle 5896 -prefMapHandle 6008 -prefsLen 28088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87f97777-8db3-4c9d-9b66-75418776e4de} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:1064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 17 -isForBrowser -prefsHandle 5176 -prefMapHandle 7228 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80c5d9d9-b974-4e84-9ce8-5d14a5c5b998} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6568 -childID 18 -isForBrowser -prefsHandle 1428 -prefMapHandle 1536 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cbcf6f6-2ec1-4f15-86be-c6e0c2ddc82f} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:4016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6880 -childID 19 -isForBrowser -prefsHandle 5284 -prefMapHandle 7032 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cd29750-30dd-4481-8e93-87fd334f7619} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7596 -childID 20 -isForBrowser -prefsHandle 7444 -prefMapHandle 5400 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d778cd5-19c5-441c-98a0-2563ffb661c4} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:2004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6880 -childID 21 -isForBrowser -prefsHandle 5148 -prefMapHandle 8156 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1238029a-de66-46f7-83ef-18a657b90583} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:2788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5852 -childID 22 -isForBrowser -prefsHandle 8228 -prefMapHandle 8100 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb34c12d-d394-4e6b-b96a-e9e128ada711} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
    3⤵
    PID:6072
- - C:\Users\Admin\Downloads\JavaSetup8u431.exe
    "C:\Users\Admin\Downloads\JavaSetup8u431.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\jds241397734.tmp\JavaSetup8u431.exe
      "C:\Users\Admin\AppData\Local\Temp\jds241397734.tmp\JavaSetup8u431.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5836
- - C:\Users\Admin\Downloads\JavaSetup8u431.exe
    "C:\Users\Admin\Downloads\JavaSetup8u431.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\jds241453656.tmp\JavaSetup8u431.exe
      "C:\Users\Admin\AppData\Local\Temp\jds241453656.tmp\JavaSetup8u431.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5184

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5608

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:5288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:1968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:6560

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:3732

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:6092

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:3248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:6768

C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6504
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4140

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:6268

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:5912

C:\Windows\system32\msiexec.exe
"C:\Windows\system32\msiexec.exe" /qb /x {77924AE4-039E-4CA4-87B4-2F64180381F0}
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6944

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6176
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:4
  2⤵
  PID:4788
- C:\Windows\Installer\MSIA832.tmp
  "C:\Windows\Installer\MSIA832.tmp" INSTALLDIR="C:\Program Files\Java\jre-1.8\\" ProductCode={77924AE4-039E-4CA4-87B4-2F64180381F0}
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies Internet Explorer settings
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:2788
- - C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
    "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5572
  - - C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\SysWOW64\msiexec.exe" /x {4A03706F-666A-4037-7777-5F2748764D10} /qn
      4⤵
      System Location Discovery: System Language Discovery
      PID:692
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 9DFBC9557BA2A881B32B854EF8D49BAC E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:6960
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 923924B442295D47278AC7B06F86F623
  2⤵
  - Loads dropped DLL
  PID:396
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding ADE3D79C3D3A6F0E1B7A1B86CFEB02A6 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6744

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:7052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:7124

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\a8f848120a0f463194ebd0530e641e37 /t 1464 /p 5836
1⤵
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e629632.rbs

Filesize
105KB

MD5
eaf09cbf538fc435cdabf820b61efe0e

SHA1
59fa8ed32a94bda8c2f221b3c7b2c65dd70028e8

SHA256
9b7194ef086061dd2abe2bc978d07f94c5ab076e05e5993c5d41a2420991f315

SHA512
0587001e7669439bbec1c250858aa8714f8be4691e62ef611f8ca8947e99a45bb6aa3d5a21bae9e130723f9ce9c17e909377d38c446745b7a76186c2b23f062d

Download Submit
C:\Config.Msi\e629753.rbs

Filesize
7KB

MD5
dafa3732bf1005b930f6ba653a29578c

SHA1
930b05815b4b66b1e95869d5b86630572d1b0eee

SHA256
37547a34433236c0bb7f374434005e21fbdd7eb5462b2587fceb459887f2481f

SHA512
991799ec1f1b0bce402df77fb7b5cb8a763f4573c08ae8450d55a1852f532b87b3a25f8496b77ec378b5ae583b2010a894b9f0d9720696b4d29a804ef8dcdbbd

Download Submit
C:\Program Files\Java\jre-1.8\bin\deploy.dll

Filesize
575KB

MD5
721ff15668138e68056de8562f79fd5b

SHA1
a9e109ec4ecfad1b2d0cc222e715633a588c0a89

SHA256
4cd0833982648e6898951344beb6f93dadb30c962e8282bb12b4357663a26d77

SHA512
4f6d5d1c7b40d693f49185aae375bb6c9a4d8deeee647cc25a38c3632dfdaf058cd1c76490ce3d84d6539164ec07abb1e799ffe78d3566f943bf134b4128d27e

Download Submit
C:\Program Files\Java\jre-1.8\bin\wsdetect.dll

Filesize
240KB

MD5
cd1df97b4d0e9a66d356f2145c96ff18

SHA1
7271c3d25417b15a43db4239ef3124e11320d08c

SHA256
47baae9bf5e3465fc6e240a4cac9399faab95921048241bbbbf2f016680671b8

SHA512
482c8d22a68c08b6e81e5a2df98bc0e778400251ed2e633346c9bd4990439c4f183f24130f158bf6122fa986964ce2fa00493bc9bc21a00e96ae5f8520ac53df

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url

Filesize
193B

MD5
05a8bfa71a5f65da68bc09688a9b30c7

SHA1
1620484f5210e0e719d0363d1672501404d57bbe

SHA256
ee55ddf4cda30cd0f0fdb4fc2d0bf9ecca5dae113d1eddd9b935de8cc7ff432f

SHA512
adf9dcc60912800a0a6d5884cdcdabd82e7fda43ceb49258264cf5d02fe402d36720319fe5b386f5719eb5ba7305fdb8568d126d0264402d84fffae247a49a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fccab8a2a3330ebd702a08d6cc6c1aee

SHA1
2d0ea7fa697cb1723d240ebf3c0781ce56273cf7

SHA256
fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712

SHA512
5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d533e1f93a61b94eea29bf4313b0a8e

SHA1
96c1f0811d9e2fbf408e1b7186921b855fc891db

SHA256
ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3

SHA512
b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6154d974f85cd30f1c789c119414a64b

SHA1
e371e85af5128afa3684efd83e2a161eea924be9

SHA256
86b2387aa68a616639222e1f3c06f7e49482f5c0f3575682fa1781900f53f62e

SHA512
0e2a2dfc565137acb8f5821b6d040f1769f179df22aad344c789ce3e75ad65db3f9e4e89baa9adfbdd1e871d4d8b82c1918ced0550fd3b8b13d949b9b12935a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
42KB

MD5
ca97395825c40eafec298f0972292c79

SHA1
8121e60a8534481a43f7c2534ca87a415a79cfaa

SHA256
bb8e58a27290ac6aa1050342a342f55cadbc4090de899d5be4ac450db191377c

SHA512
76b5d472958add510d3d0e9f85e10bf73b4d7975d4b3e179d27f92bf46550556a52524eddd680596ea419b12d0e3a01c3b5fb35d86f7fcc7f5fbca2dcc45c42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
30KB

MD5
561dca00fc47ff031a14f68258a152ed

SHA1
cab1b33dcced60a4f792153cdaac3dae065af71b

SHA256
4877b9c70712cdf4818cd66d1680d15bb34634eae12bcb309fc976138d9eef73

SHA512
f9e2ac2666f2c22cd57e4731caa85b8d2ba4adf18e0d890876b1dd2dfb1549d0c13129b76be38635ae93550a4c7403705326f49a7ddac8c9247024c872bb23d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
79KB

MD5
1e3d6ddef9edb76dc10216f9d5cb8871

SHA1
c3a8d8b97a945a4c2bd829c75f8997332d114c71

SHA256
5f1b366a271cd9d8a9c0b67be86087e6e8f62b94e1183f7e60f151cb82776be3

SHA512
731d1eb357667c648178fe2e708e761dc71c3dd24e2fa5c48d1d40ad8d0daad66acaef2958e5f7516ede6023930f4eaf39be490cffa43f21cad0250e9e4fa0c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
96KB

MD5
cd640f8ebdcf95990b761e3b7321afec

SHA1
4a2c398c7f92d0159522662f82167c3f1fd6ac96

SHA256
912336a442c79cf8cbf9e7e206386a3a94e931d1260f772340c0b6518d0b045c

SHA512
85d03bc60b0128b2c0a40d89262a4127a82e1d7063e5bd430ffe8ae05e78a320705c11275fdcfda3961c0f3bbf9d7a4aeb549427e1a2e21cc24137ae11f6ca2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
143KB

MD5
c3ce714b5cb78905ea3ea139f12e127c

SHA1
5560d95244f831ebb1f3047598bc6d212a5e0144

SHA256
99c55e5f407c289685cdbb00b19dfd5f3d8c99f08542ab0b582c713207215906

SHA512
dc7daba98b31d98c185a0b0d0ce3f75d48db67d69cea897b4819fad5eef9252b49558c7b5505a4ac79396b3d366ef7f54f8921f669256738d1d5a4c47d1c194e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
908e9a0e222456911440b33ee6b2ff85

SHA1
944d0c77ba25533d546ed58ef82985c936cb6082

SHA256
7a18f659e000103413f3b9b5511e9eaa649727173a4f8af721ddbace1593a9fc

SHA512
8ea5889148407877537ca1a9ef69218a24f0895afecac12200371c45275253dc053f385e203339003b1a9aa34d7e3be8585039bbc59ca519307ba505067424c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0c26b63cb9c9be561ec0c19601f1e240

SHA1
110a44071baeb9b4965061fd2982517d3edd14dc

SHA256
3de5ceca49130b189768e0be3f5de85af857f99c663c029bf25f5f18653fc276

SHA512
bfc9ce69d72a6b7c31622a22c61669eb7ec6ede1291073c4f75ea4d0ea3b7877cbafe96f59e535a7c0e9b88c44b5566f32885003433aa2abc9c008ae213d86f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
3c3e98ac2cbf353be756cb5a919cf25f

SHA1
d0bc4b080d861432e3e7659335b62ef6a125bec3

SHA256
162a8749f463e048c48272b7999dc4e6e05f57aabb6101314a5254e6ced385d6

SHA512
ea9ff82773c2ad89c5ebe52c41010b63c9d18ac82c06d0a2fe0676af289cce54aa930ebfa134e56b679ab25b9699cc77e68865c8e7ed73bf775851ba9eee2d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
cfaa49aab67150865adaa2bc2303817c

SHA1
decf8767e3101cbe9956fe99447bcc09c939398d

SHA256
7ecec2d088662447e3314869418db49c4b67df56282aa0ea3f1c521b441ce11d

SHA512
7800dd1913fe974e4823846bd5185afbce950cf35dda3dc65fc2870412a79404a70eef4d9b637bf92d7cbba6c290a474d629216e55a2a0979e754cfc272c283c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
415427d089a3eed4df6d7e99177516d3

SHA1
b5dc2c07c831c5f7a1dcab9e1013047539fd73df

SHA256
14efda490b3f765a48cdf4d3f721bf1963fd1533104fd05ea9127acad509d5bc

SHA512
2fa97e5ccbc70cb93cbf0729656673cc07c91675288b62d64db73202573e85988c40f44063faf6b077552d57b27725b884c5b6f3d78554923ac99ec424f0f653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
6f65b07fea4d96cf66104dd804c5b2d9

SHA1
45c00c51e38688542d5293ecce8a7bc00a97e646

SHA256
40d7e993cbfec7ad29bba6f1604b2ad9e422d185afd0692f95f4e94805232bf5

SHA512
7e010d42aa4a94a0937485ba2990af8eac8ef967b131f06716ddcc9da92d1651d71022ebdc18cb4ce556a3ae501678fed93a64664d8fa589bfb2ed768855e1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a4f75bf06d5ba4c53b35bcceb4ebcc42

SHA1
4b716f7e667ae3e48cfb25314e4511293f9fb665

SHA256
a9b989c4f87d51ee8968446a00077b70597404a4a20869d8cbae1d0d93ed1a50

SHA512
de4345533672cded62495ab109c1838d1353f2dbe9379c8e0dd5d13bbeeffcd7b7ed9c900c40c4473776e86bb5addd4ae4b2c93d26a42c0ec101bbbd24d4f6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
19566f37153b4f834c806db12db2d8ba

SHA1
adde3d89a6cdcdd781eb65487d02ffe65934f3cb

SHA256
c60009f3ba2979d7e6bd2c54986d5da1c06ce765ec64899d377ee8d24ff1ae7f

SHA512
6ab71a190590c55f191f5b287f2b94eb22f2c397878baaeefc06bc38cf1e37bd1511df988e3e050d1d44cba332b78b70e03903dc64dd824cb1572aaae715b7d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7c1acc14fc598776421e9a585471ff4f

SHA1
44fd0a07304f95c32872c08b633b560f909fb9fa

SHA256
c4120fecbcf5206eedab4b127f66b298f9602517b17bb94eec96476470ba4150

SHA512
72d2c6174fbf39cac087c0b40f851d57b1e3fdd99eaaf30163aa7021ba4b09c39e4d9885692c7326d8d429fcc15a36ade206067bc5265c96f86592ac22202b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
960fa3156737005136cf47d91b4812ae

SHA1
63c6042cd18b2b6de8a009cbcf068f239c562cf3

SHA256
0b223190e1ebdadbf94c260153f059fd26054ec1c1418f61bfd22573e43d8017

SHA512
9c1f4b2d176d9cfd48279cd6906412f065d625f0ea23d23973fb4b07e4976f5ce453f363e2e724f8e5da593d4235308bb305ba0fe6e4f511c1dd5e6aaa245903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90f49e07a2274b1064b5389726c6cad3

SHA1
6b19d3086eb7ad91ebdaa7e2f07217bc2dd5dd32

SHA256
9d72afb985e1c7ab2c65e21074c77414dcd96461d706f0275f622b161eb2e866

SHA512
e6e6c329a1a8534c3eba824f565385af1bf3e41ea81fb7d0eb657a298adeff733d912faf064ecf166b4dd568cc952857358c4ad421e379bba8656aed3431c320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48ebbcc55098808f46f73067bd7f6b19

SHA1
a63aefb2f92b70e8b27172ca19981d29171ccc61

SHA256
158805e3714c8963866e06f4bdddf02d49ab4ef76d2aa0f31621b7e6665335d2

SHA512
c9204f0eaf05675011a770cd1f5ec068835a3507ad5c698fdbc3d3295d2623b094f4fd9139ec292842a70c5809cf799e5adb0be015db6b7e967bf13cb1b356fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36c8ef165bcfa5a7c4cfc3fbeef339a3

SHA1
1d765e068cd8b551082bbfcd79c76d6f09e0080e

SHA256
9f1bd3de110d30edeabda1ace75495f742b33b7e6ba5793631120a856dc54ee0

SHA512
34d35fae5b19a851bdeb4483a0a14a8e5bef5fac08d56821d48770e95f3e59e86e46a408240da0d886779a931d7546db984dadd0a250f24394f74b3cdf44225e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
0023d3b7ec10042e52f91e16eb681653

SHA1
6598a0a0f7dbd288448ee2dae0da6fa194af4d6c

SHA256
5476069a2c79ae42300c48d144afdc78eee5ce8ef319757c924a761c84892b6a

SHA512
88ca8a51e93e1a569f7aaf520b4fa91e8db722bc4963c24dff9ea31944cc2cdf96a6fec1ffbef926b15f35c6c4bc36c73b91697cf38e396511719e7bb93d4037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0bdcf18862e5eccc0e9aa8a7aa1840d

SHA1
fea2ea5dd9ff1a006f76905579d45fe3e67acbb5

SHA256
dba37fc5cce0fe811f083797ff355866b1a9853532cb57b8d3ff2ff579c010f3

SHA512
1d073724d79f6f71a0c87a7d3fa960b1df315d5e6f99a218c5a2f2023834f9cbaf5a548d76c35d552d6553f2baa46f2e0f81c3c9f1c7de256388d1e4ce036441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92a14b07dfa68156bd6da20567446dd3

SHA1
f1ec53fbe3158de62215fec5f3bb9fbef0a93428

SHA256
5de92ca4759d9952aa8d4e71fbd877b8f4b694d6d67f7cdfe3c4420b2bbcf7a8

SHA512
3e5115187cd2fffe4dac8ac5f3e154ef3b5c19a11895c0598294a3b4877a0745f61708f10a9dbf06f5b36492cbcbb2ff8980a5a934924e8eb6dcf2be0de9f5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8c068645426cad9ca87466731ccac1c

SHA1
61e994e152bfdd5590ebef16fed250029f10e7c9

SHA256
f6380fdf54b7bf9b5b4c4f8ad7d4efdb1581869fc7fb6506845aaee57ccd9bb4

SHA512
614d3792b7c29663cd5dad3bf53a1bb96374b38c603bff36ccd18d2b22f3b589bf479fbccf8f99fa055b0aec31bd91ee7dbc0f288cdd9e101512e570f5f1c22a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ed659b1d7a51e558246bd24f62fff931

SHA1
84685d6f04379c290e4261ff04e9e1879d54d42c

SHA256
23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690

SHA512
1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ec09c7cbd7cb0b8a777b3a9e2a1892e

SHA1
3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd

SHA256
a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e

SHA512
5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4c1b058b8682dff9997f2cf8f018010a24a5a597\65a91261-6bc2-415d-9a33-5b5d3c0bc565\index-dir\the-real-index

Filesize
1KB

MD5
0b619fe8234a63c4a07dc0c8e81b326a

SHA1
afd15a1daba2065896a1d87651839f4faa04688e

SHA256
6d29aebfbb73f03baf3872fcb2f8bb60bf1409c4e4b987190c1435318b4ba1d1

SHA512
7beb7a93736bcbb5532e8401ada20fcac9494b039ed1494e16d73144e6c1bf3e52e590591d42af3111c5b2a1c1f174351aad0b83ce1ea97cdfb421da85d496d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4c1b058b8682dff9997f2cf8f018010a24a5a597\65a91261-6bc2-415d-9a33-5b5d3c0bc565\index-dir\the-real-index~RFe5ec2e0.TMP

Filesize
48B

MD5
07fa2cc9fdd7998cc342382854f9d64b

SHA1
34077a2324719ecf31b1c80a4c9a51cf63a20d5a

SHA256
5af327c7f0d6a3f7e1d74b79dc42278d5e66efc97714f2c393ba26296f1cd69e

SHA512
7119f5ab7b75318afbc51da674dd72f6d1e56eb68859279c3a3622e78b2190079d2632faf53c954d74a90d4554de4d935ebff380bfc7ec65fec2ee9cb1e149ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4c1b058b8682dff9997f2cf8f018010a24a5a597\index.txt

Filesize
145B

MD5
f22ff7e23d325cd924d2044528b20c04

SHA1
4a51a3272f770b56c737fc761f37c756e26674ad

SHA256
59e86fcfd1642f96d4254b8b52abd53cdf4f3e435d2123703fec174385b11a7d

SHA512
84b0c91316f3126f7a585f5f735e004e9b9064fe61bde1e694a90f7e85577c3ca44d5f03e0f76a97ac804068ee7f4be0116c30d0fdc64f7e653076a799aee3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4c1b058b8682dff9997f2cf8f018010a24a5a597\index.txt

Filesize
141B

MD5
e352b29ef21e887eb28d2812f59a9758

SHA1
129207f33b2f10210b3ba457cad0ac33bf18bee5

SHA256
e219cf4d25c17817d61071d8a36850a23706d3893ede9acfceae60c424d0bd02

SHA512
73de530e5946565b49b2439b9143f3e9a19d57216cfd3500388df42edc6fb4c01092230711bb2193ce0ab9867acfd361d89bf5cc4b3d69840189c6a658b553d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2ec285889029caf81f4c46ce6a63171b

SHA1
df295d5853ca4fa46ef4f0a574dcf26a71ec751b

SHA256
e19bb1d460c91e03748b8ccbd8f497e988e816678154e55e625dac0c8ff481d6

SHA512
82266d9b3f47604c04dc30f349f87132c14cc76a7f0eae3542b7bd044931d36deb07f10ba365be151cddd04ee47b4cc9c5b3a5ee118d760605fb30963186ecd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5eab51.TMP

Filesize
48B

MD5
3cab951a102762f8703aeaad31046f8b

SHA1
7f473506e5293e181a5dd3ca7fb1cbd04cebc4a7

SHA256
80f701c94dc07d0aee9ce9270a051b136a990abfc44aaa6e7ca51e0ce871dc6e

SHA512
1b0b8db073fb4e099f2a534a75a08bfd040774b6eb7bdc4848c61b016cc0551965cd488b929d094dec1362adc90b3cc61072ae861bcc629f958822a09cdc0068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12d5d038fc34234b068c1e737e5022db

SHA1
57dc083af1328819080b0c1b043c5def05310f1c

SHA256
0131ed2a4e41975f814ac9882ac7d56962cd351a76b0835eccc0a5ef12bbced0

SHA512
5162af9d414bdd13b57c42a620c792533b8938207e7f613f2f04a8e6ba5dee56a814ee872c472ea406fb5646267015a7e20f480e03441ab952f3a8d26b761585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c72c94a053a7cce543ecc617f5ccef8

SHA1
8a94d4ada2923f3da6600b916a83e90b42ce28c7

SHA256
8511c3dd025245a87d95bfedbd7c1115605bb95e56a4ae2277f9733ad4d478b9

SHA512
ea66a5b194e71d2294bfc4ec20c64f94431a0225b3244309a940a82fc91ae9f98dba5ed3b8e7276fc5460f5b750d56357b12047b00aa4c6e67a3df98c95e4a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e779f.TMP

Filesize
706B

MD5
482fa2c02e424a35f297cfdab2658628

SHA1
b0b3c69a7cba9137ac79b1b765b9d56211043708

SHA256
1be88239977abace5b3d1332802921d5b7bb55795b1b86001dcb10cb6874d5e7

SHA512
1f39bf3357389e8782adf487c50a38e4dee4043e355ccf8497e8440914d5bb40dd9929d4e8b89909d55b783c8c9e709ff6047bdb83b3a95352fefc126eb3e375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d36b7228-104f-4582-9512-12b3adeb635c.tmp

Filesize
5KB

MD5
c62254ae04595083da5fcf3efb309bbf

SHA1
6d4b876b6e9116b7dae65ce82744717b0bcb5f48

SHA256
70d36d2131f5c06638e9f0e71ea2c2adeca0652e8e6157ddfd87a12917433a5d

SHA512
6973c286f60b229e74c3007ead703255b3dd84647a7ce4d348c87fd3eb00aeaf9ad8383eab053d260601cac32d2b8323b3ed66cd4c7725dd41e074c6be99fd84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e7832648a7f8e718c186c0cffc65cb3b

SHA1
6889f10f7096558007f0682887be5edff97ae63f

SHA256
f436ff7d98e20f4ad4f0291d9125aa36e354cd96aafe95d073686a03f9b75364

SHA512
b0f9ea9676f5d6f1f74285911d40a33329e5481a1a14254a4179bda84bed8e57646a4636af5429b1cdba45fcf9e1700d75f3f54c76e5744dd64657cbcebbf919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
432cfe3bd167e08a536c208b31675ea5

SHA1
7b9b021e3b6e850442457cae840808488cf920dc

SHA256
3e10feabe39d7b70b9da1a225e4f7877e4b7aad4d3a3524aacb5276d2f096af7

SHA512
533a71d34cbfe02a3c0eaa45cb5f73d532041600942ae7635721de55d9dad19ac3e7ac7dfd624728b759894e5b09b8a7701e85604cce73d8a200c3107c80cb1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da6c98135a5fe104c0893936a464cf68

SHA1
a394262215197b2a7f03a574583f599d546f97d7

SHA256
3dd30a055cb79a145044bb8353ff1a948b4bf8b6101251ec9d4bbfd64bf4ef47

SHA512
62fcdf344a164829eeacd7787b04c26290bab0ea4c334b35da95b5761088f9b6b5e2ff657a6405879cf546c3e6dc64d75b5bb74c9364de0bf27c51a04038f104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ed3b4daa0d2a21e4ce43b18827878ec

SHA1
a46ddb122d1bf1f7b45067c2b7848d93079a45be

SHA256
0991266044ee81517c13fddf2932d4c660f5d1973317f85a4e60a59c8a9595ec

SHA512
98b1f0ba654437730f10807e81dce2faca76a2cf837a7848a097f9c53be7ef66740a29003c994e4e6bab3730cdf08529d6b8e43ec43f0f537b3c7446e4c81520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48e925099adabc5338b6ba2c711618ed

SHA1
c19faf30b56d34dc0d17c9e3510ee56d977afbee

SHA256
80c1eb2adf594b5d0750bab016bd2d5d70f6fcf1f47d29f2066a562f6217e445

SHA512
1d397c0e637055ec8463a557ddbf08c08b386ff7f214fea5f992ec05bdb6710c0f3f3434fb690b7636eab537bb4fe4b8e3e3ebde0ec329a08f7ee26c23110192

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
85efed532773789230c2128a83e9935f

SHA1
82691299d4595193d9e7e5b56b38d36667c0031b

SHA256
8a68c3779e03eacd97fc4124a62773dd54dba69fb7da35ab5514b00a15456123

SHA512
5fa7becf00cfd15f6100b677492e615ce5014efca01693e095621762b0686b2948fea0d123b51aaab499971242cc7e9cfecfbe72317038ea316bf518d100f1a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\doomed\31950

Filesize
19KB

MD5
bfd80c10959aebedb1c57b202a104f56

SHA1
6bba7ac89e5912776733099f26fc28e06252f40e

SHA256
463426e267f58278d947a6cc45372f4a917434a90db4a8be7c11a7b115bf67ce

SHA512
8e9971e30fd0494d12c61e40bce079becfc71b0976fa6631244f1a0f0b8578fbb2368e69b2026e1d9c6c0eff9633e1d4ba1ab626d50942f13aac24b733ba3d2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\0175583084391DCA3754E8E4F3548B50FDCDC067

Filesize
213KB

MD5
7849209340b8ee596daf0ca4d5925fe5

SHA1
7826606de4de381b97585d0a293c1cf2cdca1b73

SHA256
d7a68a5f3e56d43951a21603c219d2ef9258a1e33c5aadced6559ba97df91168

SHA512
0b067d10b9cdcccec6ded7c6d8ef4df94cf0fe9d182364bb3162b9cef11e795742bf093734dcf4d2726d7bf0a827c711249114389e666fa41f13af2167249bc6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\07CFD0D9BF9C7034F01F002A6BE9888AA0F81490

Filesize
50KB

MD5
f648b7e83cf6d114789ad6382a51483b

SHA1
381bb44d290eec3aef5431f5068d800b4283d824

SHA256
f1d0f63d7620474befb179bba81bdcb19673bb0646d4172e5a259d60ef4adfcf

SHA512
c7a654833758363c15756c12f7855058876638fd866d61ce2779db1416fab860787cddb3c1185d081c02c51b2b1d3b95bdac0074caa58aa7684295c03ac1d90c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\2B022D45FD2540F6DAEB94FC19E83A98568A3D0E

Filesize
66KB

MD5
6a5bd2b495ce38274675644b1cf058f8

SHA1
f8bc123f8d7c44100106603a78d961e7fa16a5b3

SHA256
27c29a11186cba1e382a4da30864e806b09e505ba763e7e88da188300854d11a

SHA512
fc4446e996467ae5d0267c777b8e8f654b9def7f1560d737e772c7fc3a881fb116b1bed3af28a6c5485c1be98d0720f8830a291b755600cddb918fc00d879c05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\377C1C024F06467D87FBCC7D1EB1BB61E8533494

Filesize
30KB

MD5
ddb447e63fde3f9afb5cdef5d4a03a4f

SHA1
d6f23056c244bc5957dc8b9d1d163658507f801e

SHA256
09c70790b74a0a432792783b196321b80896869b3814a157c1799dad0fddcc3e

SHA512
dcc6ec0b98c367e6fb6bb3cf9264d5acde27863725fdc79866b34650f3c5775aa438539dbad3f5f5cb50735adfb10108b1b6ce2ed6f6cee35818345de16f69ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\50821651D57B986BBB61B7389257AA7BE841EF1B

Filesize
17KB

MD5
2a96d4fca44a8810c91783f18af104ad

SHA1
6f70cbc27a3bcbf9d29659e140607332cb705a0d

SHA256
925ebfb6872cf3bd679fe34703f5009231713ea9aa9d8e2fe00d6379597935aa

SHA512
f5f6c1d35ea27b85167228e255a4091526778afc6ee35bbab88d3ac76fbd2bc0b817920bcfee3f361130db406f18500c0fe8cd12edee2d8ca3c376ee07cc08f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\575D73D645BF950B60F31C5FACF74DA052A69FD8

Filesize
23KB

MD5
a4e36925732b239ba7066a7818e5f856

SHA1
cbb580fd40e8e13b55e767c86faab4e54f68021c

SHA256
e3e4df16a7a3f59b9d32102b3da712b1a55e59a4fadccec5e83c9c32bd303700

SHA512
c47a06c3ea286686d8f5bbab75b542c56605f90f6f32a8711fb3abe04a11df313d44641f5b7aa2640c95acd502831bc301cee439d630ecce2e8182a5d06d2e52

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\578B35B1A9FD2F275E2E0D76451714AB1861DEAF

Filesize
121KB

MD5
9500805d5d52ff0253fa8342a4d49b14

SHA1
4f3dfeef6ba9db5682471aa010c5a48e9137db3e

SHA256
160eb10f107d0ae72b4a88ec7a69bc03db63cabeff02e4f0b37b94e6c2a90522

SHA512
8d0dd33eb417fec4bb358c974256018afa8df7b36f12b998096259d80d88d8a3f54bd35c23426fd695fbb5ec2c10f81f35046acc5fb2958810cf7e3c20744422

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\61AC37629C707D1BC0633B4259CFD054970AE9F1

Filesize
1.1MB

MD5
e873e32be0f10f63dd1e7a719eee0c67

SHA1
94d384f63bf30256a1eb22fd1c44b9d6e989cd37

SHA256
3fac278d020ff244088ef87ebff84fdf1243b365809b6a4c987c39abc915f33f

SHA512
982ccbc51d884099827db503b4d5d774573cbc3b322f9bbdab40439d0e61116cd88d051ad0d8de2742640021759ae058e00ec6716ef0f9069d406a7167f582f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\789F8D6C3EB61494DD276776DCB7E1B817678F4B

Filesize
83KB

MD5
8748eb8d3d901f6ab86ee2d312ac8541

SHA1
79da0b49d3d24caaa6c8ee975d286d7e6029a60e

SHA256
e70a74f025d7731f7c60ea897d45b7121c60bd43901605b3d544602c4ec8a094

SHA512
c3b989fbedc8d2aac0dc88f1048a10c73c6378c8516799bfba8b2246cc8084c526eb7f6ed5d9470f13450da25efe74ee6e5caa0ca89547005335785f6ab4cf65

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\7918263EA10CF7DE821DDC72C6F6B542A61E0E30

Filesize
20KB

MD5
06f7137dda9b020bb49066f017d510cd

SHA1
177fe65bdc92e1364fc04746c9d1bf3f4314f2c9

SHA256
b6bc27287ed144ac454600c1cb4cea093d5befe8b56246517e580a8173e916e8

SHA512
d1afc77793d72e5adf8618187ca4eda27d7c86c118029d70992ca027683034f6fd9fb3cc727809e14e8c475646c235ca673411b2aaf2389a3d2ca771c30fd339

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\7CE7CCACF533534267BD0A1BA6673928100BCEB5

Filesize
64KB

MD5
37f07aa648b3b3298dda3eb231b3085b

SHA1
7c6ad05f88c18ad6a6df03f57772e682f0da2fb6

SHA256
b20674a3046940ef31cd72bf4942c4ec9113e756058770b93f73c7b4df2f032a

SHA512
846f8fa4cafd637cc30ed67083795913c14ff6b2581be3caa9f5f4970e071dcf44075affc943e4ba0c4d235d529c91af35cbc292e3dadf102618eaac552ada8d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\832BA98808FD7827C29279A64B71EAFDD697B3B8

Filesize
139KB

MD5
d92a94b7dceaa85e42b4b6ae249dfc35

SHA1
081a9471b49e0c2bde6e4b56a3e8ab92cd42e33e

SHA256
bde24fa89adc8891249294879e7ddbe4a28491aa934f0f8f99f6c052609a37b2

SHA512
78ac0c7ae1d60e1b26d8dd84b305e8c978a25ade0927fcfff36f96db3dc175adf21dc31e859c8736de6e4ac600c7823e8378d9725c5e70d2ea2bfbe0c26f8fa5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\8393D6FA2B5B69141BA1DD3C887BB4962166D523

Filesize
46KB

MD5
76d12ac5419f57460bee0842e8f325d2

SHA1
121dea6fd1b518d4fc5bf81959db1af3d15f5ab2

SHA256
cadb6ce75e1aa81a9ef0965e6c94d3c26c5ff43e4084141fc58f8c0a90d0aae3

SHA512
a323f83ad6efc3152548a89115518d8a51a43dd1bdd0944acc53415c3cc79e4ed058714b35125a011d497fa6af81785b269fab26ffc2278104d0492a7af0be40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\877CD7B845B926A7D66FE4D87EFBB4134C29CDCE

Filesize
790KB

MD5
874b5c3b7769321acf62f6f4a517e293

SHA1
8870daf6ed1e4b5b4ce656a67f2ad12106f27210

SHA256
f268fe9c65b9077def5bbc877627916c79d3361149d12b568c605a45df8f505a

SHA512
480677183dafdb9c9685358aeaba7187bbb0631bc76094c6b0588f4b7fca901438cf449e2d9452f1cd33672eced3d599506ac5772b06cc0205e46d95cc9840e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\8E08C451115C8CA846CB3D3FF64935AA524B725E

Filesize
122KB

MD5
2170014951b0ea34975174d41eddd3fb

SHA1
1618b77126cc1db49e22e9efb4d514726a6a4067

SHA256
bb3fc8492e3dc67343fd64ae120e4a8d2b12dc3a4708c100af5abffc3c5a5747

SHA512
a2e03ae96725085dd47b43b66af8a6a4d20ddc20b6fec451fd2a7fead07c0b96804cee33bf2c09452105c3e78f1e3aa99e4774cddc15278a0c1c31593056327e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\8F499389F9A86B62530FFD03DF23C0DD6CF0A588

Filesize
10KB

MD5
207f0d1e4a4ccec57b1425cff26ef982

SHA1
b186cd20165264ad9ed6b523e544eff08f8f997f

SHA256
7661207734ca882d2784995833d0b2ed3eb82c5980ae28e5a6fe09569d566557

SHA512
22d36a46efb5029e012e26b68e1440242342dc807272999f4b79726199e830165f9a54c72b2b246ddcfde87a35c6340f688e8c1b2621a0ecc3a8672e4b25597b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\9BC4FD88F08E885078C369046CE7AC28B57D3F09

Filesize
13KB

MD5
a0ff097536c534e250e9751d5df9bd7f

SHA1
bd331ada2f6d173513648cb4f1660d5a7001471f

SHA256
1402d96a9a7585e440dbd5f89017d83dd32d7078ffc72ac8d81ba7d393c5ddc4

SHA512
51f94fc6c228f4d6908365869a3535e7a28ecd4268197e32b6199afb9f034596953c46cd70994798bd90702c1e4e6f588b1588dc8ba2ed2b5a356473a662f6b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\AB2EE8C31849CA905337D1A3FD61799048556417

Filesize
42KB

MD5
094fd67216d11bc4e7fe8a2b2bf169cb

SHA1
c21ebaeca1cddbf1dd5c98224c51b4e19164e012

SHA256
1b39a86e7edd56d59e45d6612a7707ae06b15432473e530a5c0d0c32af59d412

SHA512
4d4436dedbe80e4ed6aba9cbaa89d3502b4c1d47899de2525bc838a120f9d84c4839d3776cdc5c6c28bbb6fd7840d974762408c7bd24451769a12bb04e8b3d96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\ACA4D4482F0AD69DCBB565934F73FF39CC81C448

Filesize
1.2MB

MD5
e461a2b18e5f8b704b5ce7556295c13c

SHA1
7916dc1e4fb9aab696de9690d2aa0acc5a3b075d

SHA256
719ea86e16eb91623705cc6e77a2ea5bcca32b72f5469c5125ca947f486f6e45

SHA512
9a96b88d8aa4fcb9d2e57f53317cf861ed711bde8376bed2806e339855f327a7a3204d8a6745a5f3d4dbd9190d1f6eca7ee6eb7f2f7b589b341285241bba9472

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\AD873E49C2164766E869F9433ED2055890644D52

Filesize
140KB

MD5
b855f3c5b2cb9ddf3e741bc6811ec232

SHA1
460f6b31bd91761f6bf2984ddf086ed24aa2d6e4

SHA256
a5ab685d115bffd9e7838f32517e4dd0f61e704086a167988ef5fda90fbe5780

SHA512
adc36c9ed2f226c4da1b3408b41e58aea8376b8a467b9adb99e4220fa6111e3b4ce8574106769f4fe48d32d5c16c870573afacf71a8b2592e0e02fe37ca04c4a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\B0E927D0538FE08CF90577F65C8986DCB25BBBCD

Filesize
218KB

MD5
422a73773bb98b62d87a48fe48669bc5

SHA1
d41c227c54f0a662f9469c628ed2e2d9d35a5f2a

SHA256
49a6f2c57f4367322052ba12ca42fc14f188ca57f190ae5704190f92b653e34d

SHA512
8b05f31500d8e7381b724c23d2eb93f34c643bcd2d2e92dcb5d7eec2014c8e3fc1f2c9acacb0597636464396d8d1f54773a832a6b7aae4c4ba88008c8a56c036

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\C1699F746D0C9D685508CDADE1F965C63CF96C20

Filesize
13KB

MD5
3b72edd33dd16d25c89cefe23d2763b3

SHA1
246af8b6f8e464328615722fd9b4ea817276f6ea

SHA256
66304e7a248feff41a7d079bfe4f28a762bca5d9735027005f3c831bbfe925ef

SHA512
fcd8f50f34eced88a8f06afaa45bd19a0f31eb11d46bb16c01790894483d63d8a41f41495f2b79225009a7b86a0ae263d69a0d531ad84012e02159ae928ef46e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\C4A3A16063E7D6777163EFDD8158AC5F9A48CB26

Filesize
99KB

MD5
2153ef7e9640534ec7918644d8a84b72

SHA1
180e9bb2b89e40260c1ce7674d67f207d4b1901d

SHA256
075a4fd2d33608eaf1c19e38a15aefae4e0e62b74ee5db464a8492f2fa688a7c

SHA512
966d9558116f092d9092710274c0e9524d91446277289fd0b1b75b5d441e63d2f2abb42084b2709dbf7d45bf5297b3c079963d7ee884b628955a6950952b69fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\CAD666DA6837DDD67A555C95A9F9F6220365A975

Filesize
44KB

MD5
853ed5c2df59cf3ccdac8e829f4874fc

SHA1
5f13d91da2ecf0b002436bc87518c3a020b47a56

SHA256
b09d10b8b8cf0edf89a00f4329515b4cb22d92d30bf403b26fba2599889f0716

SHA512
a19231a1e10208538340df15b99e508d41e0a55fb747807d68ebb2e5b7c8c5811976698003e990c5f6ddee2174ced5416260e47ede0f46e3edd0b8e36868f7c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\D0C1B267F8C9768F135C77CA868A51C557D491A6

Filesize
80KB

MD5
6e1c087e60fd4f8cbe0932fe68fa4893

SHA1
8631d34cd44a9a448ea7eb2dc5a7a2805f18c931

SHA256
7aac26becff460964771d05c725ba84713cc69039fcfff01e1af8816dbd4d4b5

SHA512
0d5e2b2b6a98bc9429c1836d42f3352d3372501e404edcbf043a251da64bff713e5247c12932e2fbb2392673085d819886668d4c18e103a46c6bf0ef9819796f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\D78F78F3EC55E6953560CD2067D15711EF4F425B

Filesize
86KB

MD5
8a1e030e9b45bc8bfbf7d048f6d27d57

SHA1
f79a35d5817176f3c70f08ea9fba4dedc9bf3fe6

SHA256
c2ebf9f387e42e353464e934fad8ba8ffd59ff5b47fe2fedc1af6f54dc18dd91

SHA512
1353e2d19b919602c730aeb5a8131bdcdad61ea0985113ee917ddae6549c00d9f78df37a6e6018a5051793aa508875bd5da053c6a4c2cc8363e44a5dda52a31b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\DBDBB8FB4C3730C1B78D09099376446E20C703B6

Filesize
81KB

MD5
d203c5b1d3b66eaa7c7bdd099541905d

SHA1
c41ee7aac652c582eb8e1a1971236c3deb804537

SHA256
5bd723966cceda93a2a32429c52ce95dcf2c1ea81a4e78ec60fd0495e9bae0c6

SHA512
5a9b80a060d6fcc59793aae7de8a982f5605da960422eefb7764ffabdbc18947abacc1344882bf52557b92ec67c672bd3630eebf5784ceec8bbd1d4d5f5fd4a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\DDA9721F12ECE37DE4F853D709D7EF8DB83D0CFF

Filesize
60KB

MD5
725ef605cab4c6cdc03d4c345ab905bd

SHA1
5cc33099b7d9a1f7339e723182c268bb9ecab97f

SHA256
3daef6972532eb775c26ce310b66e0f33880f6dc96ead63009121bee4e1a2881

SHA512
f52f3be0f09a363005b332c7260f42ae7eb11a1b41f16156724635ab58b63aaf7af3aa25ff48f89e3be9e666ea02c8c26102d8dbbad568408af66cda14c385f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\E0BC3E83EFEE4C408C32F4058EFAC97F0BBF1F41

Filesize
24KB

MD5
8acd21646498818478aa5ac8c7de442b

SHA1
5d3f2d528a79460ea8787bed1dd243e756250404

SHA256
20997aadf39aee826548afa5f2b20c0bea765f6012611674f099cf51fbe24a54

SHA512
d135795185e46cc973fb113617fa108516216dfec4d049eab46b5a97d17d24f00fc40a8ef6f012151d0017415c4fad34d96f10237f0197d4c03bb14de5cad063

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\F63C1087E591DDF1412D592E9C94282BB1142E30

Filesize
16KB

MD5
b3e19ffbb2ddb5f9f33258ae703395f5

SHA1
2af4d9e31addb094a48f8115603f4780baef8783

SHA256
a4ac137de599300494f59ec980a457f26975e81603b122424eb49ec7ef6a8987

SHA512
29e308d6a9226392d136de0aa639902f202d722764af30ebccb0b90be856493f9e9cb4fbcb2b1d6b9ef72714cb2fcea6944f3d4f5c147e224e83cd9ae32f8a30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\F6B343C78DDB8E4A84E785EDBA52770C106E7CD8

Filesize
2.2MB

MD5
fc2bd77f7df2d26fb9fa51731dbb6902

SHA1
ca33d32c1e2f7b4166780fbea69d9b53b0cce7b7

SHA256
134c69274541dff155e652ca462c915a5853c7f37d07aeb236c1521e973575fd

SHA512
3c510e1ca5770a4094af53c120c4ed27457257b872a66d65c7a18315093db57704867b907403d573e5e93f17cebeb56dabbbd2a551becf654f324cd685ba3327

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\jumpListCache\jkNKLCdD1h9CTwUM3eQ+amyX3Z_Cxd83afTGkS6W4c0=.ico

Filesize
3KB

MD5
0a8da0fad644b83ccf40b6b39381c9a6

SHA1
5ae821385c4697c214c034fcce2f4bc81643be72

SHA256
efb36deb2367e8bde3c65155170c4bc463410fc5b4fd281955457624e6716105

SHA512
2b1e2926e16bd27b471db2b416bd8fd04f2e051c6194d73bb6143fee9f581cc3f8e4af24302a476bab8ff09f05b3d49fc9f9f4b635249e4bc6eb022a5c6b9d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\+~JF8085837254999746686.tmp

Filesize
21KB

MD5
1963698109c9563da49b072ded6c1bd9

SHA1
732a207d944182d505423f2cd1880da723becb28

SHA256
314f1c8be13a733603c72c1f852a2e1e597473e30413246137a13e76ea46267d

SHA512
aeaaed2158414301408dcf02736a624379d0fb2a3c5ec0273eae377007b7b64c4bd52a9d6dd079ed0594e68b03da0aa595a0051adde33de4cfef7ed4ecbd59a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds241397734.tmp\JavaSetup8u431.exe

Filesize
1.9MB

MD5
5fa91f525da5564ac9b1ab6462de47dc

SHA1
7a780289f3ea3ea6ab82f4e7d6f8642f4e2fe97a

SHA256
60e616a1676abc59b68c63ef64ac39cd66895ea52a858145af381be870f3a491

SHA512
884af87cd6208aa3155423bb5f5d2b92ea1b3a6b50fc26ca76aaa7f069e4c2794c03fa87079de25e332a0a9ea4198760b0dd4384ec8787c44f360a275a7d3490

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
176KB

MD5
50b83b930268b0eff3c41dda2b6731f4

SHA1
2b582d7753e2886fcd65f8d7bf21ccea666ae3d2

SHA256
dbebe73e1806bab45c500de19f0969e7a5c28754ab88c980a87860cb8d0b06ef

SHA512
462320a5348d16cd3efa879e97b578ad3eecdfb8a059aef4667a19cfc61fe7ef5fdbee0f7a647b70864e34de86db524d41e2688d39a65f7e5fd9037867bf7747

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
191KB

MD5
8944f9b0ed05d2f902baed2358102d54

SHA1
5f080c34fe167bb341f2be9495d1e4f0d5505c33

SHA256
58e5cc1e2901d40308582c4724056807297e8d81f48ea6d89d92aba17cba115b

SHA512
aa7113c4e66cf18cd3f0fabf3e47a21a3cdf2ab92f664fc3445dff7889b2057b19f9f4b1d904ea63b03b04a297f4c5dc4689f5c561e645b98ccd8cad4acfb718

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
191KB

MD5
362aea385da2ef0214a658dd1701356e

SHA1
824b09cd4214685a1e3fbff3b2c6d536e551165e

SHA256
0c43508bea27c32b42765ab888e0ab9a28603da0be8038a58445119a1ee136fe

SHA512
02f1a42a6f6ffb9937760404a11c86f9d574ea69814e7447c389c591cb7f7054e025c1cb92b7a6471a278109fae3a54bb9ebbfe8cb5bbb8d3d972b3e657161b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
192KB

MD5
152d36ce69f3f54a2f83c0cb1fd0c406

SHA1
3ebdd7ad6806d9cb0d7b3815daa433ee3d233d6d

SHA256
dcc408efb4dbd96eaedd111486bf35152c06cc6e0d2efc28cedcf169e8383956

SHA512
38a693fc692448dc8ad061f755d5411f581c21c66fb87d2eab0296f233e6bb7ee65f31f2a6e88a69f1973d3854271795ff20e7ceb514a31c577791198be913c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
193KB

MD5
9556d6b12901faa5d72a17bf1457b3a4

SHA1
38c63154092a56d5b7cd71ac5b5231a4325de3c5

SHA256
45c2aef53076a453580d26e732a7e786755b2222c0bb16c05347396a8aaa46d6

SHA512
34042ad5cbd949110eb70e4fe9f66d3112e7e55fb868e7c6d6c47e185c2bf2d051fcc37af0466062c9cca5d42b6a1495dfc4a18293236bcbeb8503ddbbe12e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
194KB

MD5
99a6655b54315dc55c86cd892655bb31

SHA1
6ca10f69d0deb208e99861e652dc15dfbe8466d5

SHA256
6d2bf0b2b3124caf025d648191df1800fc61194813c3295d855bab7cbb2e69f5

SHA512
b41ba7b5367549a827e83e51632d751487d20aab67be437203e913d74210c94735d61da78b292e4428829bdef94224006a9c810b597ee63908166b66b97ef47e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcherfenix.jar

Filesize
513KB

MD5
95a612cf7a6cf44e1980b8151e643ee4

SHA1
bbb161059ed744e7b76e21ed97a843008cddb183

SHA256
00fc90966f233f4bff0462637cedbd71ac586adc3672bc118ab5dd807ad5923d

SHA512
24b27ffb033bb91647051ce25144df746777bee794e7501ab4599b3676fd2e2620124a84074516aafd3d9a8e981c859f9ffc99627276bb7bcd70bdf76dcf633c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcherfenix.lzma

Filesize
471KB

MD5
d4a59d36b2d3a1268945bc6255158404

SHA1
52954ee978107bdd65fb6941debd00e0c34d0437

SHA256
927fd52dd03e9798119c6fed94ac2c087374bb71a4efba7e1b3d765ca499040a

SHA512
8de2bc083d735650eadbe25a8cd6a389c6733f2cadc8e50b8f8138ac1b7a5199888abfb63051c352df1a682ea06272d2ac662bb6d15d377d9696c22eb04d3695

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4074627901-37362009-3519777259-1000\83aa4cc77f591dfc2374580bbd95f6ba_7e37b7be-df0a-48a8-85a6-a98b961b0068

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
d4646d9557c2e382b5468e20e5304669

SHA1
d0c5b046a02ac2e794817c1524f3eca1ea792f35

SHA256
ada2658ff47d2aafce83a404507a7163959eae00a5a8ec97813443c2f4900dd7

SHA512
a3073fb03c07a908993b1c2d8ae1ec1172aa9af1f9e5a796049d8214ae07daf01895660e1b2c58a43a849c755e59bcafc1e3a3363a03de14dea1aacd01eeba1b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
1c22a36a157db30ae28939ca9650c7d1

SHA1
9210d027590c1c3850758f5ab58c5ae19d088b96

SHA256
1a0391dda789afd8015de3d98e3a2b147b6e9362712e7d22d27dad33b97ebef0

SHA512
d3e9c65f0e81b18a9fcb3e8b4240168af6cf675e250b230a38de5c6b36bdfeda39da56aeda41b9249da4ebd3701346791441cadd72d286ddfc12b18ea1a766ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
cd8dc5acf7e37853ba43d94b2b3ecb17

SHA1
2681a3b4a1cc64d73776cfb9043deab5bfffc3e6

SHA256
3741f0b5676fdbda8b132113952fd67a9053698acdc37eb26503f35b70dc2449

SHA512
195aa9f09af35ac99c4f90a775dcc7bb83098ef8a505386daf762a76bd0a57841ae80cd2b6d84f3ff33ab4fd7ef6fabb6830f6bb432e13788d99d0820e8cb68a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
a6090baeb17229ad483399f9d0c3ef71

SHA1
867d524b930b4db6fb28455d16fd5fc84797aceb

SHA256
639792ecfc9e4e13faaae42c4c9acc2682a9d686a4ef5e740f89adbf9fe2ff4a

SHA512
1e623da764e56798cd1f0249d7dc3bb5a733f1683f50e8f8cc51bc667da67c94f465dacebd5a299030c3489f857a4ec3e309b4bf6fac7aaa976d1eaa55d7703e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
95164913ead08281819e7313893cd192

SHA1
3878355f04ca82cda727d2a21bc7cbb026121213

SHA256
8f2cc586bc77507203e1e0fa3630a3e1ad3af8a6581f05ff20128bd46baeb756

SHA512
34d060007346659d4a212b9e7cbecaed07093fafbe009a064800a91f3453f058db0e32213f5daf7849456182f1971ec79d48ed8af636a89bc5a5884e4b05c0b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
10d021d36dc0f29080975ddbeb71ed51

SHA1
95959ebac4c5cec20aac58b09ad3f5adfe9b263b

SHA256
01a7222695919897bc3c0a328470396ab6628480fea46c8213dd3d1ce009c73e

SHA512
0c89878bcf848537a9475f59086a0d67a5f8a5dfd77fbce473e99fdb223bad89effeec5c086994cf03bd5836b84d71be90b284bc1f7980eeed81641833b4c19c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

Filesize
7KB

MD5
2ee739f3a16b57c24c42c1942d0d10ab

SHA1
b607db9d59b243c0ef5e8bc5391f0c3e918f565a

SHA256
1d865f2b75ac03a07e44c1d914ed9602a60d2ae06c7d88f0be09827293d8d6c7

SHA512
164be4e6893e95a08ec20fcdd4f660aace4c35f6f3e7794691d72bde6ba4b216e7fe271d92ee852fb1b6e521436be1deb9ad477309d1e533cbd97aedc1ed8247

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

Filesize
12KB

MD5
662ebf687c668817d1977ca853a42754

SHA1
dbf4158d44e7e76d45f48e12aa5447f29070baf4

SHA256
e3d8fccf731379dfe1a0eb616cb1018c9a7a1a044fc66f8557017eb70ea53911

SHA512
4943e88c2384195ace3a327892749ae7b424645610571f7e94abb7d0f266a68830fd2752d3db3a448a9f7a0b7a265d818ae39c7b83711ba2a55908163435ba83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
4KB

MD5
7e4e19a436f4eee4be4e0dbad9cd3f30

SHA1
6faffe531ac8b9cf6fe4fafb8ae8ce2ed5ed8b8a

SHA256
dadd4d5e1590b51e8113f0754eb58ffe89a8c2682357d3ab32a44a8fcf4891c7

SHA512
ecbbb901a54a867e6eec2ca6aec4265342f2891d88616ca4bd381d5ce49e5bb12e434860f4f472259ad6b99f864913b0a669534522461b8714937a6314102e91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5022faa6cf617cd651360a9bf79aacdb

SHA1
b290b363cb7c4e9c8c704f5e1f700fddebaf5d40

SHA256
a78059505dbf1e1cc089091985b35b93a80b97ecfea8cfd31a41292780bf0dcc

SHA512
bb55471732e77b30d9d1a8f5c240a13c4a918ba33546be31098e40ecb7dbdd85d8576d171cefbc19ec095e817204917ebc419efe2a13f47137a0b85544ca5e16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
d72ad405c6d49d2bf5be3e4da5ba2089

SHA1
e8cf385721236f42ce52146835497031b65434cf

SHA256
ffe1555af1a9fbdb6e225ee51b5487250c2e62484b214a5272193fdf1c96da25

SHA512
e424ac61e2e4c8f8d68372e8aeeea832315faa8a2460d2e16390f7cb9460e4e38cf82ea46cb36c32fc2e94d44193e1d70b26d86a6ce7a15c00c3de856e3bbac0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0228a9cf6f35409c1cc0eaecdcc8d116

SHA1
4349282728469a4a0876f807fb39c76431140c8a

SHA256
56a1db9d9f142dbd8695fdcec68cb0cd66e55ef524b23ddc580a971fc57a6858

SHA512
b52921bf2672ecbf1b1238327d99d0b7956125bc079d3e12cd349a6b5fd1bf933873fd6595d9cca8655a876e4c86ca8dd9b28a28d98c130ebb6c47f8b0ef9b43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
13bd81317b663360f24e0f6b16adc654

SHA1
a60be4be97fbbb4cd2a1469a3e13abe6c7c7a5db

SHA256
dd6b3967a42236c1dde943a1dc0db18c90fc0656496863714e66bfee0fc6a4df

SHA512
1334965905d311f1292813af44d5a8fa32950b92a268297f1bec53f79d93dc2ea7ee88bd9c04c0b7d3e137b92403c6403ba0da8fa28dafbb96fe2a8c0a8a7f17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
91KB

MD5
6661d0f01174df2806e626fac1dc48ec

SHA1
930f42e9fdf80bbb4eb93074405b1cd60e6ac435

SHA256
ab570a6e3a427f875deac09332fb96c5d9d4df517d88d1aa98908320fbe220a0

SHA512
9fbdfa4f7c798dd71de5f1aee03f005a3489320609c3a2ae70945bd3d96756b78077a1bd527f3ce27ce6ed513985ad1648cb29d4abfe680e9976ceef9ee2a84e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
66KB

MD5
e3c9b71189208f2463b5f55229da44c4

SHA1
398b2d9328e4f99bbeb0a0ad96e1e2287035aacc

SHA256
9f8b0245c245b850efaca177aa79feafc537437e3ca666ef84bd0185af1c2f06

SHA512
baf4a04c2a44b71a0d5908088bed76545045e5ad73ac7207f15beaac1088c4b3106dfa5c6d7235a50919cb8eb460c86c9d92bd4a82e80b6fbae67a77ae163cdd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\244e4a80-8fa5-4f3c-b49e-692f16c34025

Filesize
3KB

MD5
3cc5ff769b49d8c1091f1840e0eb50f4

SHA1
556ef3123d6c023de6c6eb11ff34499918cced67

SHA256
b366904d08b15a94219bed55e7a9377cd5ebe3464cae05898d48c768c80b4d0f

SHA512
66f6e930e6e6f2a6e8fa58d73ffe8967e72cb52580cbd5bc3f74440b60ae4c52f5b587ea90bdcb734686655cba8a16ab737f3ded529885d16357b55134d6d9e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\3c9995ea-92ce-41b3-a559-17d9f302d436

Filesize
982B

MD5
c74a8062e4f4e2f6552c511246ee6743

SHA1
51f48a66e93ce63a8758c4a25122fbed0aff6d1e

SHA256
1b6bc2eee8a2e85b2f95259ea7212a91c688a02993507ad68e3377826749f14a

SHA512
f207f7531af34fb0eb31410d2e4acd0b9e7d9732fb807dde62ed19a4f83be877c1a57bcf982527405c02064f758bfa3ee43c83440bb5a0bcadc0db1b1ada12b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\4f71acb0-3243-4cff-be01-c0e4795177c8

Filesize
671B

MD5
02630019d1361192833a7190068678f6

SHA1
449bd78f9c362e9cce2c5b6893fd0ba2a2e401b8

SHA256
3858c64ac0787c0cbfc6961294bad650ff66ace3aff393aa37df67b78283ae52

SHA512
85ec57cb3099c1ec670b6935d6cfd9135750101b210d7df32a1430956ef0223ad68d60dd89ab3959ad7890be0b3a0a6b072a69cf874f1878a6b03fd340a651ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\a7deb05e-e2e9-4e44-907f-d5d5578ef2a1

Filesize
846B

MD5
bc0052610194a63baf46b67cc8a4b435

SHA1
25e6fc685f115f7ee1b1a18a10580d31c563b2d0

SHA256
9c699d2c8a36af72b5b1255cd54d9141ec5c3ad3875167c1cdbfbc1f1a9a55b5

SHA512
6ce595eea45c240c342d3783a9bc4b06776f716f4d923c2669a4464c0baa33e60521930b83821f64d773a66b201c674861b416e2c14af2f6a35b501032053b63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\d4212663-76fc-4378-9d03-1c5cee07f476

Filesize
27KB

MD5
593e56bf7cca31cc700532c45edd6e1b

SHA1
6b9449b5dd2dadb73ab6cafa7a5fec2e0520a8be

SHA256
fe220d3f058619fc72b2c63292e0b33e553648841cfb081b505999ef59ee669e

SHA512
f2bb1ef1e1f2438e8b7befb6ae6c5b1aadf9f35bd2d7d80bcdf214958de40780898ce8cf0225e1dafe0bd2a716de81d35a672fdf60f0149ca6edbf2f0a9a8d4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

Filesize
11KB

MD5
ec37ea19838e09f860f4e968fb8c6bdf

SHA1
ddb0c6790655931492d9913c60ba9c1be0ac3a6b

SHA256
384426ef643c15bc397311c7d1e7a1ad99bf2362f602faf8580c6b67f8782413

SHA512
a051b3aafe7011575191067db97470d46d03f6e12210e45f57bbee3a71cb2d075d50fda7b98ec07f9c6b84a93b2dd382fc658e546e5892f774e09ac5d79be3eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

Filesize
12KB

MD5
24c2d82e78d5ee4fffea7b49d9aa6752

SHA1
0b65d502b6a18b9d46daed371b7adcd8993e1954

SHA256
1c00a70afdc397ff08639126b02661e0f0695abb6cd2ab60f2397587ed223482

SHA512
1f71a2f76ea1204ff2ee5556fde130ff78e4373f04645dc339190e291217b0e302d2796f7b5fda80db128fa3742ae84d8eada071f9ca4dc4b8e68c1540e61414

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

Filesize
12KB

MD5
26100108a103dc2e56e55a36dc5685e2

SHA1
1e040099bda60e4800321ddc062b91c4a72d5c87

SHA256
19a849048a6d4c008eb4b570473649ed476bf8ff667a8bdf67a538619fa1dc04

SHA512
d11037b0db710484005f06e62aeec02b4473c7eaf3f218bd27a8e891c1bc5a669cad80c7f9532035de1e06e2de51bd13b2f96ffd0e42100e3c4c26d1b2c49a79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js

Filesize
10KB

MD5
10a15535260e0ef5b38e919679451585

SHA1
f9ff6500bab4209a1b80653112208fb952157abd

SHA256
a090f3bdd7f402b1eba1dcd1c829aebd8c25b0ad6df381cc5007e83c8bf0d787

SHA512
4f0f460f177d6cf0e2fc1c189d65b363e315a961266557800a218a6ed4d6dcbab4c68377330e053742285d6a831102fda7d25ec82a1fed6e26039411fe7aea88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js

Filesize
10KB

MD5
fda474480716fc3c69fc2043815adc8c

SHA1
767af716977aac311c4d35da10a72034b13bd942

SHA256
41ee13e0df1b8f1d6643593e476ba95b4c31538ade05e7c8fdd32198c6158835

SHA512
8d9a638bb03d7534006a9adc5ca347c5da61f91a126b169ea972eacc081dfce956aa3ba4c6ab460e19ce239f9e7e81f3f3f8a242977f7e58f7333ca0b18688e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
1edcf53663fc9e4cc67bf3849fd7fd6c

SHA1
03235da8f6161cfb4a7662ba4e5c1a44f499d42f

SHA256
f29a1e87b67153ff42b232e6ecd434de9054bd74b106723fdda169afaaf8b602

SHA512
63273d40b18d918bd4828bcbf329b215fb30ea6469901d01266dc68a4c352e231db8f1d65693e5c47e63fe14fc44b4ae90012aa334670125c0e147fd114d3bfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
23a6acf6a33d1b1a59284249add34a70

SHA1
7f1631a31779cbcccc24eb8ca78a616cd1b75a6a

SHA256
6eee9a3056a7e0462a0601f8215e1573f8ad1e28fa29db3c5c2387aaebe68780

SHA512
234ad436028367ba59a252e84fdfaca859d95bdc04716622e8ff0be7a4fabcc2c4f4d9c3567d7a11cfd669ccd0ce04684a2cfdd90864aff48f8ce14f86d91d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
e50aa08aa4b6775bcff735fb32a93a20

SHA1
165ab9987a0586a445bba1712e890435a92af48e

SHA256
c01f4d87e52878e5d2ce29de2dc4a02e692ac653b4593c189dfb13d0895b8daf

SHA512
3f64646949637fe8dd4c1ae2b9f267d3679f465d49c6c4fe7bf61b58fd1c09c6b6e0ba9b9ca5e9f4b118f8415ff361f394fcd63fd5be99d762bcab57befd5eea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
fc984c90e6d42347c63ba8ce8785a7a0

SHA1
a1e6ac0266fd20fc95b9fab64062dbf1552f8c2f

SHA256
010cd5327a18dd18b610f28a183e16e58b2058896d17271e13b71f8db24e3d43

SHA512
aca018b0824b663043ff8f286450f37c60cc3bc5f358c07c3cb3fa391a49909d5e48b050927864b5a7ea6f279f204fee69b93e998faf32b462c6afef0d4e0b81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
8c42dd4d963acfce3a23eba71b7ceb63

SHA1
e8c10bebea4d23acc24c449ef5dd1fea5972897d

SHA256
c9bcdc91e8c68e04e73d1555e0a934d056e33e4997533d3d8c944e1d0b2de109

SHA512
3654c3212836114336ff5654af27952534b3956a50403baf8531abe4fc84ec30ea9868a3ae4fe6e560c005a8069f8136b9a41411e111adcc5ef66b01905c2255

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
6287a59688f621ecc5d3354214a6a6cc

SHA1
54787ddf0e9342b198d6fadd5933c2149f232047

SHA256
0e030a0a942ec786bd9f0ed74c47a36b500363d1a64b0951bf946cbe7588fd19

SHA512
4782853847013ce4aa60003ec10160bb3b35b2e3ce7f557be485d1eee5c12c36d87e9ad384c21d6864f641cedf79ccd37514216a442d365ddf086bee0779964a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
aa2fe609be138dcfbff8c63ef8ca22a8

SHA1
1222c93320bc1f796c2c7c4e1f4b4f211d46bbe6

SHA256
c33fcf381f9fe846bece91399b8bbf9cdfd4e3a22f750a4c58c10de1752e33d9

SHA512
a10a6a6f2eed91d23efe9bf8ed290a71390e511c5c7da3eaae95f679515fd258c4e0ee284397b2c19f238b92f87596ffd6712edb8fb0d0f42ffea40ff52d3481

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
5d7f8d780354b7d868e125a096db0790

SHA1
8d638e650f4c209e4c0b2c1d1b4b0ca52e371ac6

SHA256
ed8fff987b0ac1195728a0ece3ac95aabdbf2adb3d57f8596b1afeef5a35a05b

SHA512
2b904c270aaf4253ff5f1dccf1c074c8b7b9df22b1a4f65c3effbaaec085b501d19319fa4f257198b46fa9342c7cfd3a5f86715c8b69d870916231a9deb40b1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
fe1e855d9c68aefdc594bd18487e7b46

SHA1
c05d02c653c938df80b543d162eb3b05c8a9e551

SHA256
a9c42a128c8fac885b831c6fc83c0475443e50bcf03e8476468ec0e90268147b

SHA512
0addf91a440321a0caea1fc68d72ddbd563c26ffc0cbe6176f5b7c573ad66328a8ae520a91f54a239df50d7cd99aad66eb00569313ba5efb2efd7e409ab28c5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
f7954b71144c6643b9b45e8584698e12

SHA1
932c9bcf3d661f4b018c1d9b3793eeebed4046af

SHA256
d747b1262fe2293a6a3117a361acad4c6eea290fc0b098d881ee98c0208119e2

SHA512
2f1cb3f7c95d287815e585066b59d182b57863dea9c33cbbd0275ca0b8406d6452c12e1dd6ef07707850e785eabdfcebe7939add9d49803e2d9fb5d4214e6d97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
93d04db249dd3894af6dd9ebd1db5fb6

SHA1
c744bf2fc8e1022e9f5fe64c80046ece7eac2f03

SHA256
a163423c1b66b61aaed8d35cc4057caea6e55e43faf3be08f407f55e7b1b851b

SHA512
f0957ef85a51171be4c97c2c86e8990b61ff46b7c351b031d10dee4dcffec75aa214e027a24b9dfab2f3c08a6b33fe0de4d6d55f90fd77ccf7000abd125e1265

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
93c1ec32c7d4f689d6d9227303c51ca1

SHA1
745c638e78e174de253958ef9a69c63075f51796

SHA256
9212898d1f73e1e20c7f094b41e722cf549ab2728071c5e05933ba0f97371a39

SHA512
7e1b61b42be10712a331656fb2a283d2487689de6865145a08b7587130aa286a573046400a535a8af31a66d814910431c71ff6b42d5294f7afc2ee933cb5eafc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
0a7edffadadf9f04e9dfe30ec4e7e8d2

SHA1
7b01fad8c1fc5ea52963c573528f9c854cb824ef

SHA256
2e73766d3e54e5e5ba06cecc7b6ff8bd6f118458ef7d67fd6c27c6977c48d7c8

SHA512
b86923ebd0e26ce39fc9b6c0c759f3fe9389eef2bfc859d7761242d92e4138f31afeea4ce679ead9a5c15065775747a8c01bb0dbf648305ccdd36637f4e525a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
cd2b956462145adbe4e432388dbc4cac

SHA1
99e26ea3629d0493bdb8a3ad5f88cca8e1aeb1bb

SHA256
8d55a77a7cc7ca2d69abc28692bb5f7b159d6171dfa24861b14983fa27e1fd6a

SHA512
f5b1db6cf3e71e9272094d50cd59229e908df8b9a7ff5cd14ba1466132d8a9ce0785c99e8ad8366accedce140abaad51d3b157edb2318620b9f63a823cc07781

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
2b24998fa82cdfd761760ac25c3f0fdd

SHA1
3915828da35c5724c26f530a2be3e1d41a806ad2

SHA256
30ab93f2fac075c87fb92ad521bfef1f910ebb6ae4d2b589d7c3f66f9100331b

SHA512
62e85092af968728f8194b1913ce8d977c624237c8a99f2a874293e48f75c03ee92470854451d8f7646307902406ee420a0ae38a5101e0992eacffe51f996d39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
c14884d6b3157f31d7581c17d0bca874

SHA1
2e36eca6e7c7e744a7f41a17217ac524c21f8d80

SHA256
df4c0611c32921a2fbab3e306067b6fd5723703eb024a0c37dcc8243ac95825f

SHA512
bdb7df5b90e6916991aafffada25e10e58609631b53540bfdf77946186e0271e453746d02a616f0b76adea52297d0927b2aa543482281f6344012599bbe4c312

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
16KB

MD5
be9ef11e69f51c642dd8eebe144d6ce9

SHA1
1a90829b743bb190212346f87b83c82c5c2cdf0f

SHA256
d9d03be62bd73cec042debbb373034d54f31642d7bfca8534ad180e9fdf6bf7f

SHA512
9fcf1d107aaf1115a7fac183c8fe246724500053f005d2455f6c01482f5c6f595e07b0f0957e63425ba82a770cb0879217c22d8645f04ecfe234f9fec9be7c02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++e.widgetbot.io^partitionKey=%28https%2Clauncherfenix.com.ar%29\cache\morgue\113\{b865a141-0f60-4d9d-8c5b-4d108caf1371}.final

Filesize
5KB

MD5
8784ba05831d169d3bef0ea3bc0fdcc4

SHA1
b542f9cceb92d0f7a6e1270bd7c6ad051666d279

SHA256
6b3664ea6fc177082fd42c15dc9f1759e6a3caff2843f6e1dce1acf4c0640b10

SHA512
1826f9b51508c5be9ab7dd7b63b5b8603c10a5a722f594a64f79ddb803030b0730a8ccaada333b262bd8cc2bae4dc4d19a81e346842752d91a7d24b3d0d2c2b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++e.widgetbot.io^partitionKey=%28https%2Clauncherfenix.com.ar%29\cache\morgue\169\{f3749a28-701d-42e2-b147-94aea43d20a9}.final

Filesize
50KB

MD5
62e417e118cf1e25d0621e48108eaf5a

SHA1
f8a12475d5299491af06fdd4b235d6271f21a2f7

SHA256
443cb3ebfbd37abe486009438ee3ea1d650c894475a61b14e54ba8763fe971dc

SHA512
7f1bf0a5704115d2424f77f96b644e6d2a9b0521b905f32c8713674c76a5c4f8c0db57f08be6eeff6785003e847d6ec050c17769e469c0bd9754c7d69ae0d293

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++e.widgetbot.io^partitionKey=%28https%2Clauncherfenix.com.ar%29\cache\morgue\178\{45b7ae4f-f61c-405c-86c8-3629972316b2}.final

Filesize
48KB

MD5
f27c25a5828541e5d4f590985a5188d1

SHA1
f32c4f07fd245cb9f48719748181b14d14d4470f

SHA256
3b3c895ae90683934a9a805c46a03dbc6e100fe8fe76fc06f265b0306c6b866e

SHA512
b516743ad7f6b18dccf30a35ffc1df5380f99b81dd0b802d183773dbeeed26028d4fc67d2db2e9470625b2ec7acb10a133b7c522d2f32f80b2421f0cb9a60c12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++launcherfenix.com.ar\ls\usage

Filesize
12B

MD5
4901e31d54d08f4012377ee21d3ab47e

SHA1
dd17b9088e064ba2d2f8316f276d2a85b3e8cd92

SHA256
f9c6e93cbfad35a7f54f3b055c0bfe05de49dd06b5a06cc769a262bb5eea6fd9

SHA512
d4e5fb8a459447b499fea1eb4966ce8fc86abb30436fb9b5c69e8caaeb2f8bc2d8a71ec6ae0bc94dbf5366cea83c30ec5fd3b3941e04c3aa8f53db592fdb0600

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
592KB

MD5
64a222fa8d757093bfdc6b2e5eb4add0

SHA1
273ac86b9ec159e1641f421282fa848786c195a2

SHA256
5eae1a95457327173969e2a36aa6f851083d27688b74564b27fd66766cac58ef

SHA512
b9e264e14ebedc9b7d8aea593b5a734103866383a3f33d78536825f603a815f5c80ee89b1fb0929e688899a90eeee6cf1820fe8256d3104158baa9968e486ef8

Download Submit
C:\Users\Admin\Downloads\JavaSetup8u431.rdDKlmxB.exe.part

Filesize
2.3MB

MD5
1c098b289611a95a1a84a77afe64620e

SHA1
3a13fea5daf0f6e9bc6932dfba6582c5420b8be5

SHA256
641d91c2036584022ff85c76450b367b7031dd2fc845a507c7b5948eeb2696fc

SHA512
80882b3ff1b4e2e65d7a2c7ace82708065d07820b5a30f845b5aebe9bc7ef6ea2461eef3b05858a115f7f36ea9121d6134ad99e25447e2b8e2c9dfa29f433dd7

Download Submit
C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.zb00ZDnr.exe.part

Filesize
397KB

MD5
d99bb55b57712065bc88be297c1da38c

SHA1
fb6662dd31e8e5be380fbd7a33a50a45953fe1e7

SHA256
122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

SHA512
3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\Installer\MSIA832.tmp

Filesize
893KB

MD5
d1b00a892cf35b9e7571b93cf74785bc

SHA1
146b5d317d4b6731a7c457dd1984e08f8116a50b

SHA256
d65fbde2989351ca8b43054b4659a70ae7f54b4c21ba7ce955ece4b530006ac2

SHA512
45c813717e1ef93aa3822c5237b8c4106fd7d847ce4b232e39bdf94fd270343ec6317009abe0a2112b3000767ffdea1471e6d87b7a2627e7cbb1322d7a4b8ba8

Download Submit
C:\Windows\Installer\MSIB080.tmp

Filesize
908KB

MD5
2c169c625b6f35aab52b5bf76abbc27e

SHA1
6e10678a100844c40e071f462dba80a3db0a3db9

SHA256
e6597b902da4734352ed9c65172118221708597e414b4b687cc29c71b0e3f55d

SHA512
fa9b12cb88c61b689a797d5f378f92bbb09e81b9aae8ad2fc8640229ea6908fc426bd6c8f9f60b4724e76cd517d205ba939bec106061f339121b7168558b229e

Download Submit
C:\Windows\Installer\MSIB3BE.tmp

Filesize
269KB

MD5
4367508c0a612115c8d15c92b6ccec0c

SHA1
cf19b8fd08d65af94f519e71b7976d3699ef1cd5

SHA256
a7d7b98449549710b359dcacb41642e26e9d79523fb1507860ba2ed4b314ef89

SHA512
291a111cdd47182421786dec45a9cf08d10fdf2328afff60920f16eeaf8ee84e0c4c6fb2c04ab215e28473e5e4adca4ecfc80cba277dcd351797838e410d737c

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.9MB

MD5
cfb1853c488f98197f3f1652485b00c0

SHA1
056d74e8672abcb515251374596bfffa56ad9e6e

SHA256
d66d93cc659ea20c030c06cd461097b79c6e3d6953f1fd043a5d0a8adb051ae4

SHA512
2b72e352858e300b0fe5581e166298c6afab19a1961956b458f448f5c88c651c1818d69b0eaba0fb849a8b859593f30975dd68e1d231d7034ce562e04ea3364e

Download Submit
\??\Volume{96abfb8e-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{dbd2ca41-e27e-43fb-b7be-1895ed0a8946}_OnDiskSnapshotProp

Filesize
6KB

MD5
bfb62b17b0a399829589acb831374cb2

SHA1
f412268d201637553d52c4ecd4dd55011189e68f

SHA256
0b103c8cb5786ff2cd0750a03abe50f32d4e7eee2827111495363cc932d7e454

SHA512
cf48f4b5401328b4818adf656a398a3676c1ba9e1494be1c44978f7b20a49a31c2eb74e9e27ad9f037390fee59548373777b14edf9c9a43e53674daf2626f4b4

Download Submit
memory/564-1525-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1533-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1510-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1569-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1554-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1540-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1514-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1471-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1467-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1437-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1532-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1472-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/564-1460-0x000001C594E60000-0x000001C594E61000-memory.dmp

Filesize
4KB

Download
memory/1676-20-0x00000173B4FE0000-0x00000173B4FE1000-memory.dmp

Filesize
4KB

Download
memory/1676-78-0x00000173B4FE0000-0x00000173B4FE1000-memory.dmp

Filesize
4KB

Download
memory/1676-80-0x00000173B4FE0000-0x00000173B4FE1000-memory.dmp

Filesize
4KB

Download
memory/1676-85-0x00000173B4FE0000-0x00000173B4FE1000-memory.dmp

Filesize
4KB

Download
memory/1676-42-0x00000173B4FE0000-0x00000173B4FE1000-memory.dmp

Filesize
4KB

Download
memory/1676-60-0x00000173B4FE0000-0x00000173B4FE1000-memory.dmp

Filesize
4KB

Download
memory/1676-86-0x00000173B6650000-0x00000173B68C0000-memory.dmp

Filesize
2.4MB

Download
memory/1676-2-0x00000173B6650000-0x00000173B68C0000-memory.dmp

Filesize
2.4MB

Download
memory/1676-61-0x00000173B6650000-0x00000173B68C0000-memory.dmp

Filesize
2.4MB

Download
memory/2076-1423-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2708-16-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download