Analysis Overview
SHA256
f849330882af205fbfb7ddcb71401547866f4d29da1034f503da48660cdc8e62
Threat Level: Likely malicious
The file Avatar.jpg was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Checks installed software on the system
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Enumerates system info in registry
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 20:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 20:07
Reported
2024-02-22 20:23
Platform
win11-20240221-en
Max time kernel
922s
Max time network
919s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{B7F226A1-2048-449B-BDC9-1CB6DDD3F295}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ef5af41f-d68c-48f7-bfb0-5055718601fc} = "\"C:\\ProgramData\\Package Cache\\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\\windowsdesktop-runtime-7.0.16-win-x64.exe\" /burn.runonce" | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI1DA1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF97464F5FBC5CF05F.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5e0609.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI15AB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5e0613.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF3F880D3FCA9A41D8.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\B61D15F98E24A4A42882574055142AEA\56.64.8781\fileCoreHostExe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{01B2627D-8443-41C0-97F0-9F72AC2FD6A0} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2003.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5e0609.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5e0619.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\B61D15F98E24A4A42882574055142AEA\56.64.8781 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5e0618.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF267D7195436B549A.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFEC9BD5392E84A88A.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5e0613.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1A14.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1AD0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5e0619.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1761.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI17DF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFC3B2AC4626CC0FF9.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA9D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF0239AFB42026DB32.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5e060e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\B61D15F98E24A4A42882574055142AEA\56.64.8781\fileCoreHostExe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5e061d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2AF1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF3BF7A94BC3B7321C.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF8FCDD96BA7E7E8FF.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF47B10ECBCE29CA6A.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI189C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5e0612.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF9325B09BBBDB866C.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\B61D15F98E24A4A42882574055142AEA | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF7739DA2BA604C5C1.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF80C573DA47842823.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB17AEEA4D4A7F204.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF69B7009C0E5B80BC.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5e060d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5e060e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF39FCF895027360D4.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE95.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF2E2585723A8B8420.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{9F51D16B-42E8-4A4A-8228-75045541A2AE} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1BBC.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Version = "943727181" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B61D15F98E24A4A42882574055142AEA\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.64.8781_x64\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C4A096B1A1834D04ABA4F3A8DCC57E79\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\Version = "943727181" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\ = "{ef5af41f-d68c-48f7-bfb0-5055718601fc}" | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Dependents | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\PackageName = "windowsdesktop-runtime-7.0.16-win-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc} | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_56.64.8781_x64 | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\ = "{9F51D16B-42E8-4A4A-8228-75045541A2AE}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\Version = "943727181" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}v56.64.8781\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\ProductName = "Microsoft .NET Host FX Resolver - 7.0.16 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}v56.64.8781\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64\ = "{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4E3F426DBD05F2A509C6867B91443826 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.16 (x64)" | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C4A096B1A1834D04ABA4F3A8DCC57E79\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\PackageCode = "74EEF11D81DB3C6458F196B0238079C8" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.64.8781_x64\Version = "56.64.8781" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}v56.64.8804\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_56.64.8804_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\ProductName = "Microsoft Windows Desktop Runtime - 7.0.16 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B61D15F98E24A4A42882574055142AEA\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\PackageName = "dotnet-hostfxr-7.0.16-win-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64 | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\SourceList\PackageName = "dotnet-host-7.0.16-win-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64 | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Version = "56.64.8781" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\ProductName = "Microsoft .NET Host - 7.0.16 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.64.8781_x64\Dependents | C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\Version = "943727204" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D7262B1034480C14790FF927CAF26D0A\Provider | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\Downloads\Client.Install.win.x64.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Kiwi_X_External.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 238865.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Avatar.jpg
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.0.1513047413\117819948" -parentBuildID 20221007134813 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1138e9cf-f557-45cc-b557-a3cbc2051ab3} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 1856 1b1b36bfe58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.1.2072861264\1734560940" -parentBuildID 20221007134813 -prefsHandle 2204 -prefMapHandle 2192 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ca8fcb9-4654-46b1-949b-908cdb7ea13b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 2232 1b1b3232658 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.2.1733092454\1267963276" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 2840 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ea3080c-49fc-4813-9d61-2ba0252052d9} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 3140 1b1b365f658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.3.1658003133\1203144956" -childID 2 -isForBrowser -prefsHandle 3388 -prefMapHandle 3260 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36580fdf-9892-48bf-ab5f-2bb378f0570d} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 3556 1b1a7667b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.4.685630623\1885919318" -childID 3 -isForBrowser -prefsHandle 4560 -prefMapHandle 4552 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c54819ac-d9d1-41fb-824d-84eab6b8a52b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4576 1b1ba3beb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.5.354982569\625332248" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 4952 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42d79fe6-1c29-49f2-b3f8-0d739ca7df4c} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5028 1b1b894ef58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.7.39800416\2133913621" -childID 6 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57a51214-163e-497b-b555-7f85881a81ab} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5336 1b1bab4f458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.6.641270644\295386146" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 4400 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21e6f32a-3233-4767-8615-ea1022852b44} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5228 1b1ba3bdf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.8.485734013\671100732" -childID 7 -isForBrowser -prefsHandle 5836 -prefMapHandle 5840 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ab4652c-9e8d-4b43-a37d-054f60787f7b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5816 1b1bcd25458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.10.2014872722\534662592" -childID 9 -isForBrowser -prefsHandle 5172 -prefMapHandle 5048 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd0ed597-ed4c-43bc-8d24-7ab4709b90aa} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 3540 1b1bab92d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.9.2076862023\1155259903" -childID 8 -isForBrowser -prefsHandle 3536 -prefMapHandle 2580 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfdd1046-77de-4c97-b61f-290b69c92d31} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4960 1b1bab91558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.11.1721821532\860145625" -childID 10 -isForBrowser -prefsHandle 5492 -prefMapHandle 5484 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b8524cb-078c-49ad-b4d9-1258a3e7d4e3} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5472 1b1bd0efa58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.12.2024137279\1142013426" -childID 11 -isForBrowser -prefsHandle 5544 -prefMapHandle 5532 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {395349a4-d86e-4ae8-9ad8-bd214f2ee9ce} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 6116 1b1bd0e1a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.13.127635434\470750975" -parentBuildID 20221007134813 -prefsHandle 5312 -prefMapHandle 6020 -prefsLen 26458 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7883b394-92c7-4568-bce8-3c58e09266ac} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5508 1b1bd0f1b58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.14.1260288731\409056793" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6184 -prefMapHandle 5312 -prefsLen 26458 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81a90659-7ff1-4c97-9ea3-c75b92604116} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 6196 1b1bd0f1858 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.15.2102922272\2008772477" -childID 12 -isForBrowser -prefsHandle 10352 -prefMapHandle 10356 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {365b9a5a-2139-4318-a120-3758bd435e95} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10348 1b1bc67d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.16.1686071463\815753223" -childID 13 -isForBrowser -prefsHandle 5740 -prefMapHandle 10168 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36159173-c3c6-4906-b502-21162345a550} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10136 1b1bc717b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.18.411124603\45505844" -childID 15 -isForBrowser -prefsHandle 10032 -prefMapHandle 10208 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49e1ae30-5a8d-4a8e-b886-7412ae5a815f} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10168 1b1bd0f0c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.17.1934276273\1481680373" -childID 14 -isForBrowser -prefsHandle 4452 -prefMapHandle 6104 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b50805f-d22a-4ba0-ab3a-b0c37d66e602} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 2900 1b1ba8d3e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.19.1058824149\1624246191" -childID 16 -isForBrowser -prefsHandle 9792 -prefMapHandle 9800 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd723889-58d9-4a0e-a97d-1b0ee93669de} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9712 1b1bde3c858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.20.793419851\1685618213" -childID 17 -isForBrowser -prefsHandle 2704 -prefMapHandle 2692 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {915d660c-5155-477c-8dbd-7369ecefcbae} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4484 1b1bcc8a458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.22.452436051\1566791610" -childID 19 -isForBrowser -prefsHandle 9496 -prefMapHandle 9600 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a469041-5328-4cf6-9414-1680200eb05b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9500 1b1bcf73258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.21.1945071416\1333230372" -childID 18 -isForBrowser -prefsHandle 10272 -prefMapHandle 4776 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5f17882-e44a-4848-87d0-32a50fffd776} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5176 1b1bcf75f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.23.1327729539\671848213" -childID 20 -isForBrowser -prefsHandle 5088 -prefMapHandle 2700 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {232ab985-1654-4b94-9202-f38b3c01a73b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9496 1b1bcf76b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.24.947197111\1408909372" -childID 21 -isForBrowser -prefsHandle 5948 -prefMapHandle 5952 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f4afe4c-7317-4930-98cd-15f7ce35ed5c} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5960 1b1bd75fc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.25.2061218028\607896831" -childID 22 -isForBrowser -prefsHandle 9976 -prefMapHandle 4564 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5471af28-7fa1-47ae-b6dc-2a67a782077b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9772 1b1bdd88d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.26.1899039139\1817429984" -childID 23 -isForBrowser -prefsHandle 2588 -prefMapHandle 4300 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8155f4ee-e63e-4a76-ac06-69a2608c1c4c} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 2616 1b1bfb6be58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.28.1628587108\708660785" -childID 25 -isForBrowser -prefsHandle 10232 -prefMapHandle 4520 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c79aa4c8-23ce-439a-aea7-5247fba8c644} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4768 1b1c0104158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.27.1365931546\170127609" -childID 24 -isForBrowser -prefsHandle 9824 -prefMapHandle 10120 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41709363-2cc9-4548-b3af-d1632640a485} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5088 1b1c0089b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.29.1344511961\1366660700" -childID 26 -isForBrowser -prefsHandle 9244 -prefMapHandle 9248 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2517ce66-d573-41c0-89a0-2974f9e12b2c} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9236 1b1c0325758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.30.1873209019\1399861091" -childID 27 -isForBrowser -prefsHandle 4712 -prefMapHandle 4464 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51955225-396b-4ec0-bfb2-06e3dd430960} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 6184 1b1b894e958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.31.1373573922\980178570" -childID 28 -isForBrowser -prefsHandle 9468 -prefMapHandle 10116 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7d8d41d-3b14-4149-a5f3-c6cedf3d302d} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9716 1b1bb090d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.32.843978882\1735282144" -childID 29 -isForBrowser -prefsHandle 9380 -prefMapHandle 9364 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24edc446-c3a4-40c8-ba11-59e798cad94e} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9392 1b1bc714258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.33.1261749044\721296633" -childID 30 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {272d0eb1-5c47-496a-90d1-915cab78fba1} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5336 1b1bcc38558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.34.432301712\101223452" -childID 31 -isForBrowser -prefsHandle 9068 -prefMapHandle 9060 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb047e93-2555-4b24-afbd-00e7dfb7ad60} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9036 1b1bcc38b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.35.1753560160\1979802609" -childID 32 -isForBrowser -prefsHandle 8828 -prefMapHandle 8832 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50c8e57a-6df8-4fb4-86ba-103bcca348b6} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9480 1b1bd66eb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.36.1651007137\503577689" -childID 33 -isForBrowser -prefsHandle 5484 -prefMapHandle 4768 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {492205d2-0386-4376-aa97-5f22e03f5727} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4300 1b1bccdb258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.37.1018961979\1170333870" -childID 34 -isForBrowser -prefsHandle 8916 -prefMapHandle 8900 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9890f2f-a8f8-4f7a-9ea4-0a52573801f2} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9036 1b1bd98bb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.38.2000231760\482898598" -childID 35 -isForBrowser -prefsHandle 8588 -prefMapHandle 8584 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b096afb-1026-4cf1-b5da-4a5901e45d4a} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8600 1b1bde3a758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.39.833507369\519807520" -childID 36 -isForBrowser -prefsHandle 8416 -prefMapHandle 8412 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ac0cad9-067f-4a83-b14f-232b74eaa4f0} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8424 1b1bdea2158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.40.539693634\663410694" -childID 37 -isForBrowser -prefsHandle 9724 -prefMapHandle 5340 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d787854-c45a-4a8e-aa4d-55037de42f9e} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9380 1b1bdf6dd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.41.294823653\1998272677" -childID 38 -isForBrowser -prefsHandle 5264 -prefMapHandle 8988 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b3f2d35-8eda-4a4d-9e8b-08693777e124} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9748 1b1bdf6fe58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.42.151661152\652378968" -childID 39 -isForBrowser -prefsHandle 8284 -prefMapHandle 8268 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aee7b639-810a-4cb5-afbb-b65a0f834f5e} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8296 1b1bdf6ef58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.43.362459726\1385434735" -childID 40 -isForBrowser -prefsHandle 9048 -prefMapHandle 9680 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37aae6a0-2a6c-4356-bfdd-0cd01ef3b71b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9288 1b1bdf6d758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.44.1070854888\2120503329" -childID 41 -isForBrowser -prefsHandle 9136 -prefMapHandle 9220 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d93426e2-32ae-4ac7-8de7-17574fd5783d} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9144 1b1ba926458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.47.1906338325\1632090401" -childID 44 -isForBrowser -prefsHandle 9496 -prefMapHandle 9544 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {027f0933-0d47-4774-920c-e7a8b47980db} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 6372 1b1bb09da58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.46.124792393\2109086214" -childID 43 -isForBrowser -prefsHandle 4616 -prefMapHandle 6136 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1599b99d-a168-423c-a87f-0fe58b8f11e0} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10352 1b1bb09f258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.45.283618901\96782478" -childID 42 -isForBrowser -prefsHandle 1556 -prefMapHandle 5632 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba82a242-785a-4675-9bd6-ad9455f9cc11} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9176 1b1bb09ce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.48.946911890\931078652" -childID 45 -isForBrowser -prefsHandle 9052 -prefMapHandle 4784 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5930553f-13db-4c20-9676-1f26d07cc117} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9172 1b1bd0e2f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.49.1720587759\1628651425" -childID 46 -isForBrowser -prefsHandle 9588 -prefMapHandle 8524 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c758e07-2003-44fb-b6ae-dc7581b6b59c} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9168 1b1bd0e3558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.51.492515795\1223791885" -childID 48 -isForBrowser -prefsHandle 10088 -prefMapHandle 8504 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d49ab76-f733-49a2-a2d7-6f1f28cb39e9} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9564 1b1bc9d2958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.50.768059559\2078568274" -childID 47 -isForBrowser -prefsHandle 8240 -prefMapHandle 4628 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe456d22-128b-4e42-8ad0-0bbd3d66255a} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8152 1b1bb090a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.53.1544350204\1601526837" -childID 50 -isForBrowser -prefsHandle 8240 -prefMapHandle 8148 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d2022a-4ee8-4353-86aa-cd6e11ff1883} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4628 1b1bc67c658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.52.520620788\1802128080" -childID 49 -isForBrowser -prefsHandle 5812 -prefMapHandle 10064 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed7d0067-20c6-4db2-89cd-5a1853af37d2} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10076 1b1bc67a258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.54.1577675872\1160788715" -childID 51 -isForBrowser -prefsHandle 5624 -prefMapHandle 6084 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf08aac6-f08d-42d1-a350-86b85de36ce7} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5516 1b1bccdb558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.55.708806925\1728674253" -childID 52 -isForBrowser -prefsHandle 5172 -prefMapHandle 9072 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7677b83-dc63-4108-8507-9b24fa5bf0c6} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4372 1b1bd01f258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.56.437429963\466278515" -childID 53 -isForBrowser -prefsHandle 9508 -prefMapHandle 4776 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c249047-f502-4e62-9096-0b35b57b1232} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9816 1b1be512a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.57.1875929513\1173048635" -childID 54 -isForBrowser -prefsHandle 8504 -prefMapHandle 9612 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a32a5b1-10b8-4e01-938e-462491a501f3} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10108 1b1bccdb558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.59.1066002185\320111169" -childID 56 -isForBrowser -prefsHandle 5108 -prefMapHandle 5648 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c95dfa15-8e4a-4270-8cde-ba4727552de2} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8400 1b1bc7f1558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.58.1748171599\1145939072" -childID 55 -isForBrowser -prefsHandle 3788 -prefMapHandle 8820 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {020b8488-4e86-4a43-9f52-a825a33cf070} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8804 1b1bc7efa58 tab
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Kiwi_X_External.rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.60.753813957\313930201" -childID 57 -isForBrowser -prefsHandle 6060 -prefMapHandle 2884 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e50fed90-f874-4132-86e0-58631a3e01b3} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5516 1b1bcd5ee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.61.1175510970\974535913" -childID 58 -isForBrowser -prefsHandle 9580 -prefMapHandle 8940 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ea5119b-965f-442d-9457-5b0172a44504} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8980 1b1bcfd4d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.62.991615829\513096250" -childID 59 -isForBrowser -prefsHandle 6136 -prefMapHandle 4616 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b874a2bf-706e-47a9-bf27-201a546dc1ba} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10088 1b1a7662e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.63.1816667123\1702293396" -childID 60 -isForBrowser -prefsHandle 9828 -prefMapHandle 9440 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {757b5ac5-a7f8-4aac-9703-b6eca09c39e1} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 2580 1b1a765e858 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe
"C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=7.0.0&arch=x64&rid=win-x64&os=win10&gui=true
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd53f13cb8,0x7ffd53f13cc8,0x7ffd53f13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe
"C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe"
C:\Windows\Temp\{B7F226A1-2048-449B-BDC9-1CB6DDD3F295}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe
"C:\Windows\Temp\{B7F226A1-2048-449B-BDC9-1CB6DDD3F295}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe" -burn.filehandle.attached=756 -burn.filehandle.self=760
C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe
"C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe" -q -burn.elevated BurnPipe.{E6DAAAF5-7127-41EB-9394-CD10B639180A} {EA16112A-F663-4D2B-936D-61AFA19B35FF} 5724
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 720A86221BF2463A66C1469D413CBC9B
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5B4D293A942BFAC948997836CE496B9F
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 900082AFAC8A0F562FB5A5A0B83A977F
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 62BA163650FD5F2CD76125AB4B294794
C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe
"C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe"
C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe
"C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.0.472057657\185783621" -parentBuildID 20221007134813 -prefsHandle 1652 -prefMapHandle 1620 -prefsLen 21569 -prefMapSize 233863 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31dc606e-81d2-4b40-b927-76f8f12ce083} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 1732 298af705058 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.1.2034975433\977613890" -parentBuildID 20221007134813 -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 21569 -prefMapSize 233863 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10ab1b98-a30f-48eb-a3d9-a1ea2910da89} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 2096 298a38e7358 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.2.799132259\1562665420" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 22030 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d70e9fd7-bb98-44a8-8fbe-879d65f5bcbb} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 2920 298b3649f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.3.319876495\1491416350" -childID 2 -isForBrowser -prefsHandle 3812 -prefMapHandle 3808 -prefsLen 27208 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7f16065-1422-4ed2-9c21-65f45cce0c16} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 3824 298b57ee158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.4.1664524045\1677108611" -childID 3 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 27208 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {517ca655-bf84-4005-8012-5f9eedeaf836} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 4032 298a3861c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.7.1923696821\109175157" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 27267 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4481ff9-10a2-4338-b0ca-ed12b1c68351} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5364 298b72cff58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.6.1759518080\2139329522" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 27267 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b073d239-fcc1-418f-97ae-1b374511f893} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5176 298b72cf958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.5.1405547781\1857455499" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5088 -prefsLen 27267 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50b0c8fe-ea8e-4082-88e9-91960c95463a} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5064 298b4d86d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.8.489901883\564839336" -childID 7 -isForBrowser -prefsHandle 5940 -prefMapHandle 5936 -prefsLen 27267 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5127d010-6973-49f9-b621-85109fe49e7c} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5948 298b97f9a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.9.1988200930\843952720" -childID 8 -isForBrowser -prefsHandle 5608 -prefMapHandle 3904 -prefsLen 27276 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58b8984-9602-4d66-9d34-1c95d3833389} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 4816 298b9948a58 tab
C:\Users\Admin\Downloads\Client.Install.win.x64\Client Install win x64 Setup.exe
"C:\Users\Admin\Downloads\Client.Install.win.x64\Client Install win x64 Setup.exe"
C:\Users\Admin\Downloads\Client.Install.win.x64\jre\bin\javaw.exe
"C:\Users\Admin\Downloads\Client.Install.win.x64\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\antlr4-runtime.jar;lib\asm-all.jar;lib\commons-email.jar;lib\connector-api.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\dyn4j.jar;lib\gson.jar;lib\HikariCP-java6.jar;lib\javassist-GA.jar;lib\jaybird-jdk18.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-game-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-sql-ext.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\mysql-connector-java.jar;lib\postgresql.jre7.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\sqlite-jdbc.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 52.24.144.241:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:49735 | tcp | |
| N/A | 127.0.0.1:49741 | tcp | |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 172.67.191.177:80 | kiwiexploits.com | tcp |
| US | 172.67.191.177:80 | kiwiexploits.com | tcp |
| US | 172.67.191.177:443 | kiwiexploits.com | tcp |
| US | 172.67.191.177:443 | kiwiexploits.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 104.21.11.26:443 | acscdn.com | tcp |
| US | 104.21.11.26:443 | acscdn.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | youradexchange.com | udp |
| US | 8.8.8.8:53 | 26.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 172.67.204.62:443 | ctrtrk.com | tcp |
| US | 172.64.170.19:443 | youradexchange.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 172.67.204.62:443 | ctrtrk.com | udp |
| US | 172.64.170.19:443 | youradexchange.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 104.21.8.108:443 | pubtrky.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 104.21.8.108:443 | pubtrky.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | udp |
| EE | 46.36.218.109:443 | updservice.site | tcp |
| US | 104.21.68.128:443 | mmentorapp.com | tcp |
| US | 104.21.68.128:443 | mmentorapp.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| DE | 18.194.134.212:443 | offaces-butional.com | tcp |
| US | 172.67.210.153:443 | www.savinist.com | tcp |
| US | 172.67.210.153:443 | www.savinist.com | udp |
| DE | 18.196.153.94:443 | www.opera.com | tcp |
| GB | 216.58.213.14:443 | www.googleoptimize.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 216.58.213.14:443 | www.googleoptimize.com | udp |
| US | 151.101.1.140:443 | reddit.map.fastly.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 151.101.1.140:443 | reddit.map.fastly.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | udp |
| DE | 52.85.92.13:443 | static-cdn.hotjar.com | tcp |
| GB | 88.221.135.104:443 | a1916.dscg2.akamai.net | tcp |
| US | 151.101.1.140:443 | reddit.map.fastly.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 195.181.164.15:443 | tags.creativecdn.com | tcp |
| GB | 195.181.164.15:443 | tags.creativecdn.com | udp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| DE | 18.155.153.11:443 | script.hotjar.com | tcp |
| US | 13.107.42.14:443 | l-0005.l-msedge.net | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 104.21.89.193:443 | lootdest.com | tcp |
| US | 104.21.89.193:443 | lootdest.com | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 104.16.126.175:443 | unpkg.com | tcp |
| IN | 142.250.70.99:443 | csi.gstatic.com | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| IN | 142.250.70.99:443 | csi.gstatic.com | tcp |
| DE | 18.155.152.67:443 | ddzswov1e84sp.cloudfront.net | tcp |
| US | 104.21.23.212:443 | onasider.top | tcp |
| US | 104.21.23.212:443 | onasider.top | tcp |
| US | 104.21.23.212:443 | onasider.top | udp |
| IN | 142.250.70.99:443 | csi.gstatic.com | udp |
| DE | 54.230.182.151:443 | d1wzdj81h1hubn.cloudfront.net | tcp |
| DE | 54.230.182.151:443 | d1wzdj81h1hubn.cloudfront.net | tcp |
| US | 172.67.150.46:443 | 1.edonorprog.biz | tcp |
| US | 172.67.150.46:443 | 1.edonorprog.biz | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| GB | 13.224.245.92:443 | ukworlowedonh.com | tcp |
| GB | 92.123.26.137:443 | assets.msn.com | tcp |
| GB | 92.123.26.137:443 | assets.msn.com | tcp |
| GB | 92.123.26.137:443 | assets.msn.com | tcp |
| GB | 92.123.26.137:443 | assets.msn.com | tcp |
| GB | 92.123.26.137:443 | assets.msn.com | tcp |
| IE | 68.219.88.97:443 | c.msn.com | tcp |
| US | 204.79.197.200:443 | dual-a-0001.a-msedge.net | tcp |
| US | 20.42.65.84:443 | onedscolprdeus02.eastus.cloudapp.azure.com | tcp |
| GB | 88.221.134.80:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 88.221.134.80:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 88.221.134.80:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 88.221.134.80:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 88.221.134.80:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 88.221.134.80:443 | img-s-msn-com.akamaized.net | tcp |
| US | 172.67.150.46:443 | 1.edonorprog.biz | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| GB | 92.123.128.178:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 92.123.128.178:443 | e86303.dscx.akamaiedge.net | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| GB | 23.37.0.26:443 | confiant.msn.com | tcp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 13.107.246.67:443 | part-0039.t-0009.t-msedge.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | 67.246.107.13.in-addr.arpa | udp |
| GB | 92.123.128.178:443 | e86303.dscx.akamaiedge.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 151.101.1.108:443 | cdn.adnxs.com | tcp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| NL | 185.89.208.19:443 | shftr.appnexusgslb.net | tcp |
| NL | 185.89.211.84:443 | ams3-ib.adnxs.com | tcp |
| NL | 185.89.211.84:443 | ams3-ib.adnxs.com | tcp |
| NL | 185.89.211.84:443 | ams3-ib.adnxs.com | tcp |
| US | 151.101.1.108:443 | cdn.adnxs.com | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | udp |
| NL | 185.89.210.153:443 | ams3-ib.adnxs.com | tcp |
| IE | 13.69.239.74:443 | browser.events.data.microsoft.com | tcp |
| IE | 13.69.239.74:443 | browser.events.data.microsoft.com | tcp |
| DE | 37.252.173.215:443 | fra1-ib.adnxs.com | tcp |
| NL | 185.89.208.19:443 | shftr.appnexusgslb.net | tcp |
| US | 52.223.6.21:443 | ie1-bid.adsrvr.org | tcp |
| NL | 185.89.210.82:443 | ams3-ib.adnxs.com | tcp |
| DE | 37.252.171.53:443 | fra1-ib.adnxs.com | tcp |
| DE | 37.252.171.53:443 | fra1-ib.adnxs.com | tcp |
| DE | 37.252.171.53:443 | fra1-ib.adnxs.com | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | udp |
| CH | 74.125.108.201:443 | r4.sn-1gi7znek.gvt1.com | tcp |
| CH | 74.125.108.201:443 | r4.sn-1gi7znek.gvt1.com | udp |
| US | 172.67.191.177:443 | kiwiexploits.com | udp |
| DE | 54.230.55.108:443 | d1o6lu9dr4t13s.cloudfront.net | tcp |
| GB | 13.224.245.59:443 | ukworlowedonh.com | tcp |
| GB | 13.224.245.59:443 | ukworlowedonh.com | tcp |
| US | 104.21.22.186:443 | ameoutofthe.info | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 188.114.97.2:443 | lootdest.com | tcp |
| US | 188.114.97.2:443 | lootdest.com | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 104.21.22.186:443 | ameoutofthe.info | udp |
| US | 188.114.97.2:443 | lootdest.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 13.224.245.59:443 | ukworlowedonh.com | tcp |
| US | 34.195.224.242:443 | sonij.wedonhisdhiltew.info | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 18.165.201.76:443 | ecentalsindus.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| US | 34.195.224.242:443 | sonij.wedonhisdhiltew.info | tcp |
| US | 34.195.224.242:443 | sonij.wedonhisdhiltew.info | tcp |
| GB | 13.224.245.92:443 | ukworlowedonh.com | tcp |
| NL | 139.45.197.239:443 | dukirliaon.com | tcp |
| NL | 139.45.197.239:443 | dukirliaon.com | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 172.64.133.4:443 | yourfreshjournal.com | tcp |
| US | 172.64.133.4:443 | yourfreshjournal.com | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 104.22.25.116:443 | littlecdn.com | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | 251.197.45.139.in-addr.arpa | udp |
| US | 34.195.224.242:443 | qvmto.wedonhisdhiltew.info | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| US | 172.67.191.177:443 | kiwiexploits.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 104.21.22.186:443 | ameoutofthe.info | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 34.195.224.242:443 | qvmto.wedonhisdhiltew.info | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| US | 34.195.224.242:443 | qvmto.wedonhisdhiltew.info | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| US | 172.64.133.4:443 | yourfreshjournal.com | tcp |
| US | 172.64.133.4:443 | yourfreshjournal.com | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| US | 172.67.134.201:443 | loot-link.com | tcp |
| US | 172.67.134.201:443 | loot-link.com | udp |
| US | 104.16.126.175:443 | unpkg.com | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| DE | 18.155.152.135:443 | ddzswov1e84sp.cloudfront.net | tcp |
| US | 104.21.23.212:443 | onasider.top | tcp |
| US | 104.21.23.212:443 | onasider.top | tcp |
| US | 104.21.23.212:443 | onasider.top | udp |
| DE | 54.230.182.94:443 | d1wzdj81h1hubn.cloudfront.net | tcp |
| DE | 54.230.182.94:443 | d1wzdj81h1hubn.cloudfront.net | tcp |
| US | 104.21.30.10:443 | 1.edonorprog.biz | tcp |
| US | 104.21.30.10:443 | 1.edonorprog.biz | tcp |
| GB | 13.224.245.47:443 | ukworlowedonh.com | tcp |
| US | 8.8.8.8:53 | ukworlowedonh.com | udp |
| US | 34.195.224.242:443 | qvmto.wedonhisdhiltew.info | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 104.21.30.10:443 | 1.edonorprog.biz | udp |
| US | 104.21.23.212:443 | onasider.top | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| NL | 139.45.197.239:443 | dukirliaon.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.195.224.242:443 | qvmto.wedonhisdhiltew.info | tcp |
| US | 34.195.224.242:443 | qvmto.wedonhisdhiltew.info | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 13.224.245.59:443 | ukworlowedonh.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 13.224.245.59:443 | ukworlowedonh.com | tcp |
| NL | 52.178.17.2:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | onedscolprdweu02.westeurope.cloudapp.azure.com | udp |
| IE | 2.18.238.120:443 | aka.ms | tcp |
| IE | 2.18.238.120:443 | aka.ms | tcp |
| IE | 2.18.238.120:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | fp-afd.azurefd.net | tcp |
| GB | 23.37.1.217:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | fp-afd.azurefd.net | tcp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| GB | 23.37.1.217:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | fp-afd.azurefd.net | tcp |
| IE | 52.215.123.88:443 | w.usabilla.com | tcp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 18.155.152.129:443 | d6tizftlrpuof.cloudfront.net | tcp |
| DE | 18.155.152.129:443 | d6tizftlrpuof.cloudfront.net | tcp |
| DE | 18.155.152.129:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 129.152.155.18.in-addr.arpa | udp |
| IE | 20.50.80.209:443 | browser.events.data.microsoft.com | tcp |
| IE | 20.50.80.209:443 | browser.events.data.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| GB | 2.18.66.72:443 | tcp | |
| US | 13.89.179.10:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 23.214.133.66:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.160:443 | www.bing.com | tcp |
| GB | 23.48.165.7:443 | ow1.res.office365.com | tcp |
| US | 52.113.196.254:443 | teams-ring.msedge.net | tcp |
| US | 13.107.246.64:443 | fp-afd.azurefd.net | tcp |
| N/A | 127.0.0.1:54138 | tcp | |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| N/A | 127.0.0.1:54141 | tcp | |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 216.58.213.14:443 | plus.l.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.213.14:443 | plus.l.google.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 13.107.246.64:443 | fp-afd.azurefd.net | tcp |
| GB | 2.18.66.72:443 | tcp | |
| US | 150.171.22.254:443 | ln-ring.msedge.net | tcp |
| TW | 51.53.160.47:443 | 094e7f298df38ee7a97a8ef889158631.azr.footprintdns.com | tcp |
| US | 8.8.8.8:53 | 254.22.171.150.in-addr.arpa | udp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\bbaa0b1a-9383-4447-a90d-60d91c6a9097
| MD5 | 31401f41b3c4187c19fecab40842b153 |
| SHA1 | c346fa763a9fc7b5b91f966ecbcca348164b5c58 |
| SHA256 | f7d3ebc88c3aa051a91142952943668d2a019e15758f83c89b13c660d115ffb0 |
| SHA512 | 6f2c58a8d9166f6ced2be33b134aef47b4c7498e5b23393cacfe4ae85a26c2257d70dfeb23195bc63c0d1d53de8db92495466d599ef5ae531fa2de0523c53bed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\38ff5fb2-cfa7-4132-9684-f80b8eadb8c2
| MD5 | f2c717262d47794d23c68e3e76bb4a32 |
| SHA1 | 0245620878af5cdb432ff84db9718cbfa19c8efd |
| SHA256 | 9ed55807535f05069cce872fddbe9191cb84b71794f53cdb0150a667aceedf06 |
| SHA512 | 18805abf994f8d087f218d4bad892e4e86f459fa1d62bbc2c3e984d606810b597f33326c2111d6197ad5a41cbc599e23fed73fc424423772b9dabdb53bc73d17 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 4df84aff357f840c22ff7a8b1b1174b9 |
| SHA1 | 3d22910aaf17087094a444c8590450f9daf685b4 |
| SHA256 | ad5d0332a6a6af81c2d1cdc87c2d6ccb62352c415c41e9e5acd55dc9dfaedf88 |
| SHA512 | 54ad48b0005aab0a608a6a69f2ff7cdb1aea555ef60bfb44f5f1bd44602a3e67dd8dd195e74bf130e844490e92a0c05e1fabd32b3d99b36ac14eba61255b5b37 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js
| MD5 | 534c7e6751ff29ca9066766cf30f0775 |
| SHA1 | f484804fbc73b56feb04f410631bace672a23b20 |
| SHA256 | 58530b01750a2f86f688a95210d493a5597abbddd794f7d81fba81fa4af475ca |
| SHA512 | 6273bc0815620a3edd84ba702210d8b0fb72132e846453c06e9903d78cbfd22e484de1b62fa1526fb73fe2aeedaa0081b3e37c6723754d0fc9272d5116493fb0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js
| MD5 | d5fddaba89e7db0575935b20e9550003 |
| SHA1 | 388fde180c9f165692fd802a05318bf0ca12daef |
| SHA256 | 201f50f9f0db264ceee9b1ddf0cfb574c592586ac684ed5c2d3a9bed75b72777 |
| SHA512 | a65b909ecea75c2bab2f0cd1ba6e15972c6932acab3e1331d423ac207c6a351c1bc81916b082f9c0363112c13626f0ab3ba29249cb73cecdce6cc85a7536d0c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d6b51a3f4470f98b72e264c1f15cb772 |
| SHA1 | 41a7d4706619b6ac29260cb208533758be4ca4c9 |
| SHA256 | b55b3b067a0867f329f08a82de6d2f3c3a2ed9b4e9b2a4e71b6dfd100712955d |
| SHA512 | cf136dbf09b14304c72e1bd8a8e10c0c60771d6c744e55722e7f53edbbb354c92372922247898979ab0aca6b5723f0a51672ef893a3d4f9fe894b2f5ff9cddfa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ca65258316f08bf68b3d2112e8fec7ff |
| SHA1 | 9d0a3b7f36d1eb8cd490305b4ec0416fe425be0b |
| SHA256 | 86d5c16ab487b52999cb8f295e40599fcdccd4d5f3c17aca8e339b10109383b6 |
| SHA512 | e818e17778ddae511e8e892bf1eb0367352995983ddf1b1b2415f44880881f09e89a1077d799be57a665180623a335cc87154883a25c0c372ac9f0c4a773eb0d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\50BC822D4CA28F7818B2B9AF192FD523BD4D70D2
| MD5 | 57af1ee4e137926e11e284be3bc4379d |
| SHA1 | 49fad6195c03a5d04e8978b6021709944d028b24 |
| SHA256 | 7f283d272b9a39c8243f8dbda24b0e29df7ddb9140517606379fd4b53984661d |
| SHA512 | 180f20e1ab3298352796c42c6993d007b387112599f68de2de4a2c2792da166e3284fc112efdbf7a1ac1b33dea20ef5fd3b1e0d0087b247d3b68aa363604be33 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js
| MD5 | 6ea426353772504d176071b4d16394fe |
| SHA1 | 24c216e8f183eac6ae0c8e053a4c54a4242005e5 |
| SHA256 | 43c9edfbf2cc375338b746c70016abe813ea290a9a7c5791f7aa376a24bb2ae0 |
| SHA512 | ac22693c192939130f28f28d004ce37d2cdbd38112b74f2bc48b61f53616b7a56caac2d580fd16b09ca5f1601d62d7ef378b1921028269e1adcb90e636a4ccf2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fa1d991fabc411737187502e6e2a5822 |
| SHA1 | 9b2c64eea9210c8cd5da24434023e10011158642 |
| SHA256 | efe54c2d8a251d4fc10f9502a14b9909cef7595f5585e492f82743fe705fbc7d |
| SHA512 | 5e114c370257fb9c9c9c7354e47ea94ddadccfa3665ae208133a13a5fd80c26c944b6e4ef36a2f45146c0f358fdaa700bb6f83858d0d7b691505ab443a6a0476 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\29459
| MD5 | 268dc3c2159a2644328cedf48378708c |
| SHA1 | c7572d52ff4b9cb2bbc6ee25dd9789cd297eded3 |
| SHA256 | 8205d15c185cf710c4739a29a6f157ab45c9c2ee8f41283c1208eba56f54eaee |
| SHA512 | d8c44ff3922fb07f315e33343c3ee046c5c99d691b971f0c40cb52694f8a0fc6542fe456246ef17feabe8ee04fc808eb9bf969a7eef44fe44da5d6b7dcab432d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\A06C681183E9AA3AD55214B0B469BB9A97A3C0F6
| MD5 | 26cbc427a7bdc5f9b08b348c32ab3ca1 |
| SHA1 | 598a5db613b30967305b4f0aed27bcf046a45caf |
| SHA256 | 07cd73f940a97d240e45ed7ea5a101a2434760b048a8f1a34a6424fe0f281254 |
| SHA512 | b1651617e260c212157ab4c9f221bf120abfd897eb46430cd58f439cb87735984fdede4812273ecfbe526a741845b85d497fce1d3043f96b5e8a408b63e9c613 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\C7736595FC8FFFCC8763CB33CE76670AF19EB23D
| MD5 | f09213297fed70a83808396f819d75dc |
| SHA1 | 1548d74e3d1648d0294b2684f8adf2526aeee681 |
| SHA256 | b52d81595faa19e968456872e94f698f4a049114d765f894fe88fb9f10d34ae8 |
| SHA512 | 0e1de97101eb345896de1eb907cbc6dcbe33bc5d64f8672daaec278334e2bf78bacdfcac85471569ab4df5ce548e1f35cc05a49b1de60fd5df440832da7bf386 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\12706
| MD5 | efd6bc2c9afc12fa2b8d076a8e7f6448 |
| SHA1 | c3849e8381e923bbe57f43f7d71055dae92d37f1 |
| SHA256 | 4b5146d1c04d095258577f2806601672f2a647d55ea950940e83f167763b420e |
| SHA512 | 99c00d919be658104c23f354050320d18091b3956f727373bb4691a28f9fb99f00f81ffb3ed234d0d7e69233192dbeaee2e6f70d06524d756d9172f10adc509a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3f71fd364f7d58c5ac04e9add49daece |
| SHA1 | 96e50a27c10018cc18f72d204ba162cbef71e413 |
| SHA256 | 01bbe59d03d71b69c139aa2023d8186961380a9e12fef8ad168ab0b06804b39b |
| SHA512 | 8b6d92155aa6ba7af6512e865be403e212c8b3a345bdae0c09b6ed49fea3b87d8ca70476f1d61b6e83bab0498a5c9af0fb824f20d0d5f311b42d6de163739ef5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 261b37325eddf2d0a7d0c8b76dd069b6 |
| SHA1 | 14133d66ba78fb8fff22ca6d0d191936f6d2e882 |
| SHA256 | e9f840a038e19e2513052384e57c55c31071399502e44a641a87796975a0390e |
| SHA512 | 62ea7489365f3afca8e1785024b41e89c14d84dad5a8523ca54f6c74ae5b44cbfba4fe7440be12fe43952838758158af11ee773bd60566f711bfdc6229a757d5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++www.msn.com\cache\morgue\121\{228cb210-3d99-46ba-810d-b281cec65f79}.final
| MD5 | 198eae49109ace901ecc7cb6dc060cc7 |
| SHA1 | f713524f3f6105eb38905d92e76861ffd338835f |
| SHA256 | 477f5ff041adbe0a33898fe3e8a2711bbbd0f3bf5efaede9b167e6d14ff7adb6 |
| SHA512 | 0bbba4c3af1fb5eed615dfeb90a98c16aa9c3618336d28df444118ad6c1e6a5c9ec69fd9180b4714bd7b208a9afcaddd2ea85d2b331e9bf27386124c8b334bee |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\A443C0E08DBDEAE7CA2C17339CD9D15F8A97AD6C
| MD5 | e93c25168c67f50ee5096b5531a5e5c6 |
| SHA1 | 00fe38ccbc608420479fb60c97a75dc6f22a03e4 |
| SHA256 | a3fcb8ba8943f4fa57ddbbc8fea2e3db7c7b6c440f5e6ee8dce45e833ee46ea9 |
| SHA512 | 732724876fc6ffb063f8ee51abd8e6dc380e319a41c22d450d064dd3cdd6b604423e20ecd692e40a21de4505e37c537a3f646f1d7278325943fed14789439541 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fbc3c0c326576741b2cc5160977d68ea |
| SHA1 | 0bc35954c415f00eaa2404f1fa2529fb0c8f3269 |
| SHA256 | acb47e86884c7280b3d480dff51fc56aa99f9a55c9e027e0f753ee3403b71abb |
| SHA512 | 0eedc9edfd59a081ce2bccc3dd3fcf92e69d1fe373737b7f53f97934ca5cb1ad7e3410f0cbf207ede6c522f2f19e1fd5882188264dce3720a5e8ff9e9ac0b899 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\18226
| MD5 | 438644e130f19084ce98955fbbd3c370 |
| SHA1 | 2d192dd313237ff1260e3ee7f5c0a0b34453546f |
| SHA256 | 2ea465a54ac6f5896991fdd304a560ff731dd6567e584a119cffddab31ddc4b1 |
| SHA512 | 6c8497c300bf8b355b1d20e3744b55cae6255560cf3d431cd7affd9d24ec2f99801ba482774f18e6ab623ea6e60a15a812deff0d67d522f47e17c565ce1dcc30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6db1e56d403a769d9300528ab69a3871 |
| SHA1 | 2a48127ba6dd6f67859c77d2d1fb4a974370a20c |
| SHA256 | 8ef5fcef25c79a073511973d0b753e66272fb07c73e30b7954f9909fd2dd73be |
| SHA512 | d22bd124a369e8df3c195be50ddb6727f9b6982ed7527851c024e9927de1f546dad8aab3ef77f46e254d14f3819bf8d2d4f84881c4dace4f00de62257f8eb6e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1d580bb9e70fa9b2b34511a9d8427340 |
| SHA1 | bb24339538bcef253129f0b34edf1881143360e6 |
| SHA256 | abceff406666371adb94facc8e28a84feebf86561c0342c82445c3ae4c5361ee |
| SHA512 | 784a7b235199ec7efcfb261f9be4e3c669ddd807c11cda3b9576cc5e5a293a6b3f412981454f2868ad28856559eea66d939ad08a71fede88b016bfc7edc41d9a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js
| MD5 | f00839759828f7f06b77dd3b1752c646 |
| SHA1 | fa15903bb0bd12d9c1c884816903b75a8cc3d1ca |
| SHA256 | 82ff9fb92411a73234605b34cc36b7bb4c3c372363318d732177f60d8524463f |
| SHA512 | fe33102f9dc5a0135af83885c1be49814777c294e7d81a1a83530451e5bcfc42bd68dc5c5163aa62e8fdf697928bfe444878006959586d3e4f2c111e3cc985b0 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | c695422219edaf441bfe5b92fce632ed |
| SHA1 | 18c90a6490c55ad55c59f8f293236f0c2cf5414d |
| SHA256 | 7541ca3b7d013db02a3c6ad9d5a3948529282aafa8933955a39ee822b7d2c563 |
| SHA512 | 41880ffa6712df52aca47141300aee1d2ee98bb914157a2ab7470fc0a30158fcb279c4fa941bf9fa5d0691142d48aa2609f0dff15bc759b7cfa2b033b86701ba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 1b4459c03d6100881ffb1b32db5a1739 |
| SHA1 | dbc3669df4d02a5d4355ba86c6b6e795522a781e |
| SHA256 | 061350c2c72842543f183058c441bc32b7846a71e0108d7652cbf7f06c8a3c97 |
| SHA512 | 4eb9734c266e8ee3a4a062cdc3c5b89ad59c64e8002b3e667e6b5e5384720464a1c5f538fc796a1710ed4974d15826bc377633162c7b64a99ae36ee256a8e4a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\B4B9766AD486DC4CA26FACDD185FD72B5DA8CDF2
| MD5 | 8cc52562f8024723ab1eb697393b7811 |
| SHA1 | f6f63f4b60d8c93feac209a66d886051c294d059 |
| SHA256 | 6c57e47b69341c310d1604a55ccd77261b96a72f44946022e4dc2381876f3037 |
| SHA512 | 98543b6cd956563566ebe093c01524040294f70a65d3534a29f3c1fbb2361206c3bb89d7aff3c8f0f391620b13c3203051f2d942e84853264a5bc4c18a64ed9a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b350ffa747b2cd9970b643e2d3d63162 |
| SHA1 | ed848e922a806335d397a90317a4cdb4f9b90b17 |
| SHA256 | f567147b73f55141b45a724598b26742434a23a5529a57a7d69ef2a9a8796eb6 |
| SHA512 | 6e67881773c56e4817e99ee207eaea59b365522722112b6badf1b3aa015f8944b10ef5a07c52b387b46d877aa9dde71738d5b0a3ca24d992a898e2c186ca9aec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\12562
| MD5 | 78dd5ddc38ec41f3e726ff2a941775e5 |
| SHA1 | a60f134cdebf0734091fb545920cb47b5be3a90f |
| SHA256 | 15e5f4c0bfedce5623381b4cd075f64b1a29bc53624b93b0e5ff8523c60d82fa |
| SHA512 | 773efc82b0e6857bbd8527eb3bc0092342bf8194d0697321ca10960557ad5c8a6948eeb358522959f9afc94eddf473e2131d59be463cabb82c2e08240d802138 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\26018
| MD5 | 11ad589b9eea39f0bca88009ce0172c4 |
| SHA1 | 2c59f06112439a17af80a9cb18e1259f1817645c |
| SHA256 | cc2d24e9b34f6cc7b327883f8d3d21880ca75ae9bd02d2d85a13727f9ea3b6aa |
| SHA512 | fd8d08bddb60a8cc2bf68424f2a46010bd15bdf1bc5560af2b3f1a60bf46daf0105600d2cd9126ca6ddceb677e2c186949e74540c2d6d2b4eee96aa63b582de6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\2374
| MD5 | 5d4b0c4c3d1fcb3f32aed82ea4379445 |
| SHA1 | d7095fe4c0f9b60d65d6239c0f075f47eb10c5e6 |
| SHA256 | 3abb4406368c819b365feb1cfc67932b67ef0d6e8edc913b4dbaf25e6c815eb2 |
| SHA512 | f787a436073d5376c2a40f604109a3a14bcfb14d27a0b8de8c10410fdbfaeaf20b2472c3a4b7622ff22b971a399376f0020734e750c4a7c57ce6c985f2910ed9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c97ecf64da34c45e40224aa3e625a36a |
| SHA1 | cfd80c166649787f5f2590db38886399c13f5f4b |
| SHA256 | c38129002d448f42c263e694bfe1c010a8bcf829fcdbfe7fbcddf5694bcebf54 |
| SHA512 | 813d292a0ff19844d6e5d68c0b2d2218c43c68eda807bfb1e73c7ca1a3d196a47ce2bcdec5face4614b374a8dd8eeb8b620c129f8ca78a0025a631d0e2cedf4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++qvmto.wedonhisdhiltew.info\cache\morgue\39\{6fa31e0a-6674-40e5-968f-f8d859f5d727}.final
| MD5 | 1cb601da3dc93ed5b7f8076cebfc2043 |
| SHA1 | 9e90de435cba5d5e6fb93cd94bf83036e2934eb8 |
| SHA256 | ae36ae2f37f14e1834d35116f31a5ee10f7dba80ed62b5a258ebc6206d41ab02 |
| SHA512 | d4d20fbcd69eabcf0d9f35124d22f7625dc99ce854a87c035ce405346f7314f6d4105c938885ae60530e320488e42e19e3e18e708b3e1f8950311f03f2436fd2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++qvmto.wedonhisdhiltew.info\idb\2728594770keeryovtasl-.sqlite
| MD5 | 271811437e877a16ff482a6bce26a297 |
| SHA1 | 7c4d4e4cf7f28337aad689a7763791be8ee35966 |
| SHA256 | f784c0efa47933d636ecd8718ced7d734b61dabc8019d67fec88e1f4e9579be4 |
| SHA512 | bfb41837a1551b50e9a41a244545635ba1f5674b345f03256b4556c065fe398c75fc7f23f1b34c7a6233f5bc9c35248334eefcb4a39fb370a1bee4de9ad45236 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\25991
| MD5 | bc26504d2bffbe975183a4c32b7075f4 |
| SHA1 | 8647b0e79235fd9aa57b2e289bb1f8d0b4cf7797 |
| SHA256 | a5fc18e45fcd6839a2ba0ea2c717a9d07781dc0bc02440633d51eda03f6dea00 |
| SHA512 | 2b7fd70082a6a8afaeb73bb0da36205ed6d926d49829624554add5d2e8cf5454a807252adb5927eebea310400a6145d06605be37f3d77b4ba7b22ce84d2d0932 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++qvmto.wedonhisdhiltew.info\cache\morgue\143\{b9a763ba-c0c0-4d46-b06e-b2ae5fb72b8f}.final
| MD5 | 85736de3f0a1783b1d6687ec38b9f225 |
| SHA1 | a92298b6f4a6ed759880abfec08224a8a53418d8 |
| SHA256 | c6c690de6ec91074d0d7131791ede74bc67c751adcc6a13b2673f116857cb9f3 |
| SHA512 | ff53b47d824ac1e68eb5ae2abd1681242a92c7e46b7195bc96d2d06cd6db062e1b0f0cba3d3bfa45e298c89d1205418d47af861da59e91fd09cf561bcf5e0c11 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\19169
| MD5 | 76909f646f25d29df884ca593216335d |
| SHA1 | 74a5a09ad8af98eb17fd2ecafed83e1e236dfcdf |
| SHA256 | 56a6a2e784f45ebfdbb70af322a00c121d3de56dbfa739c045b6418d26508680 |
| SHA512 | 87e2a0e4ca110ad964c7697c7c7a62ce14607c27204a2437ed5ec263dac29956d5e3a37df3bdd41c43ef125d3c83a92dc0f43fba6bc948e9f557cb5b4a911131 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\19463
| MD5 | a400755ee1a95518ad363f5931106c4d |
| SHA1 | e395bfc48d14a60fdc45d109f976d84c499a2995 |
| SHA256 | 904d3496974eb6d7857dded81b57f9f415b1ff2ef5f3bd65ac2208cbd091e9ff |
| SHA512 | 7fd5e6b49ecef7154c8ae0e64616b4b0154347cc0bdaee0bc65e27403329d489af2a7e78bce235aa25a134f13ae33f9092eaba4145cfa9ed2eb5b26ec4bfc2c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fa22ce559ac4c51d91e258da78d81807 |
| SHA1 | 9be9b623f4bba4aa58a40c14a38c64e3aba85a47 |
| SHA256 | 8e7d8250c7c012e990f122be25a064008162997a6679b8229d31414dc538df67 |
| SHA512 | 269e178dccf0d603168a3faaf070375bf1042d1cfd1ba0be27c8b217554db1ec68409ccd2ef1ad7fe88a0f827db095d3cb3c49e9980e0dfa1272f85c2aef4b3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 10f8e8661ac5d2286fd7d4e3dda7f7ee |
| SHA1 | 64587377f6fe805577cc3fc670355fb71f1617df |
| SHA256 | d8b2f271d322d287e21c61944971f0ffc619ce570bdb5a8605d1a20c984d958b |
| SHA512 | 45c2f9c0a81a2778fbe2d3d2d987268ec942aaee576c9e56ce544883d72d8c97baf0a00570657f7815d17682a824991f7e69f8984f5dacd3874aacc3dac35fd3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\31697
| MD5 | 904755bb9bb98b44eef534d5f026fcb3 |
| SHA1 | 470bf124c203780ef8c895a45baa5a21a6ad7a86 |
| SHA256 | d18794100df2ac05784967565f92a9f0af89c658134a0d71a2488fea947cd1cd |
| SHA512 | 29c9cef2d992f957c775f9256041517c828cca62f7c9a8a948c5b58ab7444d2c71628af16ff5477c451efce942c2e923069753fac0df6c1429b0d92d18fc1113 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\E825EB3F668232735A73EBE87925C898C908F266
| MD5 | da764212dd8271b76da3040384d097fa |
| SHA1 | 5026b58546dcebbbbc9cd40cb0c1c309130e19ca |
| SHA256 | 7674a5af77e538c20328c4e86d5e2355d2c0042fa96dbfa726b0af0ed2c5b64e |
| SHA512 | e5eb8112b90137d19af07bc790a56a7762deb396233966dff22b5a9f5a1a1df3c340861555e572f1bb766f6556436c0634e81badc852649f5092499ee68726e8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\2941220F2243E4BFF7F2A0950ECD9A0191EDB1CC
| MD5 | 8490dec4fd8bc2b2363cc1ad449c4bf2 |
| SHA1 | e8f88db54e9388f7d4da4086026db12e798d61b4 |
| SHA256 | eb1b4111c39b6ba7dbd6842371fdf8712db7a40e24e4f676d6f56fc27204cdcf |
| SHA512 | f251bd99bfe4de8fd64d5438ad1ee210a2effa7fb1912754b391b258f6ae0910394b1fa6a18b8e8b25f52f00e94086e479431c732b575eb2027c366afe7a27d1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Ckiwiexploits.com%29\ls\data.sqlite
| MD5 | 9c56a13800662e69a2726b79ac8df61c |
| SHA1 | 80c55ac40206c7a88a198b4d9e48fe4a6ea86a28 |
| SHA256 | 4fec80e18aca65ea768614bfcb1caac96c11404ca307161f7a164ceeae27edf1 |
| SHA512 | 69f88be46bf65dcfd1d1cf923de5d69857f45eea8434aa6c9f2ab6b07177969a465909eee06e2d5765570a6652734e112bfac6acae0ba581b384a4760b556b9f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\4196EDE99737A8B8FE215D2EA162F6C9015D3DD1
| MD5 | 4b38125260e301e8411e1b4366b05044 |
| SHA1 | bd55e289da8e81753e83e4e73d9de22354d13388 |
| SHA256 | 4a20519641560f5d31e386b83f53cc02d3b7305f099071141bd235775a52a5c6 |
| SHA512 | f182e2236e491ad581155be653d9b6422b39269aeceb1c2dfa153a5ad99092dca3e39155ee89b5ebe25bd4eb9ac12b3e983d17e2ab63dc84977dfd337c03dbe8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\8E82BB93F1CEC3586E4745CADA0142FAC0C6C0FE
| MD5 | be45a8b31087202132b1f5c65e2b3aab |
| SHA1 | 6c9486efc9e5cb47d3a38c1f4beef5f97ce934cd |
| SHA256 | 494c9f50358473c589ed54e6d40e4f2380f9e2b9f763d058168a6c9888879692 |
| SHA512 | 8b9488d03da60ceea79a8a2811d0ee625713a9f502ed37adda69545298915711dbdc286f70ccb9d12d9ff9a64a417bddef1ef667e6e036900751995f950a4162 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\DE9B423E5DEB00AEA8431C9E53EE10B62D6539AA
| MD5 | d5de8b3b5e51dca125bf05cbca534cac |
| SHA1 | 03c2f64ede3158e3bf3a4d0c505ac0001cf4287c |
| SHA256 | ee55ef28ec92c860090d40ff6380381012d4fcedd50c160a94732b97d8b66b4e |
| SHA512 | 88f6cc783678ad63bce7f6e71e8de7795e2dddc792dcfef625b6b8b1c263fbee05ed5263cf9a1f6ede27afacd6b6cf0229774716fc3def7f2c25f21a0590c41c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\4D1E6BEC250BAB060ABBC9C37AD2312040896FDC
| MD5 | 4a829c0fee21578faefb6399b3e0dc45 |
| SHA1 | 638aa382d0ebc8fa22c4d8f01eb2e5c40c04b2f6 |
| SHA256 | 804ba1a0d9e56742745ea3faec3c631cc641310331903f7a6e4db38984a425b5 |
| SHA512 | f970bcd3ae8d878bab18ac41f800cac6040a825862749578b4c9df0d53e84612b905fa6e174b4f7f85df6ca6147c7b48b72751995f2adf81af60245ecf1518ae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\29499
| MD5 | 3a2d6880d24043065e5be822096f3cc7 |
| SHA1 | 1fd3172baaa2a3306c2e8fd7a1bd6530fd7cc7cb |
| SHA256 | 4070f6c2b0abfa2ff3afb67f1172d5a034e53956d43959d67d62cb189f248ff3 |
| SHA512 | b1c907ca6b6eefe5768bea5fb68a971e0e3adc1e6cb66231d02b4747d51f820f699ce802444416e92fe6d4bcf0c3da5003e5c0415809908eb00794e6faa2ecd7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\93BC5B1A0C4B4C5E2274A019052D6B2BE0B54ED7
| MD5 | 4044dcc75c20b3dce51641fed5932af4 |
| SHA1 | e688a6ed38fa0462c96259c8873e458d24793bf9 |
| SHA256 | 36aeed265e7467848388a86807d657edff13e98a701c539c919f15e47baef1eb |
| SHA512 | a0f175a4257fbca5d5c51f3b7a10d56882954a2219d7b2df7aee872f66a0dcbca9d989a9a3df939efa44c14bc767c8894709f146ef4eeb78498e5258f361b4b4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\9ED2B73BD8C04D36878FC4C7449ACEB7E65E7DD3
| MD5 | 670c4a9f02a83fe0824ad8b85d7bd7bb |
| SHA1 | 01eb994d2df7eb6017f58115ee313c4d764ea731 |
| SHA256 | e58fb4be25a0af47c1b8e40df5bd84279bb433c9d236cd017962c05d7c536d68 |
| SHA512 | 1edca3d964dcf35206d5131db880b560f05751a970d01f92341ab0adff05f7163dce74c29a78e129b1726b760b95ee073c9e81102b1d3e9d5e145a19b24bf09a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\F79468EF41245E7C77B33907187687A209D21329
| MD5 | 8105d988f632935add0265213eee54a6 |
| SHA1 | 9631df451717cf8e7a78f7fd50276d35c8d95829 |
| SHA256 | 188739597cb7379b0e1da3cf899146d497b8495d28dddc3d8bbb42fb9f9cd9cd |
| SHA512 | 94b88f01bf81fa3c2c10e0b1afe6e3f9d5788e67e7f6bed7a431431b49ecdb1d85ecef35dee7c1dbc1eb396f2de5de56bb9add925837db27553a71eb940a4424 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\9A35B75E8EC6E81534CE9519896B64FBEC8A0652
| MD5 | 70211dbc99d9107ee1ec3d8e1bdbddff |
| SHA1 | b40c53da0a6ddfdc8baaf7d01d6840c71e73ddc2 |
| SHA256 | b089e4f3646f8b7229c4be4ba37cd4624ae58a5ede0fd3714f0f9114b97133a7 |
| SHA512 | 53c650e33868c80bf65068293d8687f85625543f1c0c3b17e776437bfafe4b81f2e1651c87eae267410da724423621cc30d47d7a6945440e9b248cc2d9752abd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\32014
| MD5 | bb60cd2de99ac88afffbd64216170e27 |
| SHA1 | 149af64716729d17ebfd7845dbdb7fc31bd388f5 |
| SHA256 | e1c12cb8041065fcf3a819790e6397dc20da130296c956a39f66df178b033802 |
| SHA512 | a04aa710ae63d062e60d8cb45ea79cc8c8dd6f583ab3aacbb09108f1cfa79c62da2afdb593db7bd5a6526834500d405c851f973fff16bc570a6b24dbba636269 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\31341
| MD5 | 74137f2cad8a968656a168da9aaac0e6 |
| SHA1 | 3edbc9d856d0c261b7d0b53c8e835e69c7930fe0 |
| SHA256 | badbd9eeb86536b4690eb4e1a9772ca7fd0239630d8c083276f3315a0a440ea4 |
| SHA512 | 973b591a0ae26b826106a7320589facf0863bca5263a6665cfc8c44c8bcae166845f519be46984c836c0d425aa30c407c143f45ff98e5b911afc5202c404ef4b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\26516
| MD5 | d4ceaba647182c7a08b17d9b058dd573 |
| SHA1 | 3fcf2827b2344636488667a8759df1b421959ac6 |
| SHA256 | 202c03ef0764a35a47828491f22c47feabe6ab2e2d6561bd974d82df70ceec91 |
| SHA512 | 42c05bf96e4bc6e0f76e8825618f466b1cc757e6a5d78ed1da47784c67dd3aa4c38250a0c56f9d7360098119999141c1a17a8845dc16157a767452eb2ac62d5c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\31050
| MD5 | 6ee261ec52ebbe6b68642451c9c1d438 |
| SHA1 | a27fb1005406e53903bbfac41e841aaeb93c0d66 |
| SHA256 | 2094e5af3cf9795a1a74900b784a099fb089c611a2af3e35ba146ab5b8268143 |
| SHA512 | e1a8de565c7134e3ef6d0aca9a4cdf596076413ce8e03521d228ec66429f69950da669452035a79794d48a415ab631282d4d88fc5cede20b24f257ceb3495c93 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\2955
| MD5 | fa2e0e73f16a54377b1541a1f37069c5 |
| SHA1 | b47a19bcd10aeb62bffb58e62a18f42414e430ee |
| SHA256 | 286e85079b86f1fedf1204bb48af2aee8f65a34d69f9081a99bb7c311c4828f8 |
| SHA512 | 45edbbc24afad8b994045ad6022bfc1e0ddd5a8c972a46df7154009d90cd5a9ae95d6e50002d22e93f114fda6f67067401e6d0dfc45ca0e925fd4a8501709b43 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d46db5bde75266ad6645a15e8cfa1095 |
| SHA1 | 6d2df347cd464c9a24e91e31b366cfd0ff80f714 |
| SHA256 | 01783ca14239d103237594e46246eab80a1658c899a82f878b04d93bd8e4b646 |
| SHA512 | 4559fd5faf5530d753a17cae769c6f0e4b0cb01dc6fea39e93a9e31be82b144a3aca4988d3c1d1cb1e02ededee42ced36695b25f9f966b83b847f47a1954263b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
| MD5 | 2244cd878b0226951db857efb929f23f |
| SHA1 | 42635368792a28384a9b34315b3d7f6d69362c4f |
| SHA256 | cb403a24cc4835810c5036399eff7ff501615f64e976c4c718bd3c84aed3790a |
| SHA512 | 574a69311f9d5becfd49d56fd5c839d0f5462e609d516148abe1279a9ce5775b4b4e4a820c2545748b2ef49beda301341b1b674e4f40148129968fadf3a15de7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\26617
| MD5 | 32ed44c8c8b16c64e9acd1049e58aab5 |
| SHA1 | 9bb58ae742438ab8a61dc83127eb08de925b9cab |
| SHA256 | 0aa6a68ef91b0803fd643017b65d3d924e9fa101554e36b981f8563a99877808 |
| SHA512 | 8f6b189097ea8513b12ed619fbc85f666b395cbee49136abf8272f2f2c9ead9bafa9109300f798730d865ca94b25cb70d68793a6d2d86bc64c3c23bda99aaf31 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a9aa282246a265f1e17e6c590074c948 |
| SHA1 | 2cccdd888939791bc5951b4ec25db4aa9914b8cb |
| SHA256 | 1f755f52f97c5175ffad3f8240c7f2f356cf32aaa582abb6d96fd2eec23fe1f4 |
| SHA512 | 639c3a5b2e381eda3cf24424d1817425758a83c0294c7b3c585a25149b52b9c0840fcde1c928b2594310a16669d6065a787edb8980347dea882652414fd10f99 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\C1C92FB9FB2577D9E276A986BE5EA007F84F9466
| MD5 | 97d366b5a945d465b81d3b7dc6781350 |
| SHA1 | c7f9e64bad1cdc66d3eabe06acd1e3817d9d2065 |
| SHA256 | 72d1b20e0f0c453ef85306f56830086bb54a834f617a85c89397e9cb91919b6a |
| SHA512 | d3d2abd24de04fb9b0aae4b116b376f31774efd9b72686815a3cf9c31f15ad06d518118ab03d0a6ae9e46fb1c3dc94d670c4760954e918e4be697e7bba86f4ce |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\1BFFFDC2B264973F5246D6E460A3B4C78DDF5300
| MD5 | 708be7476d0a8dd0adfbc9e317e31b55 |
| SHA1 | 4f97badcf5b0cdc18704625e3000db97a8040344 |
| SHA256 | 19cf4087067e53a0ac3bfe5284f6749d6f6604701f071a98082f8f33611828aa |
| SHA512 | 8d35847f59671130c7d35829f456546b4db61b774961ee8e52f01ac53be0b5d5eae90c41a38ffa87111b1abe04472a7fd1577b4d128a3da7e1d5d5ce330996e3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\11576
| MD5 | 3240e7f76cdf7cd2d7984868c6ad4fb4 |
| SHA1 | fcc96df135eff993004316d30bd036412ade34ea |
| SHA256 | 3acf93cbff06b472f7881350ca1fca0329aec59ae0865241862aa7421669f385 |
| SHA512 | a0b63d02e7b24b28e5755c821753bf46fc8695c0eadedb5833116e93d84e23534946e297ecbc735afd3d125e752673bb1beee75620a65a9ac20d6abc82eb97b6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\93E1CA95732F260CB0699ADD101FA43E0C6D25C6
| MD5 | 038699d38c14f2856f6ece6bc7be1885 |
| SHA1 | 2aa04ac135f2bb5c8464a0f68ed2f81a0cd2a34a |
| SHA256 | cdde01a578e39a011ab51021138b05963852b781e6c0abe7d389672191dca82a |
| SHA512 | 92a610611353414ea4b19e8daf110abd34f918b26e57ad891fc99fd237d06b699a0c3955c93d70e816fc5a5e628f222619d88e342ea11fcc9bdf2a93dfc7708e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\C5A50699F8C5A9873DD3A1686E1EE6A8C96B2304
| MD5 | 0cc5d9b3c68af8b0ba1ddf14a43e87d8 |
| SHA1 | 92abff7221b58d5c815bf5d691624e68db95c031 |
| SHA256 | 79b598b5926d0701c42ac2e21fa4f83c0b4fc5c057822b34b1a06d0947130c1d |
| SHA512 | 6c8d2c1e1e7062f5539c8166003e994a152af8abc4c35bb16683f7f1eb95971a76b3758c4c8cca4d62752e26cde46628b7fb98260df7cc535fea8d554a8ee242 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\57F946C294687BBD44954FC63699716D2694C685
| MD5 | 6d417e5c7a92679906d7eeb7e8fb72bf |
| SHA1 | b339b7463e7703e0cf660c15b0d68c6355780c42 |
| SHA256 | 14b352e47387e25405ee2869c7c841b305a91b5fb1e3dbd1b4f76ac323c6bc8f |
| SHA512 | 009965f3f5945dd32836ea1a47f9d6d916ac223e008ebd4d7a3e0196e60c521f157b85a55c0c48f777ca83c1e27b24a3bbf16253d9b45e00c605c56f1dbcb4c1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\4878
| MD5 | 9f11581913e748bd7418845f13ede6f6 |
| SHA1 | 520cd8735f7d4209480976f75aed05404efa38ff |
| SHA256 | f5819bb5b846589a4862d899c68125a0ddc733307c3b533a84b13545d4c4694c |
| SHA512 | c8d10176dba6281eef6879506a5a7ac3b480a63df991d274b32acabdfc1e8f9affb35dc686f4b9bcdb24ca23f37646786894000b1be40130c222eec47670ffcb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\11521
| MD5 | 974788debd15986ed4393c8663890ba9 |
| SHA1 | 380a6f0c89d612753e183f38b3a5958aeae69597 |
| SHA256 | c6da2f05bbaccdd5e5673064c9d740de924d55824aa56e8d2650de12e0297228 |
| SHA512 | 38ebb5272b82016b50932c94bab6a702eb5ba3898f77d7a2d5f4ce2c8e8d9626bae7e627bae17e774600e9e244c851dfc1553fee98f1444fbca9407b47dfc9c9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | f1debd23c767ca7ecb5d3928bb63fa55 |
| SHA1 | 4587a08ed705118c4ef68600a47e67d4968dfcf8 |
| SHA256 | a476bd7143e8556e4fa46a6509da8f872805d7d93ab603ce352f87c8a07bb75c |
| SHA512 | 6dc973c8212b948470669803b7150243f8ed49263bbfcdbfc24e5f20db9c48af82eadf5fe5fa348e3c5c5c4c20d1a51cd52fd8c20cff285cd5281482d4415d70 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | e32f97705db32d661a32337fbba57441 |
| SHA1 | 855e1f9c3d1e983e9538d559b060d1bffa83ea27 |
| SHA256 | 477496c6a4612d4c99280606d980c6852f835289fbefb1b1c56c6d1e73287726 |
| SHA512 | 84fcb210e3960e68b4fc23e19af144f7e3b5a29a9f8c45514c70ecf97441b6b216be63239722b4add319ec2b60df8c845cdfccc0318a9241031b8d0e9bea9f43 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\18582
| MD5 | cb29feac0da6e70ca340b87167d12568 |
| SHA1 | 20f38b6bc48c942e96258e9fd1a7097217f31f33 |
| SHA256 | b0509cc3b44f250f209d6b5cb44b702ec93548edfb1caf1b4cd53c884c6fdbfc |
| SHA512 | 10c72de0ded06f25e872092062b115ad7dec6dbc53f448451e3bdf76e5a38874ac1b76de2d51e3dddfb2c7df3f00d5b2ff49146dc869d0dbcacefeb27e5786d9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\716B0C7A478AAADC30B04D5F7CCEFE2E26A265B9
| MD5 | ada3b59c52d6aba7f8fd125a79897a93 |
| SHA1 | 2ea247b8a8b687914a94fd135b584468443eaf9f |
| SHA256 | c485c58b5f39bbd6b55b3ad36bd9e88a6bfe9cab33d39c13728850aa67038bab |
| SHA512 | ad8621f7ccfa13eb66f7ff2f8f514cfa42cdc4665a720d69a3e0a94941944005994a3266d49e5e4bb1f66e98a89aca9ba5de67a01dbe6f084e05f71e4c6b015f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 86c3ed005e30ae8e3e6a2b0d9d01f5a4 |
| SHA1 | 0d8ef4fd918aa128b35f799075399e9b1dfe1609 |
| SHA256 | d76aa3ea5c25a2b9a6115aad2411c76cd1dc0ea6179ae227210008a6d3114b93 |
| SHA512 | 8d7a21b4f985459524be3989cba759edd5e5e80c28925141989c70fcf10a50c894cc78542f08af9bfa5ccde3a1ab906c1089b8d0cab33892ad98b39eb9a067fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\BE364FB9C0417328A407B1BE041F07CFA6359678
| MD5 | 6599692ae2fcf34b52cc89084d61e1b7 |
| SHA1 | af0f8b431c29d0c4eae7230b0100f4aef6b2b86c |
| SHA256 | fa6876ea669767ed2396afeff48c8cb4ea75227a766d43f912b1801e13c4ad4f |
| SHA512 | 4586b12e26b2cf45d98095718660bc0c1ad78e3181c92724f571211f6c1b5839804bfef82be754dea0be39918ce5ecc6c29871a047a8426a2615a446ffa520bc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++sonij.wedonhisdhiltew.info\cache\morgue\177\{8c329c3c-6038-4125-a8ed-db1cc9a9e7b1}.final
| MD5 | 99fab383bef938be27b46bbaf88d46dd |
| SHA1 | e7e06620d07fc7b44bce0232c410ca5ea686d823 |
| SHA256 | ea99e365e0986a3a5fc25a0b534bf41428bb20949540fe0962ea8a2b72cbf36a |
| SHA512 | 357d7cbd8a6a4b83e955dda5aee1ad7c6523af640dad0de6d95ca26d704b2f6757cf088164ebf5902ff7c3e551274031642d360727346ede872bbbf7cdb281f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7bc246515045e80baaed23f7e0bf02b7 |
| SHA1 | e186ca268033e51a5cc628680bc72aeb4826df6a |
| SHA256 | 5d0c89d56ca30f0a567c3d7814100356a030a9bdf4902313ac5404cebe8d3c5a |
| SHA512 | 86c195cf24f2cfffdb4030c95727a4e51efcdf3915d1691e3242c93af2b80b2d15beccd530ecdc1f3322d25fa7795df0b6213464a49dc117c6260272e6498ef8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\711d6a89-9e24-4f6f-9acb-01029f8c0608
| MD5 | f9af477a784802c7eedf9283648800fe |
| SHA1 | 12cd7737fb3e56945e005ee7dfb69e6a0517dfb0 |
| SHA256 | d9bc2b9f99ad97af2934fe5db3f07ae9733d3786519373e868972b1713ba8aba |
| SHA512 | 71cf6d7416d5635456c8eedfb11d4ac760dcf245ae7fd23eec74d6a6c4001f0896cae867250c4de23e2112a85208d9c9e092f6c1944c2746eb80666d5945891c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\8e2dc606-3345-4e61-9a92-e1301752d9e0
| MD5 | 81604a85eeb85a8bf30382de48d60f3b |
| SHA1 | a1206ee4474b053ba6a6958e079d8bee723800d0 |
| SHA256 | c8686190e2732664fd38e010651092249262e2ae043cc560f02ec85dfbf84762 |
| SHA512 | 9056ff115314569503c3f00389ac4c60cdbcb42ad02c43ddc40f263fcf00c02a93ac59c34f056e6e4daf2645460bf7524ae346f01445da20fe5a74193107dae1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7e92e3914265637733d9ca8a6bee2acd |
| SHA1 | 10d5ba6b3a4129599f334ce6038e1051d2aae333 |
| SHA256 | d90e16b9debcf26b8402f62763fe35072ef9487be3e9c843970e36b60cfdeea3 |
| SHA512 | 40de08e7c691b938bba63dfea3764086b6e60247b840ea8140ac8617f2a4ef4ab056e641ea24f8e5f7c56f8fbfe6b42c24d328b6f94f4cf5e97d364a4da1678c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js
| MD5 | 89a2ba4eb485886cebccf29070d84de6 |
| SHA1 | 8e3116737f2a89473a018a1f7f202d321be76ee2 |
| SHA256 | 87c8e63531f0bd011bbbfbaa552532610e44d4d8dee429cbb0ee4bf7c69d18c7 |
| SHA512 | 8a7dfb1937a4f83e1daabe119de93f391b48ad2a12d82a06ec39508138d206ba6d7a1ecd7f463e47c5fdee20527445b53d50a13275adfe365f6d44b58e647e9b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 12e35112ea2ccde2d0d944dd3a63b7fc |
| SHA1 | 741d6c29b976369c0eab1108d2c23137e7d106dc |
| SHA256 | a6c2285dd690942748aa6ad08ecac5383a3d46a454188e2a9d3a740b01655dd2 |
| SHA512 | deed0833e849667173e64eb2a983def4f6f0b699d479b89d28161aa76c1f41860883e2f9d79115fb27d787aa49ea610c003c98bc9df54a82f4349fd56f18938c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 29d63fd6c3cc1f0d91a7d4728d49b940 |
| SHA1 | 1947b60bac6574c6f5be753950e683352404934d |
| SHA256 | baa237ee405eb436577f63cc9e53af6d068eb6ef918029e2bf302bdf60ec0003 |
| SHA512 | b1edc0732b05bdbdd0e2888524ae87ce18d0c8783ba4f75dd9d1a71cb211cb2b2475ff4fa7484ec45abc27e0414c416df6bc2aa0cd4f0c9e4887079a6bd901c5 |
C:\Users\Admin\Downloads\Kiwi_X_External.XgV6ybm0.rar.part
| MD5 | 52cf876c8d942c1154366a6b98c8c207 |
| SHA1 | 0a9abc04cebe91a8b069076e087dde1ab8a3c833 |
| SHA256 | 0f0f35e888a3e591f87926c3222e9107fd79aaf9bd2d57acba89ba4c7d598245 |
| SHA512 | 79fe7a86757e6d00c1995d20779778f20f6cd4cd26f7795dd4d836015d9f01091e802095c0173ad65a3d9cf546a335820406c58ad230fe4a617975600ee1944e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js
| MD5 | 9bb66e6c65bcf9cfcc2b342d186cf58f |
| SHA1 | 01fab5b4ab8a19a9227b1f00c6cb05f0c6992576 |
| SHA256 | bfec89f735250c5d565180a23598bd0492bcbba757464aa562f3746501f01cd8 |
| SHA512 | 6a7b2f37987ddf1bee3011b934e63287a1e0d39fef044cc945fc53b47293d4345964e1888181608cd4244aef44910747216773d3e2d6eaf1734c4b0451f3aa93 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 2ddcb5a2854a6f26c5b03ec65633ad51 |
| SHA1 | 56e4da569bee186bbb04fc90229b27d7f1c8dc5c |
| SHA256 | a8a02ba1ed8f8a0af56f853955a7e74cb11c4f5e72cf58547fa899aa981958f4 |
| SHA512 | 876653f498d6229cce16f8fa19d56af571471c89021c02ba28731eba407eb3fbe067cd02aa3b35e2a4853ef834e38c2ecb158d86aea8ea347460792e89f8301a |
C:\Users\Admin\Downloads\Kiwi_X_External.rar
| MD5 | a170e08729d87886b0b7583b292ca160 |
| SHA1 | f8879e5dcaee08fd488ff93d043c4ff36cd84295 |
| SHA256 | bb2b7298bd6852a0376b41072e1ee0ee1001d8522918e43feaca98aa710b429f |
| SHA512 | 0f7faa0ae13c3431d372cb85003dc5550afdd138a94662437450aa6bd74a03b10459f77469be0dab8c7eb90c7a49e3a06d59d55767baa065a961967288d14aa5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\3005C40E9FA4E6F421ECE2460AFDA15E2F76E0A3
| MD5 | 2ec49499d210db5b84f5c1d105ea5e91 |
| SHA1 | 8b1ea4cadb5555eae032578bc35807f16c4a0340 |
| SHA256 | bcbae591d1203df36b7192b07c5e370ff43c38764b0fc9f1d35e63ff57155dad |
| SHA512 | f254e0dd52fec0ed48b6fc33905b9f414a3111e35e0c9ce482319feec66019079134333f8fd4bfac179a3c433cad4fbf795155f4faa188c7091acb90d47f188f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\612E506778E696394F0640B9B18DBDD0A4DED0F4
| MD5 | 5b4d373dfbe00811912b759340f4e2d1 |
| SHA1 | 49b2c85e1717d1654db9fa7c31576ccf4641d9ce |
| SHA256 | 9ad9d183d0358976549df54d080a12400c3ad32ff4eb822cd3faafcf2252336c |
| SHA512 | 73679d66dc42d3761eff8d08362b697a94761054f496dd53f512872da26f0d132be82c4c4401919f5c86b2170f3b9148c572980e4e0aab39661d2bdbb77d6b8a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++qvmto.wedonhisdhiltew.info^userContextId=5\cache\morgue\124\{d3f925df-e8fe-4869-b124-8dd93a7f7e7c}.final
| MD5 | 0f4a594f04af591323c140f67acf3e3f |
| SHA1 | 43c37a73f84c2499c9b27bc8d90796ed8ae55c89 |
| SHA256 | f124f33714aafd6c36de9a95dc8a90191e57ac6eb1776b4c517e2d9b400bba1a |
| SHA512 | 3bea6ec76cff4eeeb8aeea2873f968ef61dfe6671773bdd51aa4f121e4473c98d768ae855803422688d4c39ebfeab5caee9628eecb85152e74968190c187e478 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\serviceworker.txt
| MD5 | 9c481cbb98c516bb7f1098366fdc7f51 |
| SHA1 | 6876ee7a16c99cfd4d9adb67606e7a54e84e6c95 |
| SHA256 | 303353de1e8e5e01204323ecc83e3892e5c08237fbecb5755adb0acf0182c188 |
| SHA512 | 52050cf381f4989751cf5082793039ad23b081c778d791bd0c854b56d8b4f1576c6f56ee1c30ab255e57dae0272c89a4d8ca5ab92af6e7e5b6a41a9571666704 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\serviceworker-1.txt
| MD5 | bcc6e2058b2712fcbd98bd87bb51dfd9 |
| SHA1 | efef2ab3a5768c4367a2122c2153847fa5c1722c |
| SHA256 | c4580d7c1e88aa31e4f5a09fb80ff9e72e7c447708ab30f15611702ab3fe5f48 |
| SHA512 | 292b00ce11e58a531e8fc51629cc87632763426aa1fe04c387c134146d889f7c766d9413fc8be4ce93682d886e07f5c841d497684130fe0fd99defdb55a820f5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++qvmto.wedonhisdhiltew.info^userContextId=5\cache\.padding
| MD5 | 7dea362b3fac8e00956a4952a3d4f474 |
| SHA1 | 05fe405753166f125559e7c9ac558654f107c7e9 |
| SHA256 | af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc |
| SHA512 | 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 687dc8a8ddbe89e10403cd1d89b45db2 |
| SHA1 | b69be00861460285d3ef5b28dfdbaca3148956a2 |
| SHA256 | 134b1d21125175786dde857961c489c5607c8fa11354378e0013f594f08de69e |
| SHA512 | 7cbae6fa6182bef8f9d8f2797886dd6a6612ce70cc7213ef8b84b5f33d0c996af0408801839082e10be0206772fc532430121ef8f3133f6b79ebc48dc22dfdcc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ba88181d95f1368f37c8c37e9e217740 |
| SHA1 | e74cf871df66ea26ad5e87f76fd2a5b98d270d51 |
| SHA256 | 1608de57dceff98f6561c79b9fdd0bdf493b4d5118c771b7193dc3d2869b7a46 |
| SHA512 | a785f84ce7469c3a347ceb1a7bf8adb17646e3cf7039babfe9489536cc18cc3f2e45a639474b26572c9be2fc46f0c81c82596d2df7825db5b76fc28d2e7e2b6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore.jsonlz4
| MD5 | 477efa2ce1156036ca77589afd9488a3 |
| SHA1 | 0a8725b101a1e0481d998959bc9fcd83f85c7830 |
| SHA256 | f399d4cebbc29ef784f44d2c88ed223489fa9de9cf06678be8b697d93674a271 |
| SHA512 | b6a5771321b1abf7fe9bb46ad8df995f5a00b227d1d24b8c08993e93217e241cfad5f4ce694f0c9807c18980455105e66e304baa21733b6a11f3fe6360207914 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js
| MD5 | 40bbd5e2b1f8db353fe0c0864cade1d2 |
| SHA1 | 038af6e0fe9b88ebecda7d26a6e1838372c6e2b9 |
| SHA256 | 6ff39c62da6156db73b6817a438111ac95aa9a68a5365b7f6ee5b03bca9664b6 |
| SHA512 | 979daa76163fc7ca67c39bca5a72e6f53a2461bb3f261e66fccbad0ba8d8f5706c2234965d139f3ac5ea299600df9712433e909a8ea5981da08dc2da5436e45c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\AlternateServices-1.txt
| MD5 | 5f01bdabecbae1f18c835496c1acd7be |
| SHA1 | 59b50935b1da887659c71d79ee2c533fcd6ce0ca |
| SHA256 | b2f059f41b2da518d9a0a6a9576f67968711a76d90a73574a91ddf4557cf60f4 |
| SHA512 | a0ab8d1ed4dce937dd656204e0d13d714ea7c21f875dc7e3eef4ea73ca168e63b25c8bf9a842835825634af3a0dbb1c5a72e5508ce5aad7f781dedd20ee8ede5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0e10a8550dceecf34b33a98b85d5fa0b |
| SHA1 | 357ed761cbff74e7f3f75cd15074b4f7f3bcdce0 |
| SHA256 | 5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61 |
| SHA512 | fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a |
\??\pipe\LOCAL\crashpad_5044_ZVOPIKHRUZRZWYMB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3b1e59e67b947d63336fe9c8a1a5cebc |
| SHA1 | 5dc7146555c05d8eb1c9680b1b5c98537dd19b91 |
| SHA256 | 7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263 |
| SHA512 | 2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28bdf1c77a53be7e158c970af9bfcc04 |
| SHA1 | d91867a52d09ad493a452c29a99161e2bb6931e2 |
| SHA256 | dcb222d27bdf12eb3e76491b3e5eeb7e7c0dff8d86a338479c299af149afe37f |
| SHA512 | df55317e258b846a2c092b868260e106b586e0f203623b9a4d3436d54f9bfca3a0db855a7828386db6cc59634aaa469af132e28ba4d49894986415e80d01e257 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ab21cc3826c45764f75b6dbd81df992 |
| SHA1 | 56ed98231cdf14c9c324db8bc0ae3acd79b3eb3a |
| SHA256 | 5a0fc107271a38141c354ff437608b467a821ae24219ab8fbbaf37d04943e3ab |
| SHA512 | 305fc943faa6faffdf403a032fcf4a869cb29ae0da40706fc49abc6531a63283be1499e47b0ad76e165ddde601f1e9873ac2fcac8bfcb0e7d85cc5c8211a9013 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a95fae3599822e5a3471f459e35fea79 |
| SHA1 | 1ec95076361748e4a3e612e3110bb1579ca5d48c |
| SHA256 | 50a97805dedc8a0ef53aa96d4b300d4a04da2cd4343935447b1fe2eafd1d77f6 |
| SHA512 | c88f5963cba3921ecd2a3f2c612a6ee2e8b71d6bdd9c5cf8e5f5b01b3c330fccb46494030d466d3611a9177c96fd2cdf7325a2e97bb61738f2face95267f5a28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 54c066833d04d68bde124bc6152d1406 |
| SHA1 | 616710d1300989c07c56463b60b00502935116c3 |
| SHA256 | 595f0da39a54dcb65f28cdcdf0b733c582479a97b4e8d9bb194b4e735913905f |
| SHA512 | 3a494b17bb1c43b556e2a42361e321f922274b98b0d49653a7ab66f11aff95da741e8aec13d656df5fc9e7962b263fb2e35bbab948132ee99c6f5f64cef2d30c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d4941.TMP
| MD5 | 67447a7de3af1a821ce1bc2b767fd540 |
| SHA1 | 733b6ec3af918db6fcf47667987c1c84143ceb3b |
| SHA256 | e539936b3638ba01a4548b2669a1a1519fff783a90fa3c581676d9522aa38a9b |
| SHA512 | d16597d811ea35a0d016e845d55db6994828ae2876aba2d8586f059cd6dfd16d76fd1b037c5d833d41fe2e4b65158f1e08e51e7e29ef57fdbbe7f2a6c0a49bbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 200f341f56e90b8ee9968c484e268a1a |
| SHA1 | d8f4d44e5de24a68e508ee03b96df9d9235ee438 |
| SHA256 | 0008d7e0ff159450ede66d9b316e8796f3fe05fd843a721ea65abd54e3e39521 |
| SHA512 | 4d8ec256555d56afe08553cda815a0cf9baae13e61195ebcab734264a36b1877a4fb42ef4e4dd5ca4b854c75e53a2fb697987e70919d1ab74443ee434e00602c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 94e24b5ae3a355b4ebffea1c4ecd78eb |
| SHA1 | 484597e7b19fa055dab9337dc3d7981fb708de14 |
| SHA256 | 8793781f515734a62758e2ee7bf2f224d0468171e674bbbe8a5d3fdcba0284c5 |
| SHA512 | 696950051f04c18aeb27b03389f00e1f732f8ed5bf8fc0888bbe9a8886a2f5aa7f8c8c4683a7cc4bdd529da6d4a1368dc417fb596365f818475af055ca7abd3a |
C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe
| MD5 | f87a6d4641fc581c9b23b44a1a47506c |
| SHA1 | fb1248fac7fa53f9565918b340b29f630d462cbb |
| SHA256 | 63712b1b2aaf11ec0b24f0014c8a4ef3609aac584521d0bee8923f7feb9d1ea4 |
| SHA512 | ba8aa0470ccd898ad1ec4beb8e8dcda485431fc902396c9006f3e144a0d16c747d532cba752feeb621afbb3f9c8405e164af8121972180f635731a33a069b467 |
C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe
| MD5 | cc630e12e13866026972810cc3191d3e |
| SHA1 | 6209861d147e86165af5424e5892b991f98329cf |
| SHA256 | 61a42e47f5698dddd6afc08a771043d07c39507be0251ca094eb7ed69d0368b1 |
| SHA512 | 695ee6ba6002e91936c04d5be5eff620968b1846ba3effa659aa724b6e53aadc57ddddfe07256721a461ffc6363ce5634a962f5e84a1b899a57e1325a5819af5 |
C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe
| MD5 | 5e314151de7c003b4639812e39c6d609 |
| SHA1 | bd862fd4565abc16a8d81c2fa6e70ba2607d2153 |
| SHA256 | 9bb2d823fa32e196561e71a6f8ad3649b333a1eff6c6af2ed527e9394252c8e7 |
| SHA512 | 1509a5019f9bd5f2aad2a0e1561d9aea172404a285b8a7cb39a4f9bcf1914dfc537b0e224a7e347f0e9be54647a78c2c7a9d6f3baa9851e11aa0ea239dc9e74d |
C:\Windows\Temp\{B7F226A1-2048-449B-BDC9-1CB6DDD3F295}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe
| MD5 | 9656c3086081a41540338b94df6ae084 |
| SHA1 | dc87b2d0dde3604437d13d2f89fe9ecb7c7b0373 |
| SHA256 | 6a7a85e1b9e899ce83ca29eca2e0b34126acf97675991b431b279278a03c41f2 |
| SHA512 | 7bdfc5943968403b787700f5c4e12d88f34bdca4569fbff21e178c17eba40f8db68135aaf426b990617316c10b86687a08375c611c4a9e5a8db8eb2c2be3e9cc |
C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.ba\wixstdba.dll
| MD5 | 4356ee50f0b1a878e270614780ddf095 |
| SHA1 | b5c0915f023b2e4ed3e122322abc40c4437909af |
| SHA256 | 41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104 |
| SHA512 | b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691 |
C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 808b0552cf911142b6d28b3229d12860 |
| SHA1 | ae0482b8d54efac8916f58c99ee9cfdcebda282d |
| SHA256 | 3314a32ab68bb23ea26a0882b68a20e36760c341d615072a374bdaf0542a34c2 |
| SHA512 | a71905d64074144e9281e12b91de939071394307b2071e24c86845ac3c9addcce495a0bddb5d4784b5ce3cb59c011bdd684bf9e16b274c453ebbef5dc6a71ccb |
C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\dotnet_runtime_7.0.16_win_x64.msi
| MD5 | 582c8d077076ef963bc21d757a984b63 |
| SHA1 | 36a66bf42ee29809a0cceda6e46b1009d44df9ab |
| SHA256 | e07232882a13bbbb7e9bd1a1b299c087ae28b0a837781f430c778d66248e6f92 |
| SHA512 | f0227b909ed3d749d3f3d0002d8708f2032184319babec3391a83cfc52f6b40f78ba326c836aa13843aba77de40be440851aca3c1668b5cd0241316f04a03797 |
C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\dotnet_hostfxr_7.0.16_win_x64.msi
| MD5 | 3db1b0ad874499a5bd80b9ad2ed2103f |
| SHA1 | 77f02d58918daa3cb25364960a1196ce2f711d0f |
| SHA256 | 7b32cfc57dae7fe08f7ed00d54771107aeb4b80305a7269f6b9ac2cb19710c35 |
| SHA512 | e2214799e8febb31e2dadeef8904e5692fb94f916500960642b780a4b68f9bd2d8d7e62d579418bcced9a7b0f7ff958e672783fc019617d17499e8c5e1b777e1 |
C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\windowsdesktop_runtime_7.0.16_win_x64.msi
| MD5 | 5089f8fd6f0c5be267acba4f892320a9 |
| SHA1 | 02e504cefb7e88fce87a2b8ed2a75bcb811cb42e |
| SHA256 | 6fa4bcc25cd0bd921037cab8ad2188246ca5cc6cb53de4f7a6d60822b16ebc32 |
| SHA512 | bcc0403a7f5b29ad70294e1fae23f9af1609019c54f175e857c59dae6143f185366a84975fe168b0638d4de501eada986f9072a0bb8e4cf0e9c188a215ee6d6f |
C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\dotnet_host_7.0.16_win_x64.msi
| MD5 | a1f68b5ec6da37ffc65f12f106d70f3d |
| SHA1 | 1bef05fa3f179a9ad079326a5a38b7728a81967c |
| SHA256 | 7c01b2af6cd178d88dc11b2c12840beb0b08f8dc4e8958ba8d7166759e0c64b8 |
| SHA512 | 0dc65ee5f8a4720012e678dbeaaa44df10e12ad7941f4835c37a0d178abb7f282d0ee13e7b45fc56141489826c3c980020179ffb5973989a463f4aeacd188a93 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240222201447_000_dotnet_runtime_7.0.16_win_x64.msi.log
| MD5 | 391a39ee200ac1b8ad1c8868a7175849 |
| SHA1 | 7f69b2b1fa350cd30a6839014ee39a42df19a5ce |
| SHA256 | c85923874c73218083a9400b5350fb4c8b2231a9ca5ed62365a48890ccc77897 |
| SHA512 | 77e4927aee63299cf8701fd2005514083e71724e21d205c4156ecce2d6d4c2a5e5726e98d574af041e89f99c15edcc396536c63e9e3dff7db22664e28fbc00b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4a58f84fc8666772d72054603a629775 |
| SHA1 | 8b519d14ab880c4eae8577ed93c12b57bfd5cefe |
| SHA256 | 848415e750e27f6372ff8c8d5c3a1ed4d41a0c4e2ad80014a2ef41e8188cb41f |
| SHA512 | 050bf0c76e5f58e4eadad52eaa79ec9bdbd78768076f4ce52b6afa1665a5c7507995e30b206d9e783ffab92c4c2acbeed7fe52295bbaa131137428457a584240 |
C:\Windows\Installer\MSIA9D.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Windows\Installer\e5e060d.msi
| MD5 | aac5c3109eea682ed41382a363767426 |
| SHA1 | 1328428ae70492c1d64feb9fe7c34317b5f14f14 |
| SHA256 | 6ae3ddf51100019f7e19c0168848444462b57a9fa9de4cce320f58fce1299e6f |
| SHA512 | 3cf520066be953ed8121775b3d6a8921e77796cdeb77dc7cf5ee245d8ce0f7ead696691d4988c3eff64ee814d97c75d63eeaf9e6e6fa3ad56ecd3b8c1826ad9e |
C:\Config.Msi\e5e060c.rbs
| MD5 | 2d897bb2826ba77dbaf5b6eb8ea4865a |
| SHA1 | 071605fd23b21d654326f4a9f8479e8272e2c723 |
| SHA256 | f5e45f855c6f04031a74d50ba9970e789cdae05dae1bb91d0939c33ed978f4bc |
| SHA512 | fdc868c93b01da932b1f64cdf5674a7259047f950f0473b749faaa4eb694e593fcc4c33ef666e1d749c2dc9e0b7f485d482b241f8b7d2c09a54b7f520ba2cf32 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240222201447_001_dotnet_hostfxr_7.0.16_win_x64.msi.log
| MD5 | 6fdc279481982394634ba9b19c34513a |
| SHA1 | 82d153c23a0df1e6a366bb61dca3599ea5b70321 |
| SHA256 | c0118d2766486291ac89ec9103b2b5676a7bd4f2afa5b576e6ba5609cb03c79e |
| SHA512 | 1ff01b01e4d90e053550daaea4897eb98a356b9537dc27e53d9b852de590f78fd5501e6beb362fa744e6b872a32182c2146f15373effaada27c040b760825bf1 |
C:\Config.Msi\e5e0611.rbs
| MD5 | 7e5eda03e1cd26db0e91f1e541142c52 |
| SHA1 | 401a9b34dc0e7e91033313202ef0c62e7ac3af57 |
| SHA256 | 2e27ef15f3ece2667c3994a10910046531badf7633f7e64efb097ac5d978e9ca |
| SHA512 | 8a72d4eaf05be6418ea933b5077ca2f5ee4c8bedbf511df2118190d4d40d0705f5f7d913267591f2b1a0af138e2c69f2c4ec89adfc2e0c24e5f9dd0c65f6998c |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240222201447_002_dotnet_host_7.0.16_win_x64.msi.log
| MD5 | b23e9123ac109793ece36740c2678985 |
| SHA1 | 147ac3a28ea9bb5b6db995ba8e648d96e121829e |
| SHA256 | 081c0158be6b5fa75a9422eebf4458b41efa4c37d80d317273b972ff492c6fbb |
| SHA512 | 51e9854f8588731dd3336a26cb0a55ab3fe8711b91547f1e2055492d0c11fc0f5a5ac9e31d7649269a2ea6269e45f30d1fbf6c1cac4c8c383d0472324f52e4c2 |
C:\Program Files\dotnet\ThirdPartyNotices.txt
| MD5 | 5c13a5ea8c8cc3474240981d0ffa88ff |
| SHA1 | 1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80 |
| SHA256 | 4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da |
| SHA512 | 32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88 |
C:\Config.Msi\e5e0616.rbs
| MD5 | a21764e05a5e075339cf6bbf878c2355 |
| SHA1 | 6a80280f4468b310b5292591580f7f4db3c77852 |
| SHA256 | 53611992867f47d85a7b26f02987351dcf1e841e4f996c47a330ab663a1d8c75 |
| SHA512 | 2ff969b765f9610cb27996728380421178ac59bd17fafe92f7a02651be73558a137ae64cefa46c37e7c7a4fb63f04e2faaade24e0649b09609b1f7d3b3a459c6 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240222201447_003_windowsdesktop_runtime_7.0.16_win_x64.msi.log
| MD5 | dfacb3fcd9b82271e7525bb658052552 |
| SHA1 | 0bf17676ed8e34f58f48d23b249bbf537af7ab42 |
| SHA256 | 727454b96d6419e9d779ed43a2cecea38d21c08fda6797f8a644900e11398b01 |
| SHA512 | 48e634225547253bb70f7de13ff602f1841e13cfcc12d32a6628c2351638375ad4b5660c4dfedbfaee751727a6d7a518622ada83abaa658d07c317e55624c644 |
C:\Windows\Installer\e5e061d.msi
| MD5 | d079a220fbf02ab89e53ac56efc42cd4 |
| SHA1 | 8a42d27748dd07d46def2045f3ea8ca9c8388ba3 |
| SHA256 | 0184e4536db8bd0a57cd2f80946ed435339e1977494488ca66dcf5454fc4ed03 |
| SHA512 | 7aad48a392168911f131e4270c64a0eb05902434b6dce9821c216c6544e91b25d90efda366e9c376ee9c25d9fb9431f61428ee3b05b053d8eb015cd2b8ad8bea |
C:\Config.Msi\e5e061c.rbs
| MD5 | 1e080e66a10f4193b8349dd417b3278b |
| SHA1 | d649eb50d0907177a5209aa623f1fa207fa39a64 |
| SHA256 | eb2b8fed2b370672f52b3c4a107f4bb015a4ba401177398db62201b8f6dc886f |
| SHA512 | a7c08f66a1db3f965042db72648508a5afff5b63f91a79da79d4cfb9a5a09dc5edc5541e31fd76b1090695362b2ab6f7285e2899704b235d4b60cc9deb0a8849 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d9211c5c69a6652627746c4b7e7eb61b |
| SHA1 | 18e0f0a286dd130fdbe43fde2a4511bb188617b7 |
| SHA256 | f3492276ba0a802d1be94edeeb0e131e25ac30b6e49c6790619825e9ddec5c4f |
| SHA512 | dc128f16c9931afc84af75d77ff42e93c3ccc09acdaadf2d3f44b0fb5885ca295d3984b360ebce952a34a82cc2d2f0b6f96ee0281c61250d19b78d3859836d29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ee2f74e5039357b003a4f30380cd9ad |
| SHA1 | 9d86f60f4f4249ce575a35ded017653dee71eca2 |
| SHA256 | 3c757dd6e353e0e36f36e0d43eb39fe3eba6969bd0398069215951ddb88fa43e |
| SHA512 | e1fa206ce72c19949e8d963e4cda538d0c03c7c3c6a9fa9927b5de511504644a55f6d6905349a119b828cbc8699932a934b083b31186f4265777dcbd0633d889 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 63938bd722f2130255d3125ba163e556 |
| SHA1 | 8c818ec8f7fe25a431390211fad069a68c71364b |
| SHA256 | 286feeed8483587632a93e5fcf423a55159c6b4097cd72badf704537a8fb05f4 |
| SHA512 | 421482381c513df23ae3fff0438c84468b57e10e493d489af6c5ce05bdcdabf64230b3e2a4ad8bd855d74193a50c61ba2c38f1f87b8076c55010b5d3aa40f9e0 |
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json
| MD5 | 3deb9f3c8b4119aa7de8da6126679551 |
| SHA1 | b17abfcc58751439f95b2e4e61ccf878e2818d05 |
| SHA256 | 2d2927af7b8107fb4b694634c0a9e5bfbfb8e8eebdc597dac733c7841dfb4267 |
| SHA512 | ceef77f03876d8baa535e1a10592b9551aa7a488e33ac0a357db93d50da2fa23b65526a4ea90f5b3942d334ba2688633b1b278940701b6f6fec4607d4005ee68 |
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json
| MD5 | 01da0d56ab33c0ed0e7ac85e5244190f |
| SHA1 | 9e1e4b59e590038f769e5fa01fb326109a7f38e5 |
| SHA256 | 7133274dc5efab688a6efe2f43ca33e78a2498ef39efcad231b0e07ad2c26d17 |
| SHA512 | e11967ba33c719da1681a7f98056d40f450788d9b7c8b2f580d8bc7998fc35a78c53fc970301b097c527fab79fd477adad4eafcd75b4bb376d33c3fece9e8926 |
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json
| MD5 | ce04d47e59a50ce6bfec7228b658b872 |
| SHA1 | 185b1eed8449732a4ca8097280ff93efd0ebe9c2 |
| SHA256 | cd33dc99a0dd2056abc49127d335d5288e9197e95d4a2836e9b1cfbbb1582b66 |
| SHA512 | 36b38c8b44defe8f632e074a1bc5445d1c1d324fbefac3cd345bb015f33a7a31482004188eeb147be9f1015ce40797a37351228932b6940e7b4865a698957d89 |
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll
| MD5 | 07d32c17cefc890238c9d4c836b21ad3 |
| SHA1 | 8901bbd735f5366ff77733821fd0bfaee778b453 |
| SHA256 | 61d3284520ffd8199f68642bbefd84336e35f6ae71ae6b9e4813a80f1bfd099a |
| SHA512 | 497ea9f6b59b78fa2dfa11916af53eb0d9e430d73374cde6564558031ef66703b22954d571404adb5957f3e635612c03be66ec872aae47a1de2321f2f078e7fd |
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll
| MD5 | 2a1c4c9fe6fad3d4080a95291b42af49 |
| SHA1 | f43fd14a71d3291806e1d0410cce9dd6aaed74a4 |
| SHA256 | 9984cef70363b81dc58af8872a9b5fb225a3520c7297547ab4b941c3ed6990d0 |
| SHA512 | bfc15960d9cb8423b8dad11dc8e9910bc9a898ff59bcb05729e613008b63a242319c7c7e001a4f25b474be733acf98f24df8f6f6b3afc797b99185831a2370a4 |
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll
| MD5 | 8b658473a01ffe6e1136cb7ebf56d7c0 |
| SHA1 | 437d34e38d3ebaab6614c5fe8fa6c47bc7cf3591 |
| SHA256 | 646a13d60f5a7478de72b1135a518652d9acdd82d4943cb57cf9d1d95ba47681 |
| SHA512 | 33612685da60fdaa78853703ccd50dc9d0dc071eb01ffe565f7cd96c481ac132b8f955fd6c91d9530efb427b8cc43807792ea2ce0d9a4e5013ba4afebd4539e8 |
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll
| MD5 | c4e254ba9d2b52cb2bc6b5100fc6e43c |
| SHA1 | 1d395972f99e98b7a9c48c23be5a3006f28fded6 |
| SHA256 | 1a74efbb420a7aaa27feca5d8a52c580978bcfe5db15b746d488f134f5c61bf3 |
| SHA512 | 6642e66ec10d2a228db2cb5e0ecbd0d4b16fbe5debcad311b80f7cf7b229d4ecb466bc74af5bbfd1fcbcfd4c330805f72a90cdc22f48d59a385ca634f637d0b1 |
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll
| MD5 | 43e757bceec2ccabe17a50cab9a7ed28 |
| SHA1 | 496ad9d83bc36c28cd49f8ff76640bb03dbc45cc |
| SHA256 | 4de6d08fa9961eaf30c35e87376ce570ed75991c11b4e716feb32f0b1c23df0b |
| SHA512 | caa7b15be761682a84a132924438a83ebad53642c7248ea5cd577473ebdcef0394cfc18735117f35f61d3b3f5a66636c5790edb1281c5231843b75ba1aa746d1 |
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json
| MD5 | 0f899cc39c45d3dcb08f732ff6f3839e |
| SHA1 | d9acb92dd385b83fbd902b356b32a1ff0969661c |
| SHA256 | 473644f2ae357b155d050113ddc6ace5f971fa38d769ef724939a415f69a300c |
| SHA512 | b3bcd384527d93084931b668ac27b7fafe51f53b0a489c409016975a9356996010fb31672a1cf459c77e0fd7c3e67c656fb8512097f0893581fd6b2226c0c5e8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\28989c86-8208-4761-91d4-a8f073a279a6
| MD5 | 768f1bcba62c11338b13d3a93b1fe171 |
| SHA1 | 79a2d4a41210422239e50cf71bd9767aa78812e3 |
| SHA256 | f4c3fa543c90d2184a21bd55784cf27b7f37e1fb97e89dbfc97da3f089e0f483 |
| SHA512 | e78537d674688913a712080278495c8b18f37855e4e0105dde46b13fdd182ffdd41e6531fab64dbdaadea16d7ca65f062448e8290097f6562aab0273d9a2f938 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\83b6b031-008f-4803-a4ed-4a878f3c8714
| MD5 | 53617a16b0ff26b1903b884952c5b7b4 |
| SHA1 | a312e31182f59cfa1dafd9780566a60c7b553d00 |
| SHA256 | 30b84eb4650ed77c8d7962ddbbbe2e5327ee039f3869fb66c5a9cf60a30d9a50 |
| SHA512 | 1898717ebde4e36ab231acfb510d9406808353dc92c3c3bdde83fed64e65fe6040e1051c77a5af42bc026e6afaec32ad7db20b7298b7f22b53e378492796348f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 84f8e60a81311d262ec7dce25a276ab0 |
| SHA1 | 7dd31cdbddfe3acd5c45f5cab0d320a9fe9d325e |
| SHA256 | b26beb2c0a4c9f485c502544ed7723c6cd8d308793d7dbfa94064bd7a3273fa0 |
| SHA512 | 941165829028ed535b4261b02eb3bc5e6a7cd4cb5999dd71444b71ae647d9d47d0c6b497e080bb777b32752095c35a81f4f5ee44a756dbab879dd941feafcd24 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\8DD38B1D2E458601D2CA0C084D148B982678448E
| MD5 | a588c9bfe2852bd79e29e8ed57565b59 |
| SHA1 | 901869498855d9ec58da7e39fe7e69158a4a8631 |
| SHA256 | 5840b3ab36d42f5d43d234ea53d891f6bfd51707d605fbdb1ce39fab63d6b701 |
| SHA512 | ee8cf63a3cdd5d5f714a9c94ba6a920a577c72c69f5f29f13bb191d6c5f239bd715a572d80e38f51971f5bc3fc9e5803ade8ba17506932b797c5fd5a3a58559f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0c0e55c39853d66decfc8b5f991e7ae2 |
| SHA1 | dfd381791180d2b2c8f8e8a61b8adc6d3b632b20 |
| SHA256 | 0e832416524d0826765b70874b8629b097bc615510ef13608de9246ca3eb77e2 |
| SHA512 | f39137e68d80a0a336f5f17ed7597abd3aefbd437d07c333d2a798aa826cc274298596a10fea82c7c7505b21992d1f38ee3df87bf2a7e8e8a452e49f117cc239 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e19c1d4682b18c8611e26e73ad49e493 |
| SHA1 | 0c962f43d0c8a0ce63361c8ee765bc9681883e89 |
| SHA256 | 0e3416186b2dd81b5e3a82dd1490b6f2e7fa56a8742fe35d98df6933f3edfba4 |
| SHA512 | c27d2705c6795f8205299aaeb78d7e7ea9bb9050802a915fab3ffefae28115dd78f40d8cb44b1866170f1c5d8aca39e9e17014e73aa3d22e111379663fe012ec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js
| MD5 | cffd0924ab1832f0b130c80d845986fd |
| SHA1 | 01696a45828dafee36ee3af71ea71acc135d3ce5 |
| SHA256 | a43ad22cfa4bb5d5e88655b5ee633d5f848384012524cd7b75915f4e031e55cb |
| SHA512 | e929aa311e306e5118f8f3a9c18299fcbdba89ccf3f31e15a3f358dfd239087b37ff402b54e765c79b67bc16d780389e1c81097566f3fd7182c803ca73485186 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\166F2232D21D568AF4700252B7B75E876BF9C981
| MD5 | d8e3cc9afffb4b4275f9415a794a8bc9 |
| SHA1 | c69b829b47a7c3761efeb8b6c94d81a0692586ef |
| SHA256 | af1ad0a72ec41e8807e30b527749b2c82707c31ecd8fe0d52d9fa60e0a500cae |
| SHA512 | b3c1c65e8381f64aa841aeeeef1c8de110a0c4fd1d57534d79b5ba8422d0a8fe5b97d0eb78ff32741b37e54444862e0239c74523bdecda85204fa232b7ba4283 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\crashes\store.json.mozlz4.tmp
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\22899
| MD5 | 7497aa5d77a7e23f3a2c465de27bb565 |
| SHA1 | bba017d2361fc1a5eef9b40431e30306d77a1328 |
| SHA256 | 0f55cd2b60fb5ce617873a9f4b9fa7d05c9e78930cee6c1efd0ddc72774921d1 |
| SHA512 | cbb2e140c5bffd60d351c1ff2ca7311b930074ae25adfd3d5dbf947730af52082ccaf0f481b081165f7f58d72e8e5480fdd9f67ddf92f44b7e354d251a96a959 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7fe8b5e2edaa37c8e8b8031d8ea7e090 |
| SHA1 | 2f8921d0d4008d48aba644d1057fe998b9954ec0 |
| SHA256 | b0043cbb958b08b59bc67bd000a52f8abe8da232d3c4732cabca19d5c489edcf |
| SHA512 | 853c211e1b42e1ab1720fca5e68955f04feab0ad009c0c3282a52ff05bf45f7e94e8cd2ec15a07f1d1684056ba1e70328b96e9a3689c33fab0edcc41f761ce72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0346a68c1e3349ac95cb4d6c56ced810 |
| SHA1 | d615f7372228b15ce53a1b7252477348040c9e1b |
| SHA256 | 86a52d7e3e7eaab9ca98f357fcae6b10e9d7646641f202d95053db603cb9fcfe |
| SHA512 | d760da3fb6e8da228a9646b8a549eedc6a51b7a6c43f0ed311b7441a15bc348defc46d7c1d4c7370240850caa8698ce768a72b972f4f94a66f884457896fdd81 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms
| MD5 | e169b5e95b1d415611e4c4b203712f0b |
| SHA1 | 77313b690a4b914b73eac080a89c232a30c22fa9 |
| SHA256 | 70b94bd860d8826040ca814273ff2644b94ccb68ed962155c76bfb799dd6e00d |
| SHA512 | 65e506e557e0a688c5ac01092637c568d0bb0e137f9a66d894dbd2e382811818f7932029a0b4163fdc047f6cce60ba7292c52502681b2d882b780db1ea8998ed |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 70af8ecd176f0df2bb6f84c67e885939 |
| SHA1 | 53302a50e20b0c70f3707e4efc06ee941a54f1bd |
| SHA256 | 898c204795428dcec290f8e64d1e2932af425ecbfdbee894b1fcc898ef17e431 |
| SHA512 | 1e0c580292589e6cbe1093c3b11c0a0cad818d0ff6638e9c520f4faeef9898299d1adbedd9bb0121d6cc0d832b90ed7000085a93fcd5bb4a72c363935975aabc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 642b9208b707d23bfdb27d935b9beba3 |
| SHA1 | 2101692b47ca2592406b5806b33ec2ecebc991b6 |
| SHA256 | 17f461c810a3f13f2239675db51856885e2a2bfafe2263061d3b8b1e846d3a5b |
| SHA512 | 3b1b2855e98eed6b49d08542394ece0606dac3e73f177c4044786dc6a7b423753edb74a2b01a924cf2f30154bffbb3cfc0901cc4cedc5b250c4a9aacf4e5ff9d |
C:\Users\Admin\Downloads\Client.--g3ZRVD.Install.win.x64.zip.part
| MD5 | e0158b549806d194aa8597977a357009 |
| SHA1 | 02d1af7acd0982f0a0ba14ffce7286db845bfc6d |
| SHA256 | b49aba7cb22f398d666b0582000910c13d7351e6fe9c9eae21cce39a7a5d29d5 |
| SHA512 | 394e3c6175db5b3c6da270a8ae172e8aa4707ed147f37fad555e2151674c1082f5c293594b1a16f5647c5a6dcbb05f679b2cd2599bb542de3ac5a9d74218f1c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\001e157d-c0b2-4543-93f2-3a40f29c12d3
| MD5 | e446170e60ab755d5d9cdaf3253423fe |
| SHA1 | be89ecbacf8a41dd65286380cfd6d39c8ddd2e95 |
| SHA256 | 88fe39e76a01adb645efea73dbfe9dfd039f782d9a3deb76416e6b50ad50de11 |
| SHA512 | 9badefee8963cb4aaf9ed5fe8e707d6f352db6c36d5fcaa1fdeb39c2c29aa12eb8e721ff57a13d772b8c49cdd76031dd244a8012102509d9fbcc15c37b69c56c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\1ae54a79-f357-4d27-830c-51f3b81eb181
| MD5 | 58deefc4f50767c858b1021c67fe59ba |
| SHA1 | d258f961fec4f6f44ad985d252b36594d4b443bd |
| SHA256 | c5f088a16b01ed45160577ea9431dd1c7cbf03f1963325c8ac66bb20fc3d30e9 |
| SHA512 | b96af2a0733fbb54a418e35d38eb6588edcba8dce1abdf1e0a5427c142ed06a3904da83951a1bc9b00565110cbd88a2b895ddff72a82a9ec533bede93065188a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 6493b1342a020762672e3c717b8185fd |
| SHA1 | 0922eb4ca0d60e696b20639a9a45480b62d6a08f |
| SHA256 | c2fd2dbbf3a24ae1cb1a61da6954817575076941bdd4de6772dfaf0a1c8e6dfd |
| SHA512 | 30ac7c58867872bf73db8c81ee4fc159daaef0c65fc4ce4f43f9ebc6f94b24491c6d74f91043ccda82893c7004b339cfbc11394864d5ff7aa2f9b0c056e6032d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 05769328bb028a162c6ce1bcc548897a |
| SHA1 | 743aabe6090bf1ade1b49d5aacacdd9dbbffaf05 |
| SHA256 | 6604a890e7a5fc5c23d59c8a0d988c6822d49fb1d38962a241daae26422b315c |
| SHA512 | c382a2a7f1ee0b7bb49bdc56d00bff27e087b8f4bfb215e86ac2e2e56bb6e872828a0a6e644bece6afe74c3481d6826ba35ec37503e5f6019f57772b94b8e72d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\broadcast-listeners.json.tmp
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
memory/5752-4695-0x0000000000400000-0x0000000000428000-memory.dmp
memory/4284-4703-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4708-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4721-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4728-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4729-0x0000000002270000-0x0000000002271000-memory.dmp
memory/4284-4731-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4733-0x0000000002270000-0x0000000002271000-memory.dmp
memory/4284-4734-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4738-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4741-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4744-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4747-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4750-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4755-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4758-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4760-0x00000000023A0000-0x00000000043A0000-memory.dmp
memory/4284-4761-0x00000000024A0000-0x00000000024A8000-memory.dmp
memory/4284-4762-0x0000000002488000-0x0000000002490000-memory.dmp
memory/4284-4763-0x0000000002438000-0x0000000002440000-memory.dmp
memory/4284-4765-0x0000000002490000-0x0000000002498000-memory.dmp
memory/4284-4764-0x00000000023A0000-0x00000000043A0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 82678367fa4297a26727ccc84e0b2f60 |
| SHA1 | 0c65ab90390566f7d2f5b4751b9027f6bac1d22a |
| SHA256 | fbf7356b28e05edc871dda40b318b147e6d07ece028da3d67c3cfbd30bfa0f29 |
| SHA512 | e5474444eecac25a06fe26a22dce9aa9311740dca264de1c824a36a7bc55216f301e934667fe0b9c3c7b062694f8a37e45ecce6b3889cb33bb47ecb9bd198db5 |