Malware Analysis Report

2025-08-10 12:06

Sample ID 240222-yv6qzsef3z
Target Avatar.jpg
SHA256 f849330882af205fbfb7ddcb71401547866f4d29da1034f503da48660cdc8e62
Tags
discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f849330882af205fbfb7ddcb71401547866f4d29da1034f503da48660cdc8e62

Threat Level: Likely malicious

The file Avatar.jpg was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Checks installed software on the system

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Enumerates system info in registry

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies registry class

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 20:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 20:07

Reported

2024-02-22 20:23

Platform

win11-20240221-en

Max time kernel

922s

Max time network

919s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Avatar.jpg

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{B7F226A1-2048-449B-BDC9-1CB6DDD3F295}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A
N/A N/A C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ef5af41f-d68c-48f7-bfb0-5055718601fc} = "\"C:\\ProgramData\\Package Cache\\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\\windowsdesktop-runtime-7.0.16-win-x64.exe\" /burn.runonce" C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI1DA1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF97464F5FBC5CF05F.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5e0609.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI15AB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5e0613.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF3F880D3FCA9A41D8.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\B61D15F98E24A4A42882574055142AEA\56.64.8781\fileCoreHostExe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{01B2627D-8443-41C0-97F0-9F72AC2FD6A0} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2003.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e0609.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e0619.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\B61D15F98E24A4A42882574055142AEA\56.64.8781 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e0618.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF267D7195436B549A.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFEC9BD5392E84A88A.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e0613.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1A14.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1AD0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5e0619.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1761.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI17DF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFC3B2AC4626CC0FF9.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA9D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF0239AFB42026DB32.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e060e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\B61D15F98E24A4A42882574055142AEA\56.64.8781\fileCoreHostExe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e061d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2AF1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF3BF7A94BC3B7321C.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF8FCDD96BA7E7E8FF.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF47B10ECBCE29CA6A.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI189C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e0612.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF9325B09BBBDB866C.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\B61D15F98E24A4A42882574055142AEA C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF7739DA2BA604C5C1.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF80C573DA47842823.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFB17AEEA4D4A7F204.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF69B7009C0E5B80BC.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e060d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5e060e.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF39FCF895027360D4.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE95.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF2E2585723A8B8420.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{9F51D16B-42E8-4A4A-8228-75045541A2AE} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1BBC.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Provider C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Version = "943727181" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B61D15F98E24A4A42882574055142AEA\Provider C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.64.8781_x64\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C4A096B1A1834D04ABA4F3A8DCC57E79\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\Version = "943727181" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\ = "{ef5af41f-d68c-48f7-bfb0-5055718601fc}" C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Dependents C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\PackageName = "windowsdesktop-runtime-7.0.16-win-x64.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc} C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_56.64.8781_x64 C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\ = "{9F51D16B-42E8-4A4A-8228-75045541A2AE}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\Version = "943727181" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}v56.64.8781\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\ProductName = "Microsoft .NET Host FX Resolver - 7.0.16 (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}v56.64.8781\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64\ = "{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4E3F426DBD05F2A509C6867B91443826 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.16 (x64)" C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C4A096B1A1834D04ABA4F3A8DCC57E79\Provider C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\PackageCode = "74EEF11D81DB3C6458F196B0238079C8" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.64.8781_x64\Version = "56.64.8781" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}v56.64.8804\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_56.64.8804_x64 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\ProductName = "Microsoft Windows Desktop Runtime - 7.0.16 (x64)" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B61D15F98E24A4A42882574055142AEA\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\PackageName = "dotnet-hostfxr-7.0.16-win-x64.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64 C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\SourceList\PackageName = "dotnet-host-7.0.16-win-x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64 C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Version = "56.64.8781" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\ProductName = "Microsoft .NET Host - 7.0.16 (x64)" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.64.8781_x64\Dependents C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\Version = "943727204" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D7262B1034480C14790FF927CAF26D0A\Provider C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\Downloads\Client.Install.win.x64.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Kiwi_X_External.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 238865.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 4860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4860 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Avatar.jpg

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.0.1513047413\117819948" -parentBuildID 20221007134813 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1138e9cf-f557-45cc-b557-a3cbc2051ab3} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 1856 1b1b36bfe58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.1.2072861264\1734560940" -parentBuildID 20221007134813 -prefsHandle 2204 -prefMapHandle 2192 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ca8fcb9-4654-46b1-949b-908cdb7ea13b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 2232 1b1b3232658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.2.1733092454\1267963276" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 2840 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ea3080c-49fc-4813-9d61-2ba0252052d9} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 3140 1b1b365f658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.3.1658003133\1203144956" -childID 2 -isForBrowser -prefsHandle 3388 -prefMapHandle 3260 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36580fdf-9892-48bf-ab5f-2bb378f0570d} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 3556 1b1a7667b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.4.685630623\1885919318" -childID 3 -isForBrowser -prefsHandle 4560 -prefMapHandle 4552 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c54819ac-d9d1-41fb-824d-84eab6b8a52b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4576 1b1ba3beb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.5.354982569\625332248" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 4952 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42d79fe6-1c29-49f2-b3f8-0d739ca7df4c} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5028 1b1b894ef58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.7.39800416\2133913621" -childID 6 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57a51214-163e-497b-b555-7f85881a81ab} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5336 1b1bab4f458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.6.641270644\295386146" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 4400 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21e6f32a-3233-4767-8615-ea1022852b44} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5228 1b1ba3bdf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.8.485734013\671100732" -childID 7 -isForBrowser -prefsHandle 5836 -prefMapHandle 5840 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ab4652c-9e8d-4b43-a37d-054f60787f7b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5816 1b1bcd25458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.10.2014872722\534662592" -childID 9 -isForBrowser -prefsHandle 5172 -prefMapHandle 5048 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd0ed597-ed4c-43bc-8d24-7ab4709b90aa} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 3540 1b1bab92d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.9.2076862023\1155259903" -childID 8 -isForBrowser -prefsHandle 3536 -prefMapHandle 2580 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfdd1046-77de-4c97-b61f-290b69c92d31} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4960 1b1bab91558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.11.1721821532\860145625" -childID 10 -isForBrowser -prefsHandle 5492 -prefMapHandle 5484 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b8524cb-078c-49ad-b4d9-1258a3e7d4e3} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5472 1b1bd0efa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.12.2024137279\1142013426" -childID 11 -isForBrowser -prefsHandle 5544 -prefMapHandle 5532 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {395349a4-d86e-4ae8-9ad8-bd214f2ee9ce} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 6116 1b1bd0e1a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.13.127635434\470750975" -parentBuildID 20221007134813 -prefsHandle 5312 -prefMapHandle 6020 -prefsLen 26458 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7883b394-92c7-4568-bce8-3c58e09266ac} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5508 1b1bd0f1b58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.14.1260288731\409056793" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6184 -prefMapHandle 5312 -prefsLen 26458 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81a90659-7ff1-4c97-9ea3-c75b92604116} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 6196 1b1bd0f1858 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.15.2102922272\2008772477" -childID 12 -isForBrowser -prefsHandle 10352 -prefMapHandle 10356 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {365b9a5a-2139-4318-a120-3758bd435e95} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10348 1b1bc67d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.16.1686071463\815753223" -childID 13 -isForBrowser -prefsHandle 5740 -prefMapHandle 10168 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36159173-c3c6-4906-b502-21162345a550} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10136 1b1bc717b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.18.411124603\45505844" -childID 15 -isForBrowser -prefsHandle 10032 -prefMapHandle 10208 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49e1ae30-5a8d-4a8e-b886-7412ae5a815f} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10168 1b1bd0f0c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.17.1934276273\1481680373" -childID 14 -isForBrowser -prefsHandle 4452 -prefMapHandle 6104 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b50805f-d22a-4ba0-ab3a-b0c37d66e602} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 2900 1b1ba8d3e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.19.1058824149\1624246191" -childID 16 -isForBrowser -prefsHandle 9792 -prefMapHandle 9800 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd723889-58d9-4a0e-a97d-1b0ee93669de} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9712 1b1bde3c858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.20.793419851\1685618213" -childID 17 -isForBrowser -prefsHandle 2704 -prefMapHandle 2692 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {915d660c-5155-477c-8dbd-7369ecefcbae} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4484 1b1bcc8a458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.22.452436051\1566791610" -childID 19 -isForBrowser -prefsHandle 9496 -prefMapHandle 9600 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a469041-5328-4cf6-9414-1680200eb05b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9500 1b1bcf73258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.21.1945071416\1333230372" -childID 18 -isForBrowser -prefsHandle 10272 -prefMapHandle 4776 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5f17882-e44a-4848-87d0-32a50fffd776} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5176 1b1bcf75f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.23.1327729539\671848213" -childID 20 -isForBrowser -prefsHandle 5088 -prefMapHandle 2700 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {232ab985-1654-4b94-9202-f38b3c01a73b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9496 1b1bcf76b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.24.947197111\1408909372" -childID 21 -isForBrowser -prefsHandle 5948 -prefMapHandle 5952 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f4afe4c-7317-4930-98cd-15f7ce35ed5c} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5960 1b1bd75fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.25.2061218028\607896831" -childID 22 -isForBrowser -prefsHandle 9976 -prefMapHandle 4564 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5471af28-7fa1-47ae-b6dc-2a67a782077b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9772 1b1bdd88d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.26.1899039139\1817429984" -childID 23 -isForBrowser -prefsHandle 2588 -prefMapHandle 4300 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8155f4ee-e63e-4a76-ac06-69a2608c1c4c} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 2616 1b1bfb6be58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.28.1628587108\708660785" -childID 25 -isForBrowser -prefsHandle 10232 -prefMapHandle 4520 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c79aa4c8-23ce-439a-aea7-5247fba8c644} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4768 1b1c0104158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.27.1365931546\170127609" -childID 24 -isForBrowser -prefsHandle 9824 -prefMapHandle 10120 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41709363-2cc9-4548-b3af-d1632640a485} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5088 1b1c0089b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.29.1344511961\1366660700" -childID 26 -isForBrowser -prefsHandle 9244 -prefMapHandle 9248 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2517ce66-d573-41c0-89a0-2974f9e12b2c} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9236 1b1c0325758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.30.1873209019\1399861091" -childID 27 -isForBrowser -prefsHandle 4712 -prefMapHandle 4464 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51955225-396b-4ec0-bfb2-06e3dd430960} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 6184 1b1b894e958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.31.1373573922\980178570" -childID 28 -isForBrowser -prefsHandle 9468 -prefMapHandle 10116 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7d8d41d-3b14-4149-a5f3-c6cedf3d302d} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9716 1b1bb090d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.32.843978882\1735282144" -childID 29 -isForBrowser -prefsHandle 9380 -prefMapHandle 9364 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24edc446-c3a4-40c8-ba11-59e798cad94e} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9392 1b1bc714258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.33.1261749044\721296633" -childID 30 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {272d0eb1-5c47-496a-90d1-915cab78fba1} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5336 1b1bcc38558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.34.432301712\101223452" -childID 31 -isForBrowser -prefsHandle 9068 -prefMapHandle 9060 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb047e93-2555-4b24-afbd-00e7dfb7ad60} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9036 1b1bcc38b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.35.1753560160\1979802609" -childID 32 -isForBrowser -prefsHandle 8828 -prefMapHandle 8832 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50c8e57a-6df8-4fb4-86ba-103bcca348b6} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9480 1b1bd66eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.36.1651007137\503577689" -childID 33 -isForBrowser -prefsHandle 5484 -prefMapHandle 4768 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {492205d2-0386-4376-aa97-5f22e03f5727} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4300 1b1bccdb258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.37.1018961979\1170333870" -childID 34 -isForBrowser -prefsHandle 8916 -prefMapHandle 8900 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9890f2f-a8f8-4f7a-9ea4-0a52573801f2} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9036 1b1bd98bb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.38.2000231760\482898598" -childID 35 -isForBrowser -prefsHandle 8588 -prefMapHandle 8584 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b096afb-1026-4cf1-b5da-4a5901e45d4a} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8600 1b1bde3a758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.39.833507369\519807520" -childID 36 -isForBrowser -prefsHandle 8416 -prefMapHandle 8412 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ac0cad9-067f-4a83-b14f-232b74eaa4f0} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8424 1b1bdea2158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.40.539693634\663410694" -childID 37 -isForBrowser -prefsHandle 9724 -prefMapHandle 5340 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d787854-c45a-4a8e-aa4d-55037de42f9e} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9380 1b1bdf6dd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.41.294823653\1998272677" -childID 38 -isForBrowser -prefsHandle 5264 -prefMapHandle 8988 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b3f2d35-8eda-4a4d-9e8b-08693777e124} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9748 1b1bdf6fe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.42.151661152\652378968" -childID 39 -isForBrowser -prefsHandle 8284 -prefMapHandle 8268 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aee7b639-810a-4cb5-afbb-b65a0f834f5e} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8296 1b1bdf6ef58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.43.362459726\1385434735" -childID 40 -isForBrowser -prefsHandle 9048 -prefMapHandle 9680 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37aae6a0-2a6c-4356-bfdd-0cd01ef3b71b} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9288 1b1bdf6d758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.44.1070854888\2120503329" -childID 41 -isForBrowser -prefsHandle 9136 -prefMapHandle 9220 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d93426e2-32ae-4ac7-8de7-17574fd5783d} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9144 1b1ba926458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.47.1906338325\1632090401" -childID 44 -isForBrowser -prefsHandle 9496 -prefMapHandle 9544 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {027f0933-0d47-4774-920c-e7a8b47980db} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 6372 1b1bb09da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.46.124792393\2109086214" -childID 43 -isForBrowser -prefsHandle 4616 -prefMapHandle 6136 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1599b99d-a168-423c-a87f-0fe58b8f11e0} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10352 1b1bb09f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.45.283618901\96782478" -childID 42 -isForBrowser -prefsHandle 1556 -prefMapHandle 5632 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba82a242-785a-4675-9bd6-ad9455f9cc11} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9176 1b1bb09ce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.48.946911890\931078652" -childID 45 -isForBrowser -prefsHandle 9052 -prefMapHandle 4784 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5930553f-13db-4c20-9676-1f26d07cc117} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9172 1b1bd0e2f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.49.1720587759\1628651425" -childID 46 -isForBrowser -prefsHandle 9588 -prefMapHandle 8524 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c758e07-2003-44fb-b6ae-dc7581b6b59c} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9168 1b1bd0e3558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.51.492515795\1223791885" -childID 48 -isForBrowser -prefsHandle 10088 -prefMapHandle 8504 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d49ab76-f733-49a2-a2d7-6f1f28cb39e9} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9564 1b1bc9d2958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.50.768059559\2078568274" -childID 47 -isForBrowser -prefsHandle 8240 -prefMapHandle 4628 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe456d22-128b-4e42-8ad0-0bbd3d66255a} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8152 1b1bb090a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.53.1544350204\1601526837" -childID 50 -isForBrowser -prefsHandle 8240 -prefMapHandle 8148 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d2022a-4ee8-4353-86aa-cd6e11ff1883} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4628 1b1bc67c658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.52.520620788\1802128080" -childID 49 -isForBrowser -prefsHandle 5812 -prefMapHandle 10064 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed7d0067-20c6-4db2-89cd-5a1853af37d2} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10076 1b1bc67a258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.54.1577675872\1160788715" -childID 51 -isForBrowser -prefsHandle 5624 -prefMapHandle 6084 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf08aac6-f08d-42d1-a350-86b85de36ce7} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5516 1b1bccdb558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.55.708806925\1728674253" -childID 52 -isForBrowser -prefsHandle 5172 -prefMapHandle 9072 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7677b83-dc63-4108-8507-9b24fa5bf0c6} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 4372 1b1bd01f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.56.437429963\466278515" -childID 53 -isForBrowser -prefsHandle 9508 -prefMapHandle 4776 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c249047-f502-4e62-9096-0b35b57b1232} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 9816 1b1be512a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.57.1875929513\1173048635" -childID 54 -isForBrowser -prefsHandle 8504 -prefMapHandle 9612 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a32a5b1-10b8-4e01-938e-462491a501f3} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10108 1b1bccdb558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.59.1066002185\320111169" -childID 56 -isForBrowser -prefsHandle 5108 -prefMapHandle 5648 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c95dfa15-8e4a-4270-8cde-ba4727552de2} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8400 1b1bc7f1558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.58.1748171599\1145939072" -childID 55 -isForBrowser -prefsHandle 3788 -prefMapHandle 8820 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {020b8488-4e86-4a43-9f52-a825a33cf070} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8804 1b1bc7efa58 tab

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Kiwi_X_External.rar"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.60.753813957\313930201" -childID 57 -isForBrowser -prefsHandle 6060 -prefMapHandle 2884 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e50fed90-f874-4132-86e0-58631a3e01b3} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 5516 1b1bcd5ee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.61.1175510970\974535913" -childID 58 -isForBrowser -prefsHandle 9580 -prefMapHandle 8940 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ea5119b-965f-442d-9457-5b0172a44504} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 8980 1b1bcfd4d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.62.991615829\513096250" -childID 59 -isForBrowser -prefsHandle 6136 -prefMapHandle 4616 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b874a2bf-706e-47a9-bf27-201a546dc1ba} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 10088 1b1a7662e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4860.63.1816667123\1702293396" -childID 60 -isForBrowser -prefsHandle 9828 -prefMapHandle 9440 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {757b5ac5-a7f8-4aac-9703-b6eca09c39e1} 4860 "\\.\pipe\gecko-crash-server-pipe.4860" 2580 1b1a765e858 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe

"C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=7.0.0&arch=x64&rid=win-x64&os=win10&gui=true

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd53f13cb8,0x7ffd53f13cc8,0x7ffd53f13cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,3660776565394504973,5730518754893676214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8

C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe

"C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe"

C:\Windows\Temp\{B7F226A1-2048-449B-BDC9-1CB6DDD3F295}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe

"C:\Windows\Temp\{B7F226A1-2048-449B-BDC9-1CB6DDD3F295}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe" -burn.filehandle.attached=756 -burn.filehandle.self=760

C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe

"C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe" -q -burn.elevated BurnPipe.{E6DAAAF5-7127-41EB-9394-CD10B639180A} {EA16112A-F663-4D2B-936D-61AFA19B35FF} 5724

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 720A86221BF2463A66C1469D413CBC9B

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5B4D293A942BFAC948997836CE496B9F

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 900082AFAC8A0F562FB5A5A0B83A977F

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 62BA163650FD5F2CD76125AB4B294794

C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe

"C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe"

C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe

"C:\Users\Admin\Desktop\Kiwi X External\Kiwi X External.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.0.472057657\185783621" -parentBuildID 20221007134813 -prefsHandle 1652 -prefMapHandle 1620 -prefsLen 21569 -prefMapSize 233863 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31dc606e-81d2-4b40-b927-76f8f12ce083} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 1732 298af705058 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.1.2034975433\977613890" -parentBuildID 20221007134813 -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 21569 -prefMapSize 233863 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10ab1b98-a30f-48eb-a3d9-a1ea2910da89} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 2096 298a38e7358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.2.799132259\1562665420" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 22030 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d70e9fd7-bb98-44a8-8fbe-879d65f5bcbb} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 2920 298b3649f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.3.319876495\1491416350" -childID 2 -isForBrowser -prefsHandle 3812 -prefMapHandle 3808 -prefsLen 27208 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7f16065-1422-4ed2-9c21-65f45cce0c16} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 3824 298b57ee158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.4.1664524045\1677108611" -childID 3 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 27208 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {517ca655-bf84-4005-8012-5f9eedeaf836} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 4032 298a3861c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.7.1923696821\109175157" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 27267 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4481ff9-10a2-4338-b0ca-ed12b1c68351} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5364 298b72cff58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.6.1759518080\2139329522" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 27267 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b073d239-fcc1-418f-97ae-1b374511f893} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5176 298b72cf958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.5.1405547781\1857455499" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5088 -prefsLen 27267 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50b0c8fe-ea8e-4082-88e9-91960c95463a} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5064 298b4d86d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.8.489901883\564839336" -childID 7 -isForBrowser -prefsHandle 5940 -prefMapHandle 5936 -prefsLen 27267 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5127d010-6973-49f9-b621-85109fe49e7c} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5948 298b97f9a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.9.1988200930\843952720" -childID 8 -isForBrowser -prefsHandle 5608 -prefMapHandle 3904 -prefsLen 27276 -prefMapSize 233863 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58b8984-9602-4d66-9d34-1c95d3833389} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 4816 298b9948a58 tab

C:\Users\Admin\Downloads\Client.Install.win.x64\Client Install win x64 Setup.exe

"C:\Users\Admin\Downloads\Client.Install.win.x64\Client Install win x64 Setup.exe"

C:\Users\Admin\Downloads\Client.Install.win.x64\jre\bin\javaw.exe

"C:\Users\Admin\Downloads\Client.Install.win.x64\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\antlr4-runtime.jar;lib\asm-all.jar;lib\commons-email.jar;lib\connector-api.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\dyn4j.jar;lib\gson.jar;lib\HikariCP-java6.jar;lib\javassist-GA.jar;lib\jaybird-jdk18.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-game-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-sql-ext.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\mysql-connector-java.jar;lib\postgresql.jre7.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\sqlite-jdbc.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
N/A 127.0.0.1:49735 tcp
N/A 127.0.0.1:49741 tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 172.67.191.177:80 kiwiexploits.com tcp
US 172.67.191.177:80 kiwiexploits.com tcp
US 172.67.191.177:443 kiwiexploits.com tcp
US 172.67.191.177:443 kiwiexploits.com udp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 104.17.2.184:443 challenges.cloudflare.com udp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 104.21.11.26:443 acscdn.com tcp
US 104.21.11.26:443 acscdn.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 youradexchange.com udp
US 8.8.8.8:53 26.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 172.67.204.62:443 ctrtrk.com tcp
US 172.64.170.19:443 youradexchange.com tcp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 172.67.204.62:443 ctrtrk.com udp
US 172.64.170.19:443 youradexchange.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 104.21.8.108:443 pubtrky.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 104.21.8.108:443 pubtrky.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
BE 64.233.184.155:443 stats.g.doubleclick.net tcp
BE 64.233.184.155:443 stats.g.doubleclick.net udp
EE 46.36.218.109:443 updservice.site tcp
US 104.21.68.128:443 mmentorapp.com tcp
US 104.21.68.128:443 mmentorapp.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
DE 18.194.134.212:443 offaces-butional.com tcp
US 172.67.210.153:443 www.savinist.com tcp
US 172.67.210.153:443 www.savinist.com udp
DE 18.196.153.94:443 www.opera.com tcp
GB 216.58.213.14:443 www.googleoptimize.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 216.58.213.14:443 www.googleoptimize.com udp
US 151.101.1.140:443 reddit.map.fastly.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 151.101.1.140:443 reddit.map.fastly.net tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 216.58.204.67:443 www.google.co.uk udp
BE 64.233.184.155:443 stats.g.doubleclick.net tcp
BE 64.233.184.155:443 stats.g.doubleclick.net udp
DE 52.85.92.13:443 static-cdn.hotjar.com tcp
GB 88.221.135.104:443 a1916.dscg2.akamai.net tcp
US 151.101.1.140:443 reddit.map.fastly.net tcp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 195.181.164.15:443 tags.creativecdn.com tcp
GB 195.181.164.15:443 tags.creativecdn.com udp
NL 185.184.8.90:443 ams.creativecdn.com tcp
NL 185.184.8.90:443 ams.creativecdn.com tcp
GB 163.70.147.23:443 connect.facebook.net udp
DE 18.155.153.11:443 script.hotjar.com tcp
US 13.107.42.14:443 l-0005.l-msedge.net tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 163.70.151.35:443 www.facebook.com udp
GB 172.217.16.228:443 www.google.com udp
US 104.21.89.193:443 lootdest.com tcp
US 104.21.89.193:443 lootdest.com udp
US 151.101.1.229:443 jsdelivr.map.fastly.net tcp
US 104.16.126.175:443 unpkg.com tcp
IN 142.250.70.99:443 csi.gstatic.com tcp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
IN 142.250.70.99:443 csi.gstatic.com tcp
DE 18.155.152.67:443 ddzswov1e84sp.cloudfront.net tcp
US 104.21.23.212:443 onasider.top tcp
US 104.21.23.212:443 onasider.top tcp
US 104.21.23.212:443 onasider.top udp
IN 142.250.70.99:443 csi.gstatic.com udp
DE 54.230.182.151:443 d1wzdj81h1hubn.cloudfront.net tcp
DE 54.230.182.151:443 d1wzdj81h1hubn.cloudfront.net tcp
US 172.67.150.46:443 1.edonorprog.biz tcp
US 172.67.150.46:443 1.edonorprog.biz tcp
US 204.79.197.203:443 srtb.msn.com tcp
GB 13.224.245.92:443 ukworlowedonh.com tcp
GB 92.123.26.137:443 assets.msn.com tcp
GB 92.123.26.137:443 assets.msn.com tcp
GB 92.123.26.137:443 assets.msn.com tcp
GB 92.123.26.137:443 assets.msn.com tcp
GB 92.123.26.137:443 assets.msn.com tcp
IE 68.219.88.97:443 c.msn.com tcp
US 204.79.197.200:443 dual-a-0001.a-msedge.net tcp
US 20.42.65.84:443 onedscolprdeus02.eastus.cloudapp.azure.com tcp
GB 88.221.134.80:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.80:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.80:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.80:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.80:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.80:443 img-s-msn-com.akamaized.net tcp
US 172.67.150.46:443 1.edonorprog.biz udp
US 204.79.197.203:443 srtb.msn.com tcp
US 204.79.197.203:443 srtb.msn.com tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
GB 92.123.128.178:443 e86303.dscx.akamaiedge.net tcp
GB 92.123.128.178:443 e86303.dscx.akamaiedge.net tcp
US 172.67.41.60:443 btloader.com tcp
US 172.67.41.60:443 btloader.com tcp
US 172.67.41.60:443 btloader.com tcp
GB 23.37.0.26:443 confiant.msn.com tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
US 13.107.246.67:443 part-0039.t-0009.t-msedge.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
GB 92.123.128.178:443 e86303.dscx.akamaiedge.net udp
US 130.211.23.194:443 api.btloader.com udp
US 151.101.1.108:443 cdn.adnxs.com tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
NL 185.89.208.19:443 shftr.appnexusgslb.net tcp
NL 185.89.211.84:443 ams3-ib.adnxs.com tcp
NL 185.89.211.84:443 ams3-ib.adnxs.com tcp
NL 185.89.211.84:443 ams3-ib.adnxs.com tcp
US 151.101.1.108:443 cdn.adnxs.com tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io udp
NL 185.89.210.153:443 ams3-ib.adnxs.com tcp
IE 13.69.239.74:443 browser.events.data.microsoft.com tcp
IE 13.69.239.74:443 browser.events.data.microsoft.com tcp
DE 37.252.173.215:443 fra1-ib.adnxs.com tcp
NL 185.89.208.19:443 shftr.appnexusgslb.net tcp
US 52.223.6.21:443 ie1-bid.adsrvr.org tcp
NL 185.89.210.82:443 ams3-ib.adnxs.com tcp
DE 37.252.171.53:443 fra1-ib.adnxs.com tcp
DE 37.252.171.53:443 fra1-ib.adnxs.com tcp
DE 37.252.171.53:443 fra1-ib.adnxs.com tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
GB 216.58.212.238:443 redirector.gvt1.com tcp
GB 216.58.212.238:443 redirector.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com tcp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 172.67.191.177:443 kiwiexploits.com udp
DE 54.230.55.108:443 d1o6lu9dr4t13s.cloudfront.net tcp
GB 13.224.245.59:443 ukworlowedonh.com tcp
GB 13.224.245.59:443 ukworlowedonh.com tcp
US 104.21.22.186:443 ameoutofthe.info tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 188.114.97.2:443 lootdest.com tcp
US 188.114.97.2:443 lootdest.com tcp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com udp
US 104.21.22.186:443 ameoutofthe.info udp
US 188.114.97.2:443 lootdest.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com udp
GB 13.224.245.59:443 ukworlowedonh.com tcp
US 34.195.224.242:443 sonij.wedonhisdhiltew.info tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 18.165.201.76:443 ecentalsindus.com tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com udp
US 34.195.224.242:443 sonij.wedonhisdhiltew.info tcp
US 34.195.224.242:443 sonij.wedonhisdhiltew.info tcp
GB 13.224.245.92:443 ukworlowedonh.com tcp
NL 139.45.197.239:443 dukirliaon.com tcp
NL 139.45.197.239:443 dukirliaon.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 172.64.133.4:443 yourfreshjournal.com tcp
US 172.64.133.4:443 yourfreshjournal.com udp
NL 139.45.195.8:443 my.rtmark.net tcp
US 104.22.25.116:443 littlecdn.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.251:443 jouteetu.net tcp
NL 139.45.197.251:443 jouteetu.net tcp
NL 139.45.197.251:443 jouteetu.net tcp
NL 139.45.197.251:443 jouteetu.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 251.197.45.139.in-addr.arpa udp
US 34.195.224.242:443 qvmto.wedonhisdhiltew.info tcp
NL 139.45.197.251:443 jouteetu.net tcp
US 172.67.191.177:443 kiwiexploits.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 104.21.22.186:443 ameoutofthe.info udp
NL 173.194.69.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com udp
US 34.195.224.242:443 qvmto.wedonhisdhiltew.info tcp
NL 139.45.197.251:443 jouteetu.net tcp
US 34.195.224.242:443 qvmto.wedonhisdhiltew.info tcp
GB 216.58.204.67:443 www.google.co.uk udp
NL 139.45.197.251:443 jouteetu.net tcp
US 172.64.133.4:443 yourfreshjournal.com tcp
US 172.64.133.4:443 yourfreshjournal.com udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.251:443 jouteetu.net tcp
US 172.67.134.201:443 loot-link.com tcp
US 172.67.134.201:443 loot-link.com udp
US 104.16.126.175:443 unpkg.com tcp
US 151.101.1.229:443 jsdelivr.map.fastly.net tcp
US 151.101.1.229:443 jsdelivr.map.fastly.net tcp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
DE 18.155.152.135:443 ddzswov1e84sp.cloudfront.net tcp
US 104.21.23.212:443 onasider.top tcp
US 104.21.23.212:443 onasider.top tcp
US 104.21.23.212:443 onasider.top udp
DE 54.230.182.94:443 d1wzdj81h1hubn.cloudfront.net tcp
DE 54.230.182.94:443 d1wzdj81h1hubn.cloudfront.net tcp
US 104.21.30.10:443 1.edonorprog.biz tcp
US 104.21.30.10:443 1.edonorprog.biz tcp
GB 13.224.245.47:443 ukworlowedonh.com tcp
US 8.8.8.8:53 ukworlowedonh.com udp
US 34.195.224.242:443 qvmto.wedonhisdhiltew.info tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 104.21.30.10:443 1.edonorprog.biz udp
US 104.21.23.212:443 onasider.top udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
NL 139.45.197.239:443 dukirliaon.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.195.224.242:443 qvmto.wedonhisdhiltew.info tcp
US 34.195.224.242:443 qvmto.wedonhisdhiltew.info tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 13.224.245.59:443 ukworlowedonh.com tcp
NL 173.194.69.84:443 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
GB 13.224.245.59:443 ukworlowedonh.com tcp
NL 52.178.17.2:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 onedscolprdweu02.westeurope.cloudapp.azure.com udp
IE 2.18.238.120:443 aka.ms tcp
IE 2.18.238.120:443 aka.ms tcp
IE 2.18.238.120:443 aka.ms tcp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 13.107.246.64:443 fp-afd.azurefd.net tcp
GB 23.37.1.217:443 www.microsoft.com tcp
US 13.107.246.64:443 fp-afd.azurefd.net tcp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
GB 23.37.1.217:443 www.microsoft.com tcp
US 13.107.246.64:443 fp-afd.azurefd.net tcp
IE 52.215.123.88:443 w.usabilla.com tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
N/A 224.0.0.251:5353 udp
DE 18.155.152.129:443 d6tizftlrpuof.cloudfront.net tcp
DE 18.155.152.129:443 d6tizftlrpuof.cloudfront.net tcp
DE 18.155.152.129:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 129.152.155.18.in-addr.arpa udp
IE 20.50.80.209:443 browser.events.data.microsoft.com tcp
IE 20.50.80.209:443 browser.events.data.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
GB 2.18.66.72:443 tcp
US 13.89.179.10:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 92.123.128.186:443 r.bing.com tcp
GB 23.214.133.66:443 cxcs.microsoft.net tcp
GB 92.123.128.160:443 www.bing.com tcp
GB 23.48.165.7:443 ow1.res.office365.com tcp
US 52.113.196.254:443 teams-ring.msedge.net tcp
US 13.107.246.64:443 fp-afd.azurefd.net tcp
N/A 127.0.0.1:54138 tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
N/A 127.0.0.1:54141 tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 216.58.213.14:443 plus.l.google.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.213.14:443 plus.l.google.com udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com udp
DE 140.82.121.4:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 140.82.112.21:443 collector.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 13.107.246.64:443 fp-afd.azurefd.net tcp
GB 2.18.66.72:443 tcp
US 150.171.22.254:443 ln-ring.msedge.net tcp
TW 51.53.160.47:443 094e7f298df38ee7a97a8ef889158631.azr.footprintdns.com tcp
US 8.8.8.8:53 254.22.171.150.in-addr.arpa udp
GB 92.123.128.186:443 r.bing.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\bbaa0b1a-9383-4447-a90d-60d91c6a9097

MD5 31401f41b3c4187c19fecab40842b153
SHA1 c346fa763a9fc7b5b91f966ecbcca348164b5c58
SHA256 f7d3ebc88c3aa051a91142952943668d2a019e15758f83c89b13c660d115ffb0
SHA512 6f2c58a8d9166f6ced2be33b134aef47b4c7498e5b23393cacfe4ae85a26c2257d70dfeb23195bc63c0d1d53de8db92495466d599ef5ae531fa2de0523c53bed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\38ff5fb2-cfa7-4132-9684-f80b8eadb8c2

MD5 f2c717262d47794d23c68e3e76bb4a32
SHA1 0245620878af5cdb432ff84db9718cbfa19c8efd
SHA256 9ed55807535f05069cce872fddbe9191cb84b71794f53cdb0150a667aceedf06
SHA512 18805abf994f8d087f218d4bad892e4e86f459fa1d62bbc2c3e984d606810b597f33326c2111d6197ad5a41cbc599e23fed73fc424423772b9dabdb53bc73d17

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\db\data.safe.bin

MD5 4df84aff357f840c22ff7a8b1b1174b9
SHA1 3d22910aaf17087094a444c8590450f9daf685b4
SHA256 ad5d0332a6a6af81c2d1cdc87c2d6ccb62352c415c41e9e5acd55dc9dfaedf88
SHA512 54ad48b0005aab0a608a6a69f2ff7cdb1aea555ef60bfb44f5f1bd44602a3e67dd8dd195e74bf130e844490e92a0c05e1fabd32b3d99b36ac14eba61255b5b37

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js

MD5 534c7e6751ff29ca9066766cf30f0775
SHA1 f484804fbc73b56feb04f410631bace672a23b20
SHA256 58530b01750a2f86f688a95210d493a5597abbddd794f7d81fba81fa4af475ca
SHA512 6273bc0815620a3edd84ba702210d8b0fb72132e846453c06e9903d78cbfd22e484de1b62fa1526fb73fe2aeedaa0081b3e37c6723754d0fc9272d5116493fb0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js

MD5 d5fddaba89e7db0575935b20e9550003
SHA1 388fde180c9f165692fd802a05318bf0ca12daef
SHA256 201f50f9f0db264ceee9b1ddf0cfb574c592586ac684ed5c2d3a9bed75b72777
SHA512 a65b909ecea75c2bab2f0cd1ba6e15972c6932acab3e1331d423ac207c6a351c1bc81916b082f9c0363112c13626f0ab3ba29249cb73cecdce6cc85a7536d0c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d6b51a3f4470f98b72e264c1f15cb772
SHA1 41a7d4706619b6ac29260cb208533758be4ca4c9
SHA256 b55b3b067a0867f329f08a82de6d2f3c3a2ed9b4e9b2a4e71b6dfd100712955d
SHA512 cf136dbf09b14304c72e1bd8a8e10c0c60771d6c744e55722e7f53edbbb354c92372922247898979ab0aca6b5723f0a51672ef893a3d4f9fe894b2f5ff9cddfa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ca65258316f08bf68b3d2112e8fec7ff
SHA1 9d0a3b7f36d1eb8cd490305b4ec0416fe425be0b
SHA256 86d5c16ab487b52999cb8f295e40599fcdccd4d5f3c17aca8e339b10109383b6
SHA512 e818e17778ddae511e8e892bf1eb0367352995983ddf1b1b2415f44880881f09e89a1077d799be57a665180623a335cc87154883a25c0c372ac9f0c4a773eb0d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\50BC822D4CA28F7818B2B9AF192FD523BD4D70D2

MD5 57af1ee4e137926e11e284be3bc4379d
SHA1 49fad6195c03a5d04e8978b6021709944d028b24
SHA256 7f283d272b9a39c8243f8dbda24b0e29df7ddb9140517606379fd4b53984661d
SHA512 180f20e1ab3298352796c42c6993d007b387112599f68de2de4a2c2792da166e3284fc112efdbf7a1ac1b33dea20ef5fd3b1e0d0087b247d3b68aa363604be33

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js

MD5 6ea426353772504d176071b4d16394fe
SHA1 24c216e8f183eac6ae0c8e053a4c54a4242005e5
SHA256 43c9edfbf2cc375338b746c70016abe813ea290a9a7c5791f7aa376a24bb2ae0
SHA512 ac22693c192939130f28f28d004ce37d2cdbd38112b74f2bc48b61f53616b7a56caac2d580fd16b09ca5f1601d62d7ef378b1921028269e1adcb90e636a4ccf2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fa1d991fabc411737187502e6e2a5822
SHA1 9b2c64eea9210c8cd5da24434023e10011158642
SHA256 efe54c2d8a251d4fc10f9502a14b9909cef7595f5585e492f82743fe705fbc7d
SHA512 5e114c370257fb9c9c9c7354e47ea94ddadccfa3665ae208133a13a5fd80c26c944b6e4ef36a2f45146c0f358fdaa700bb6f83858d0d7b691505ab443a6a0476

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\29459

MD5 268dc3c2159a2644328cedf48378708c
SHA1 c7572d52ff4b9cb2bbc6ee25dd9789cd297eded3
SHA256 8205d15c185cf710c4739a29a6f157ab45c9c2ee8f41283c1208eba56f54eaee
SHA512 d8c44ff3922fb07f315e33343c3ee046c5c99d691b971f0c40cb52694f8a0fc6542fe456246ef17feabe8ee04fc808eb9bf969a7eef44fe44da5d6b7dcab432d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\A06C681183E9AA3AD55214B0B469BB9A97A3C0F6

MD5 26cbc427a7bdc5f9b08b348c32ab3ca1
SHA1 598a5db613b30967305b4f0aed27bcf046a45caf
SHA256 07cd73f940a97d240e45ed7ea5a101a2434760b048a8f1a34a6424fe0f281254
SHA512 b1651617e260c212157ab4c9f221bf120abfd897eb46430cd58f439cb87735984fdede4812273ecfbe526a741845b85d497fce1d3043f96b5e8a408b63e9c613

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\C7736595FC8FFFCC8763CB33CE76670AF19EB23D

MD5 f09213297fed70a83808396f819d75dc
SHA1 1548d74e3d1648d0294b2684f8adf2526aeee681
SHA256 b52d81595faa19e968456872e94f698f4a049114d765f894fe88fb9f10d34ae8
SHA512 0e1de97101eb345896de1eb907cbc6dcbe33bc5d64f8672daaec278334e2bf78bacdfcac85471569ab4df5ce548e1f35cc05a49b1de60fd5df440832da7bf386

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\12706

MD5 efd6bc2c9afc12fa2b8d076a8e7f6448
SHA1 c3849e8381e923bbe57f43f7d71055dae92d37f1
SHA256 4b5146d1c04d095258577f2806601672f2a647d55ea950940e83f167763b420e
SHA512 99c00d919be658104c23f354050320d18091b3956f727373bb4691a28f9fb99f00f81ffb3ed234d0d7e69233192dbeaee2e6f70d06524d756d9172f10adc509a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3f71fd364f7d58c5ac04e9add49daece
SHA1 96e50a27c10018cc18f72d204ba162cbef71e413
SHA256 01bbe59d03d71b69c139aa2023d8186961380a9e12fef8ad168ab0b06804b39b
SHA512 8b6d92155aa6ba7af6512e865be403e212c8b3a345bdae0c09b6ed49fea3b87d8ca70476f1d61b6e83bab0498a5c9af0fb824f20d0d5f311b42d6de163739ef5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 261b37325eddf2d0a7d0c8b76dd069b6
SHA1 14133d66ba78fb8fff22ca6d0d191936f6d2e882
SHA256 e9f840a038e19e2513052384e57c55c31071399502e44a641a87796975a0390e
SHA512 62ea7489365f3afca8e1785024b41e89c14d84dad5a8523ca54f6c74ae5b44cbfba4fe7440be12fe43952838758158af11ee773bd60566f711bfdc6229a757d5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++www.msn.com\cache\morgue\121\{228cb210-3d99-46ba-810d-b281cec65f79}.final

MD5 198eae49109ace901ecc7cb6dc060cc7
SHA1 f713524f3f6105eb38905d92e76861ffd338835f
SHA256 477f5ff041adbe0a33898fe3e8a2711bbbd0f3bf5efaede9b167e6d14ff7adb6
SHA512 0bbba4c3af1fb5eed615dfeb90a98c16aa9c3618336d28df444118ad6c1e6a5c9ec69fd9180b4714bd7b208a9afcaddd2ea85d2b331e9bf27386124c8b334bee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\A443C0E08DBDEAE7CA2C17339CD9D15F8A97AD6C

MD5 e93c25168c67f50ee5096b5531a5e5c6
SHA1 00fe38ccbc608420479fb60c97a75dc6f22a03e4
SHA256 a3fcb8ba8943f4fa57ddbbc8fea2e3db7c7b6c440f5e6ee8dce45e833ee46ea9
SHA512 732724876fc6ffb063f8ee51abd8e6dc380e319a41c22d450d064dd3cdd6b604423e20ecd692e40a21de4505e37c537a3f646f1d7278325943fed14789439541

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fbc3c0c326576741b2cc5160977d68ea
SHA1 0bc35954c415f00eaa2404f1fa2529fb0c8f3269
SHA256 acb47e86884c7280b3d480dff51fc56aa99f9a55c9e027e0f753ee3403b71abb
SHA512 0eedc9edfd59a081ce2bccc3dd3fcf92e69d1fe373737b7f53f97934ca5cb1ad7e3410f0cbf207ede6c522f2f19e1fd5882188264dce3720a5e8ff9e9ac0b899

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\18226

MD5 438644e130f19084ce98955fbbd3c370
SHA1 2d192dd313237ff1260e3ee7f5c0a0b34453546f
SHA256 2ea465a54ac6f5896991fdd304a560ff731dd6567e584a119cffddab31ddc4b1
SHA512 6c8497c300bf8b355b1d20e3744b55cae6255560cf3d431cd7affd9d24ec2f99801ba482774f18e6ab623ea6e60a15a812deff0d67d522f47e17c565ce1dcc30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6db1e56d403a769d9300528ab69a3871
SHA1 2a48127ba6dd6f67859c77d2d1fb4a974370a20c
SHA256 8ef5fcef25c79a073511973d0b753e66272fb07c73e30b7954f9909fd2dd73be
SHA512 d22bd124a369e8df3c195be50ddb6727f9b6982ed7527851c024e9927de1f546dad8aab3ef77f46e254d14f3819bf8d2d4f84881c4dace4f00de62257f8eb6e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1d580bb9e70fa9b2b34511a9d8427340
SHA1 bb24339538bcef253129f0b34edf1881143360e6
SHA256 abceff406666371adb94facc8e28a84feebf86561c0342c82445c3ae4c5361ee
SHA512 784a7b235199ec7efcfb261f9be4e3c669ddd807c11cda3b9576cc5e5a293a6b3f412981454f2868ad28856559eea66d939ad08a71fede88b016bfc7edc41d9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js

MD5 f00839759828f7f06b77dd3b1752c646
SHA1 fa15903bb0bd12d9c1c884816903b75a8cc3d1ca
SHA256 82ff9fb92411a73234605b34cc36b7bb4c3c372363318d732177f60d8524463f
SHA512 fe33102f9dc5a0135af83885c1be49814777c294e7d81a1a83530451e5bcfc42bd68dc5c5163aa62e8fdf697928bfe444878006959586d3e4f2c111e3cc985b0

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 c695422219edaf441bfe5b92fce632ed
SHA1 18c90a6490c55ad55c59f8f293236f0c2cf5414d
SHA256 7541ca3b7d013db02a3c6ad9d5a3948529282aafa8933955a39ee822b7d2c563
SHA512 41880ffa6712df52aca47141300aee1d2ee98bb914157a2ab7470fc0a30158fcb279c4fa941bf9fa5d0691142d48aa2609f0dff15bc759b7cfa2b033b86701ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 1b4459c03d6100881ffb1b32db5a1739
SHA1 dbc3669df4d02a5d4355ba86c6b6e795522a781e
SHA256 061350c2c72842543f183058c441bc32b7846a71e0108d7652cbf7f06c8a3c97
SHA512 4eb9734c266e8ee3a4a062cdc3c5b89ad59c64e8002b3e667e6b5e5384720464a1c5f538fc796a1710ed4974d15826bc377633162c7b64a99ae36ee256a8e4a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\B4B9766AD486DC4CA26FACDD185FD72B5DA8CDF2

MD5 8cc52562f8024723ab1eb697393b7811
SHA1 f6f63f4b60d8c93feac209a66d886051c294d059
SHA256 6c57e47b69341c310d1604a55ccd77261b96a72f44946022e4dc2381876f3037
SHA512 98543b6cd956563566ebe093c01524040294f70a65d3534a29f3c1fbb2361206c3bb89d7aff3c8f0f391620b13c3203051f2d942e84853264a5bc4c18a64ed9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b350ffa747b2cd9970b643e2d3d63162
SHA1 ed848e922a806335d397a90317a4cdb4f9b90b17
SHA256 f567147b73f55141b45a724598b26742434a23a5529a57a7d69ef2a9a8796eb6
SHA512 6e67881773c56e4817e99ee207eaea59b365522722112b6badf1b3aa015f8944b10ef5a07c52b387b46d877aa9dde71738d5b0a3ca24d992a898e2c186ca9aec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\12562

MD5 78dd5ddc38ec41f3e726ff2a941775e5
SHA1 a60f134cdebf0734091fb545920cb47b5be3a90f
SHA256 15e5f4c0bfedce5623381b4cd075f64b1a29bc53624b93b0e5ff8523c60d82fa
SHA512 773efc82b0e6857bbd8527eb3bc0092342bf8194d0697321ca10960557ad5c8a6948eeb358522959f9afc94eddf473e2131d59be463cabb82c2e08240d802138

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\26018

MD5 11ad589b9eea39f0bca88009ce0172c4
SHA1 2c59f06112439a17af80a9cb18e1259f1817645c
SHA256 cc2d24e9b34f6cc7b327883f8d3d21880ca75ae9bd02d2d85a13727f9ea3b6aa
SHA512 fd8d08bddb60a8cc2bf68424f2a46010bd15bdf1bc5560af2b3f1a60bf46daf0105600d2cd9126ca6ddceb677e2c186949e74540c2d6d2b4eee96aa63b582de6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\2374

MD5 5d4b0c4c3d1fcb3f32aed82ea4379445
SHA1 d7095fe4c0f9b60d65d6239c0f075f47eb10c5e6
SHA256 3abb4406368c819b365feb1cfc67932b67ef0d6e8edc913b4dbaf25e6c815eb2
SHA512 f787a436073d5376c2a40f604109a3a14bcfb14d27a0b8de8c10410fdbfaeaf20b2472c3a4b7622ff22b971a399376f0020734e750c4a7c57ce6c985f2910ed9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c97ecf64da34c45e40224aa3e625a36a
SHA1 cfd80c166649787f5f2590db38886399c13f5f4b
SHA256 c38129002d448f42c263e694bfe1c010a8bcf829fcdbfe7fbcddf5694bcebf54
SHA512 813d292a0ff19844d6e5d68c0b2d2218c43c68eda807bfb1e73c7ca1a3d196a47ce2bcdec5face4614b374a8dd8eeb8b620c129f8ca78a0025a631d0e2cedf4b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++qvmto.wedonhisdhiltew.info\cache\morgue\39\{6fa31e0a-6674-40e5-968f-f8d859f5d727}.final

MD5 1cb601da3dc93ed5b7f8076cebfc2043
SHA1 9e90de435cba5d5e6fb93cd94bf83036e2934eb8
SHA256 ae36ae2f37f14e1834d35116f31a5ee10f7dba80ed62b5a258ebc6206d41ab02
SHA512 d4d20fbcd69eabcf0d9f35124d22f7625dc99ce854a87c035ce405346f7314f6d4105c938885ae60530e320488e42e19e3e18e708b3e1f8950311f03f2436fd2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++qvmto.wedonhisdhiltew.info\idb\2728594770keeryovtasl-.sqlite

MD5 271811437e877a16ff482a6bce26a297
SHA1 7c4d4e4cf7f28337aad689a7763791be8ee35966
SHA256 f784c0efa47933d636ecd8718ced7d734b61dabc8019d67fec88e1f4e9579be4
SHA512 bfb41837a1551b50e9a41a244545635ba1f5674b345f03256b4556c065fe398c75fc7f23f1b34c7a6233f5bc9c35248334eefcb4a39fb370a1bee4de9ad45236

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\25991

MD5 bc26504d2bffbe975183a4c32b7075f4
SHA1 8647b0e79235fd9aa57b2e289bb1f8d0b4cf7797
SHA256 a5fc18e45fcd6839a2ba0ea2c717a9d07781dc0bc02440633d51eda03f6dea00
SHA512 2b7fd70082a6a8afaeb73bb0da36205ed6d926d49829624554add5d2e8cf5454a807252adb5927eebea310400a6145d06605be37f3d77b4ba7b22ce84d2d0932

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++qvmto.wedonhisdhiltew.info\cache\morgue\143\{b9a763ba-c0c0-4d46-b06e-b2ae5fb72b8f}.final

MD5 85736de3f0a1783b1d6687ec38b9f225
SHA1 a92298b6f4a6ed759880abfec08224a8a53418d8
SHA256 c6c690de6ec91074d0d7131791ede74bc67c751adcc6a13b2673f116857cb9f3
SHA512 ff53b47d824ac1e68eb5ae2abd1681242a92c7e46b7195bc96d2d06cd6db062e1b0f0cba3d3bfa45e298c89d1205418d47af861da59e91fd09cf561bcf5e0c11

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\19169

MD5 76909f646f25d29df884ca593216335d
SHA1 74a5a09ad8af98eb17fd2ecafed83e1e236dfcdf
SHA256 56a6a2e784f45ebfdbb70af322a00c121d3de56dbfa739c045b6418d26508680
SHA512 87e2a0e4ca110ad964c7697c7c7a62ce14607c27204a2437ed5ec263dac29956d5e3a37df3bdd41c43ef125d3c83a92dc0f43fba6bc948e9f557cb5b4a911131

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\19463

MD5 a400755ee1a95518ad363f5931106c4d
SHA1 e395bfc48d14a60fdc45d109f976d84c499a2995
SHA256 904d3496974eb6d7857dded81b57f9f415b1ff2ef5f3bd65ac2208cbd091e9ff
SHA512 7fd5e6b49ecef7154c8ae0e64616b4b0154347cc0bdaee0bc65e27403329d489af2a7e78bce235aa25a134f13ae33f9092eaba4145cfa9ed2eb5b26ec4bfc2c3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fa22ce559ac4c51d91e258da78d81807
SHA1 9be9b623f4bba4aa58a40c14a38c64e3aba85a47
SHA256 8e7d8250c7c012e990f122be25a064008162997a6679b8229d31414dc538df67
SHA512 269e178dccf0d603168a3faaf070375bf1042d1cfd1ba0be27c8b217554db1ec68409ccd2ef1ad7fe88a0f827db095d3cb3c49e9980e0dfa1272f85c2aef4b3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 10f8e8661ac5d2286fd7d4e3dda7f7ee
SHA1 64587377f6fe805577cc3fc670355fb71f1617df
SHA256 d8b2f271d322d287e21c61944971f0ffc619ce570bdb5a8605d1a20c984d958b
SHA512 45c2f9c0a81a2778fbe2d3d2d987268ec942aaee576c9e56ce544883d72d8c97baf0a00570657f7815d17682a824991f7e69f8984f5dacd3874aacc3dac35fd3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\31697

MD5 904755bb9bb98b44eef534d5f026fcb3
SHA1 470bf124c203780ef8c895a45baa5a21a6ad7a86
SHA256 d18794100df2ac05784967565f92a9f0af89c658134a0d71a2488fea947cd1cd
SHA512 29c9cef2d992f957c775f9256041517c828cca62f7c9a8a948c5b58ab7444d2c71628af16ff5477c451efce942c2e923069753fac0df6c1429b0d92d18fc1113

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\E825EB3F668232735A73EBE87925C898C908F266

MD5 da764212dd8271b76da3040384d097fa
SHA1 5026b58546dcebbbbc9cd40cb0c1c309130e19ca
SHA256 7674a5af77e538c20328c4e86d5e2355d2c0042fa96dbfa726b0af0ed2c5b64e
SHA512 e5eb8112b90137d19af07bc790a56a7762deb396233966dff22b5a9f5a1a1df3c340861555e572f1bb766f6556436c0634e81badc852649f5092499ee68726e8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\2941220F2243E4BFF7F2A0950ECD9A0191EDB1CC

MD5 8490dec4fd8bc2b2363cc1ad449c4bf2
SHA1 e8f88db54e9388f7d4da4086026db12e798d61b4
SHA256 eb1b4111c39b6ba7dbd6842371fdf8712db7a40e24e4f676d6f56fc27204cdcf
SHA512 f251bd99bfe4de8fd64d5438ad1ee210a2effa7fb1912754b391b258f6ae0910394b1fa6a18b8e8b25f52f00e94086e479431c732b575eb2027c366afe7a27d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Ckiwiexploits.com%29\ls\data.sqlite

MD5 9c56a13800662e69a2726b79ac8df61c
SHA1 80c55ac40206c7a88a198b4d9e48fe4a6ea86a28
SHA256 4fec80e18aca65ea768614bfcb1caac96c11404ca307161f7a164ceeae27edf1
SHA512 69f88be46bf65dcfd1d1cf923de5d69857f45eea8434aa6c9f2ab6b07177969a465909eee06e2d5765570a6652734e112bfac6acae0ba581b384a4760b556b9f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\4196EDE99737A8B8FE215D2EA162F6C9015D3DD1

MD5 4b38125260e301e8411e1b4366b05044
SHA1 bd55e289da8e81753e83e4e73d9de22354d13388
SHA256 4a20519641560f5d31e386b83f53cc02d3b7305f099071141bd235775a52a5c6
SHA512 f182e2236e491ad581155be653d9b6422b39269aeceb1c2dfa153a5ad99092dca3e39155ee89b5ebe25bd4eb9ac12b3e983d17e2ab63dc84977dfd337c03dbe8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\8E82BB93F1CEC3586E4745CADA0142FAC0C6C0FE

MD5 be45a8b31087202132b1f5c65e2b3aab
SHA1 6c9486efc9e5cb47d3a38c1f4beef5f97ce934cd
SHA256 494c9f50358473c589ed54e6d40e4f2380f9e2b9f763d058168a6c9888879692
SHA512 8b9488d03da60ceea79a8a2811d0ee625713a9f502ed37adda69545298915711dbdc286f70ccb9d12d9ff9a64a417bddef1ef667e6e036900751995f950a4162

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\DE9B423E5DEB00AEA8431C9E53EE10B62D6539AA

MD5 d5de8b3b5e51dca125bf05cbca534cac
SHA1 03c2f64ede3158e3bf3a4d0c505ac0001cf4287c
SHA256 ee55ef28ec92c860090d40ff6380381012d4fcedd50c160a94732b97d8b66b4e
SHA512 88f6cc783678ad63bce7f6e71e8de7795e2dddc792dcfef625b6b8b1c263fbee05ed5263cf9a1f6ede27afacd6b6cf0229774716fc3def7f2c25f21a0590c41c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\4D1E6BEC250BAB060ABBC9C37AD2312040896FDC

MD5 4a829c0fee21578faefb6399b3e0dc45
SHA1 638aa382d0ebc8fa22c4d8f01eb2e5c40c04b2f6
SHA256 804ba1a0d9e56742745ea3faec3c631cc641310331903f7a6e4db38984a425b5
SHA512 f970bcd3ae8d878bab18ac41f800cac6040a825862749578b4c9df0d53e84612b905fa6e174b4f7f85df6ca6147c7b48b72751995f2adf81af60245ecf1518ae

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\29499

MD5 3a2d6880d24043065e5be822096f3cc7
SHA1 1fd3172baaa2a3306c2e8fd7a1bd6530fd7cc7cb
SHA256 4070f6c2b0abfa2ff3afb67f1172d5a034e53956d43959d67d62cb189f248ff3
SHA512 b1c907ca6b6eefe5768bea5fb68a971e0e3adc1e6cb66231d02b4747d51f820f699ce802444416e92fe6d4bcf0c3da5003e5c0415809908eb00794e6faa2ecd7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\93BC5B1A0C4B4C5E2274A019052D6B2BE0B54ED7

MD5 4044dcc75c20b3dce51641fed5932af4
SHA1 e688a6ed38fa0462c96259c8873e458d24793bf9
SHA256 36aeed265e7467848388a86807d657edff13e98a701c539c919f15e47baef1eb
SHA512 a0f175a4257fbca5d5c51f3b7a10d56882954a2219d7b2df7aee872f66a0dcbca9d989a9a3df939efa44c14bc767c8894709f146ef4eeb78498e5258f361b4b4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\9ED2B73BD8C04D36878FC4C7449ACEB7E65E7DD3

MD5 670c4a9f02a83fe0824ad8b85d7bd7bb
SHA1 01eb994d2df7eb6017f58115ee313c4d764ea731
SHA256 e58fb4be25a0af47c1b8e40df5bd84279bb433c9d236cd017962c05d7c536d68
SHA512 1edca3d964dcf35206d5131db880b560f05751a970d01f92341ab0adff05f7163dce74c29a78e129b1726b760b95ee073c9e81102b1d3e9d5e145a19b24bf09a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\F79468EF41245E7C77B33907187687A209D21329

MD5 8105d988f632935add0265213eee54a6
SHA1 9631df451717cf8e7a78f7fd50276d35c8d95829
SHA256 188739597cb7379b0e1da3cf899146d497b8495d28dddc3d8bbb42fb9f9cd9cd
SHA512 94b88f01bf81fa3c2c10e0b1afe6e3f9d5788e67e7f6bed7a431431b49ecdb1d85ecef35dee7c1dbc1eb396f2de5de56bb9add925837db27553a71eb940a4424

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\9A35B75E8EC6E81534CE9519896B64FBEC8A0652

MD5 70211dbc99d9107ee1ec3d8e1bdbddff
SHA1 b40c53da0a6ddfdc8baaf7d01d6840c71e73ddc2
SHA256 b089e4f3646f8b7229c4be4ba37cd4624ae58a5ede0fd3714f0f9114b97133a7
SHA512 53c650e33868c80bf65068293d8687f85625543f1c0c3b17e776437bfafe4b81f2e1651c87eae267410da724423621cc30d47d7a6945440e9b248cc2d9752abd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\32014

MD5 bb60cd2de99ac88afffbd64216170e27
SHA1 149af64716729d17ebfd7845dbdb7fc31bd388f5
SHA256 e1c12cb8041065fcf3a819790e6397dc20da130296c956a39f66df178b033802
SHA512 a04aa710ae63d062e60d8cb45ea79cc8c8dd6f583ab3aacbb09108f1cfa79c62da2afdb593db7bd5a6526834500d405c851f973fff16bc570a6b24dbba636269

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\31341

MD5 74137f2cad8a968656a168da9aaac0e6
SHA1 3edbc9d856d0c261b7d0b53c8e835e69c7930fe0
SHA256 badbd9eeb86536b4690eb4e1a9772ca7fd0239630d8c083276f3315a0a440ea4
SHA512 973b591a0ae26b826106a7320589facf0863bca5263a6665cfc8c44c8bcae166845f519be46984c836c0d425aa30c407c143f45ff98e5b911afc5202c404ef4b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\26516

MD5 d4ceaba647182c7a08b17d9b058dd573
SHA1 3fcf2827b2344636488667a8759df1b421959ac6
SHA256 202c03ef0764a35a47828491f22c47feabe6ab2e2d6561bd974d82df70ceec91
SHA512 42c05bf96e4bc6e0f76e8825618f466b1cc757e6a5d78ed1da47784c67dd3aa4c38250a0c56f9d7360098119999141c1a17a8845dc16157a767452eb2ac62d5c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\31050

MD5 6ee261ec52ebbe6b68642451c9c1d438
SHA1 a27fb1005406e53903bbfac41e841aaeb93c0d66
SHA256 2094e5af3cf9795a1a74900b784a099fb089c611a2af3e35ba146ab5b8268143
SHA512 e1a8de565c7134e3ef6d0aca9a4cdf596076413ce8e03521d228ec66429f69950da669452035a79794d48a415ab631282d4d88fc5cede20b24f257ceb3495c93

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\2955

MD5 fa2e0e73f16a54377b1541a1f37069c5
SHA1 b47a19bcd10aeb62bffb58e62a18f42414e430ee
SHA256 286e85079b86f1fedf1204bb48af2aee8f65a34d69f9081a99bb7c311c4828f8
SHA512 45edbbc24afad8b994045ad6022bfc1e0ddd5a8c972a46df7154009d90cd5a9ae95d6e50002d22e93f114fda6f67067401e6d0dfc45ca0e925fd4a8501709b43

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d46db5bde75266ad6645a15e8cfa1095
SHA1 6d2df347cd464c9a24e91e31b366cfd0ff80f714
SHA256 01783ca14239d103237594e46246eab80a1658c899a82f878b04d93bd8e4b646
SHA512 4559fd5faf5530d753a17cae769c6f0e4b0cb01dc6fea39e93a9e31be82b144a3aca4988d3c1d1cb1e02ededee42ced36695b25f9f966b83b847f47a1954263b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

MD5 2244cd878b0226951db857efb929f23f
SHA1 42635368792a28384a9b34315b3d7f6d69362c4f
SHA256 cb403a24cc4835810c5036399eff7ff501615f64e976c4c718bd3c84aed3790a
SHA512 574a69311f9d5becfd49d56fd5c839d0f5462e609d516148abe1279a9ce5775b4b4e4a820c2545748b2ef49beda301341b1b674e4f40148129968fadf3a15de7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\26617

MD5 32ed44c8c8b16c64e9acd1049e58aab5
SHA1 9bb58ae742438ab8a61dc83127eb08de925b9cab
SHA256 0aa6a68ef91b0803fd643017b65d3d924e9fa101554e36b981f8563a99877808
SHA512 8f6b189097ea8513b12ed619fbc85f666b395cbee49136abf8272f2f2c9ead9bafa9109300f798730d865ca94b25cb70d68793a6d2d86bc64c3c23bda99aaf31

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a9aa282246a265f1e17e6c590074c948
SHA1 2cccdd888939791bc5951b4ec25db4aa9914b8cb
SHA256 1f755f52f97c5175ffad3f8240c7f2f356cf32aaa582abb6d96fd2eec23fe1f4
SHA512 639c3a5b2e381eda3cf24424d1817425758a83c0294c7b3c585a25149b52b9c0840fcde1c928b2594310a16669d6065a787edb8980347dea882652414fd10f99

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\C1C92FB9FB2577D9E276A986BE5EA007F84F9466

MD5 97d366b5a945d465b81d3b7dc6781350
SHA1 c7f9e64bad1cdc66d3eabe06acd1e3817d9d2065
SHA256 72d1b20e0f0c453ef85306f56830086bb54a834f617a85c89397e9cb91919b6a
SHA512 d3d2abd24de04fb9b0aae4b116b376f31774efd9b72686815a3cf9c31f15ad06d518118ab03d0a6ae9e46fb1c3dc94d670c4760954e918e4be697e7bba86f4ce

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\1BFFFDC2B264973F5246D6E460A3B4C78DDF5300

MD5 708be7476d0a8dd0adfbc9e317e31b55
SHA1 4f97badcf5b0cdc18704625e3000db97a8040344
SHA256 19cf4087067e53a0ac3bfe5284f6749d6f6604701f071a98082f8f33611828aa
SHA512 8d35847f59671130c7d35829f456546b4db61b774961ee8e52f01ac53be0b5d5eae90c41a38ffa87111b1abe04472a7fd1577b4d128a3da7e1d5d5ce330996e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\11576

MD5 3240e7f76cdf7cd2d7984868c6ad4fb4
SHA1 fcc96df135eff993004316d30bd036412ade34ea
SHA256 3acf93cbff06b472f7881350ca1fca0329aec59ae0865241862aa7421669f385
SHA512 a0b63d02e7b24b28e5755c821753bf46fc8695c0eadedb5833116e93d84e23534946e297ecbc735afd3d125e752673bb1beee75620a65a9ac20d6abc82eb97b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\93E1CA95732F260CB0699ADD101FA43E0C6D25C6

MD5 038699d38c14f2856f6ece6bc7be1885
SHA1 2aa04ac135f2bb5c8464a0f68ed2f81a0cd2a34a
SHA256 cdde01a578e39a011ab51021138b05963852b781e6c0abe7d389672191dca82a
SHA512 92a610611353414ea4b19e8daf110abd34f918b26e57ad891fc99fd237d06b699a0c3955c93d70e816fc5a5e628f222619d88e342ea11fcc9bdf2a93dfc7708e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\C5A50699F8C5A9873DD3A1686E1EE6A8C96B2304

MD5 0cc5d9b3c68af8b0ba1ddf14a43e87d8
SHA1 92abff7221b58d5c815bf5d691624e68db95c031
SHA256 79b598b5926d0701c42ac2e21fa4f83c0b4fc5c057822b34b1a06d0947130c1d
SHA512 6c8d2c1e1e7062f5539c8166003e994a152af8abc4c35bb16683f7f1eb95971a76b3758c4c8cca4d62752e26cde46628b7fb98260df7cc535fea8d554a8ee242

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\57F946C294687BBD44954FC63699716D2694C685

MD5 6d417e5c7a92679906d7eeb7e8fb72bf
SHA1 b339b7463e7703e0cf660c15b0d68c6355780c42
SHA256 14b352e47387e25405ee2869c7c841b305a91b5fb1e3dbd1b4f76ac323c6bc8f
SHA512 009965f3f5945dd32836ea1a47f9d6d916ac223e008ebd4d7a3e0196e60c521f157b85a55c0c48f777ca83c1e27b24a3bbf16253d9b45e00c605c56f1dbcb4c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\4878

MD5 9f11581913e748bd7418845f13ede6f6
SHA1 520cd8735f7d4209480976f75aed05404efa38ff
SHA256 f5819bb5b846589a4862d899c68125a0ddc733307c3b533a84b13545d4c4694c
SHA512 c8d10176dba6281eef6879506a5a7ac3b480a63df991d274b32acabdfc1e8f9affb35dc686f4b9bcdb24ca23f37646786894000b1be40130c222eec47670ffcb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\11521

MD5 974788debd15986ed4393c8663890ba9
SHA1 380a6f0c89d612753e183f38b3a5958aeae69597
SHA256 c6da2f05bbaccdd5e5673064c9d740de924d55824aa56e8d2650de12e0297228
SHA512 38ebb5272b82016b50932c94bab6a702eb5ba3898f77d7a2d5f4ce2c8e8d9626bae7e627bae17e774600e9e244c851dfc1553fee98f1444fbca9407b47dfc9c9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 f1debd23c767ca7ecb5d3928bb63fa55
SHA1 4587a08ed705118c4ef68600a47e67d4968dfcf8
SHA256 a476bd7143e8556e4fa46a6509da8f872805d7d93ab603ce352f87c8a07bb75c
SHA512 6dc973c8212b948470669803b7150243f8ed49263bbfcdbfc24e5f20db9c48af82eadf5fe5fa348e3c5c5c4c20d1a51cd52fd8c20cff285cd5281482d4415d70

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 e32f97705db32d661a32337fbba57441
SHA1 855e1f9c3d1e983e9538d559b060d1bffa83ea27
SHA256 477496c6a4612d4c99280606d980c6852f835289fbefb1b1c56c6d1e73287726
SHA512 84fcb210e3960e68b4fc23e19af144f7e3b5a29a9f8c45514c70ecf97441b6b216be63239722b4add319ec2b60df8c845cdfccc0318a9241031b8d0e9bea9f43

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\18582

MD5 cb29feac0da6e70ca340b87167d12568
SHA1 20f38b6bc48c942e96258e9fd1a7097217f31f33
SHA256 b0509cc3b44f250f209d6b5cb44b702ec93548edfb1caf1b4cd53c884c6fdbfc
SHA512 10c72de0ded06f25e872092062b115ad7dec6dbc53f448451e3bdf76e5a38874ac1b76de2d51e3dddfb2c7df3f00d5b2ff49146dc869d0dbcacefeb27e5786d9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\716B0C7A478AAADC30B04D5F7CCEFE2E26A265B9

MD5 ada3b59c52d6aba7f8fd125a79897a93
SHA1 2ea247b8a8b687914a94fd135b584468443eaf9f
SHA256 c485c58b5f39bbd6b55b3ad36bd9e88a6bfe9cab33d39c13728850aa67038bab
SHA512 ad8621f7ccfa13eb66f7ff2f8f514cfa42cdc4665a720d69a3e0a94941944005994a3266d49e5e4bb1f66e98a89aca9ba5de67a01dbe6f084e05f71e4c6b015f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 86c3ed005e30ae8e3e6a2b0d9d01f5a4
SHA1 0d8ef4fd918aa128b35f799075399e9b1dfe1609
SHA256 d76aa3ea5c25a2b9a6115aad2411c76cd1dc0ea6179ae227210008a6d3114b93
SHA512 8d7a21b4f985459524be3989cba759edd5e5e80c28925141989c70fcf10a50c894cc78542f08af9bfa5ccde3a1ab906c1089b8d0cab33892ad98b39eb9a067fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\BE364FB9C0417328A407B1BE041F07CFA6359678

MD5 6599692ae2fcf34b52cc89084d61e1b7
SHA1 af0f8b431c29d0c4eae7230b0100f4aef6b2b86c
SHA256 fa6876ea669767ed2396afeff48c8cb4ea75227a766d43f912b1801e13c4ad4f
SHA512 4586b12e26b2cf45d98095718660bc0c1ad78e3181c92724f571211f6c1b5839804bfef82be754dea0be39918ce5ecc6c29871a047a8426a2615a446ffa520bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++sonij.wedonhisdhiltew.info\cache\morgue\177\{8c329c3c-6038-4125-a8ed-db1cc9a9e7b1}.final

MD5 99fab383bef938be27b46bbaf88d46dd
SHA1 e7e06620d07fc7b44bce0232c410ca5ea686d823
SHA256 ea99e365e0986a3a5fc25a0b534bf41428bb20949540fe0962ea8a2b72cbf36a
SHA512 357d7cbd8a6a4b83e955dda5aee1ad7c6523af640dad0de6d95ca26d704b2f6757cf088164ebf5902ff7c3e551274031642d360727346ede872bbbf7cdb281f8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7bc246515045e80baaed23f7e0bf02b7
SHA1 e186ca268033e51a5cc628680bc72aeb4826df6a
SHA256 5d0c89d56ca30f0a567c3d7814100356a030a9bdf4902313ac5404cebe8d3c5a
SHA512 86c195cf24f2cfffdb4030c95727a4e51efcdf3915d1691e3242c93af2b80b2d15beccd530ecdc1f3322d25fa7795df0b6213464a49dc117c6260272e6498ef8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\711d6a89-9e24-4f6f-9acb-01029f8c0608

MD5 f9af477a784802c7eedf9283648800fe
SHA1 12cd7737fb3e56945e005ee7dfb69e6a0517dfb0
SHA256 d9bc2b9f99ad97af2934fe5db3f07ae9733d3786519373e868972b1713ba8aba
SHA512 71cf6d7416d5635456c8eedfb11d4ac760dcf245ae7fd23eec74d6a6c4001f0896cae867250c4de23e2112a85208d9c9e092f6c1944c2746eb80666d5945891c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\8e2dc606-3345-4e61-9a92-e1301752d9e0

MD5 81604a85eeb85a8bf30382de48d60f3b
SHA1 a1206ee4474b053ba6a6958e079d8bee723800d0
SHA256 c8686190e2732664fd38e010651092249262e2ae043cc560f02ec85dfbf84762
SHA512 9056ff115314569503c3f00389ac4c60cdbcb42ad02c43ddc40f263fcf00c02a93ac59c34f056e6e4daf2645460bf7524ae346f01445da20fe5a74193107dae1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\db\data.safe.bin

MD5 7e92e3914265637733d9ca8a6bee2acd
SHA1 10d5ba6b3a4129599f334ce6038e1051d2aae333
SHA256 d90e16b9debcf26b8402f62763fe35072ef9487be3e9c843970e36b60cfdeea3
SHA512 40de08e7c691b938bba63dfea3764086b6e60247b840ea8140ac8617f2a4ef4ab056e641ea24f8e5f7c56f8fbfe6b42c24d328b6f94f4cf5e97d364a4da1678c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js

MD5 89a2ba4eb485886cebccf29070d84de6
SHA1 8e3116737f2a89473a018a1f7f202d321be76ee2
SHA256 87c8e63531f0bd011bbbfbaa552532610e44d4d8dee429cbb0ee4bf7c69d18c7
SHA512 8a7dfb1937a4f83e1daabe119de93f391b48ad2a12d82a06ec39508138d206ba6d7a1ecd7f463e47c5fdee20527445b53d50a13275adfe365f6d44b58e647e9b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 12e35112ea2ccde2d0d944dd3a63b7fc
SHA1 741d6c29b976369c0eab1108d2c23137e7d106dc
SHA256 a6c2285dd690942748aa6ad08ecac5383a3d46a454188e2a9d3a740b01655dd2
SHA512 deed0833e849667173e64eb2a983def4f6f0b699d479b89d28161aa76c1f41860883e2f9d79115fb27d787aa49ea610c003c98bc9df54a82f4349fd56f18938c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 29d63fd6c3cc1f0d91a7d4728d49b940
SHA1 1947b60bac6574c6f5be753950e683352404934d
SHA256 baa237ee405eb436577f63cc9e53af6d068eb6ef918029e2bf302bdf60ec0003
SHA512 b1edc0732b05bdbdd0e2888524ae87ce18d0c8783ba4f75dd9d1a71cb211cb2b2475ff4fa7484ec45abc27e0414c416df6bc2aa0cd4f0c9e4887079a6bd901c5

C:\Users\Admin\Downloads\Kiwi_X_External.XgV6ybm0.rar.part

MD5 52cf876c8d942c1154366a6b98c8c207
SHA1 0a9abc04cebe91a8b069076e087dde1ab8a3c833
SHA256 0f0f35e888a3e591f87926c3222e9107fd79aaf9bd2d57acba89ba4c7d598245
SHA512 79fe7a86757e6d00c1995d20779778f20f6cd4cd26f7795dd4d836015d9f01091e802095c0173ad65a3d9cf546a335820406c58ad230fe4a617975600ee1944e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js

MD5 9bb66e6c65bcf9cfcc2b342d186cf58f
SHA1 01fab5b4ab8a19a9227b1f00c6cb05f0c6992576
SHA256 bfec89f735250c5d565180a23598bd0492bcbba757464aa562f3746501f01cd8
SHA512 6a7b2f37987ddf1bee3011b934e63287a1e0d39fef044cc945fc53b47293d4345964e1888181608cd4244aef44910747216773d3e2d6eaf1734c4b0451f3aa93

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 2ddcb5a2854a6f26c5b03ec65633ad51
SHA1 56e4da569bee186bbb04fc90229b27d7f1c8dc5c
SHA256 a8a02ba1ed8f8a0af56f853955a7e74cb11c4f5e72cf58547fa899aa981958f4
SHA512 876653f498d6229cce16f8fa19d56af571471c89021c02ba28731eba407eb3fbe067cd02aa3b35e2a4853ef834e38c2ecb158d86aea8ea347460792e89f8301a

C:\Users\Admin\Downloads\Kiwi_X_External.rar

MD5 a170e08729d87886b0b7583b292ca160
SHA1 f8879e5dcaee08fd488ff93d043c4ff36cd84295
SHA256 bb2b7298bd6852a0376b41072e1ee0ee1001d8522918e43feaca98aa710b429f
SHA512 0f7faa0ae13c3431d372cb85003dc5550afdd138a94662437450aa6bd74a03b10459f77469be0dab8c7eb90c7a49e3a06d59d55767baa065a961967288d14aa5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\3005C40E9FA4E6F421ECE2460AFDA15E2F76E0A3

MD5 2ec49499d210db5b84f5c1d105ea5e91
SHA1 8b1ea4cadb5555eae032578bc35807f16c4a0340
SHA256 bcbae591d1203df36b7192b07c5e370ff43c38764b0fc9f1d35e63ff57155dad
SHA512 f254e0dd52fec0ed48b6fc33905b9f414a3111e35e0c9ce482319feec66019079134333f8fd4bfac179a3c433cad4fbf795155f4faa188c7091acb90d47f188f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\612E506778E696394F0640B9B18DBDD0A4DED0F4

MD5 5b4d373dfbe00811912b759340f4e2d1
SHA1 49b2c85e1717d1654db9fa7c31576ccf4641d9ce
SHA256 9ad9d183d0358976549df54d080a12400c3ad32ff4eb822cd3faafcf2252336c
SHA512 73679d66dc42d3761eff8d08362b697a94761054f496dd53f512872da26f0d132be82c4c4401919f5c86b2170f3b9148c572980e4e0aab39661d2bdbb77d6b8a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++qvmto.wedonhisdhiltew.info^userContextId=5\cache\morgue\124\{d3f925df-e8fe-4869-b124-8dd93a7f7e7c}.final

MD5 0f4a594f04af591323c140f67acf3e3f
SHA1 43c37a73f84c2499c9b27bc8d90796ed8ae55c89
SHA256 f124f33714aafd6c36de9a95dc8a90191e57ac6eb1776b4c517e2d9b400bba1a
SHA512 3bea6ec76cff4eeeb8aeea2873f968ef61dfe6671773bdd51aa4f121e4473c98d768ae855803422688d4c39ebfeab5caee9628eecb85152e74968190c187e478

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\serviceworker.txt

MD5 9c481cbb98c516bb7f1098366fdc7f51
SHA1 6876ee7a16c99cfd4d9adb67606e7a54e84e6c95
SHA256 303353de1e8e5e01204323ecc83e3892e5c08237fbecb5755adb0acf0182c188
SHA512 52050cf381f4989751cf5082793039ad23b081c778d791bd0c854b56d8b4f1576c6f56ee1c30ab255e57dae0272c89a4d8ca5ab92af6e7e5b6a41a9571666704

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\serviceworker-1.txt

MD5 bcc6e2058b2712fcbd98bd87bb51dfd9
SHA1 efef2ab3a5768c4367a2122c2153847fa5c1722c
SHA256 c4580d7c1e88aa31e4f5a09fb80ff9e72e7c447708ab30f15611702ab3fe5f48
SHA512 292b00ce11e58a531e8fc51629cc87632763426aa1fe04c387c134146d889f7c766d9413fc8be4ce93682d886e07f5c841d497684130fe0fd99defdb55a820f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\default\https+++qvmto.wedonhisdhiltew.info^userContextId=5\cache\.padding

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 687dc8a8ddbe89e10403cd1d89b45db2
SHA1 b69be00861460285d3ef5b28dfdbaca3148956a2
SHA256 134b1d21125175786dde857961c489c5607c8fa11354378e0013f594f08de69e
SHA512 7cbae6fa6182bef8f9d8f2797886dd6a6612ce70cc7213ef8b84b5f33d0c996af0408801839082e10be0206772fc532430121ef8f3133f6b79ebc48dc22dfdcc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ba88181d95f1368f37c8c37e9e217740
SHA1 e74cf871df66ea26ad5e87f76fd2a5b98d270d51
SHA256 1608de57dceff98f6561c79b9fdd0bdf493b4d5118c771b7193dc3d2869b7a46
SHA512 a785f84ce7469c3a347ceb1a7bf8adb17646e3cf7039babfe9489536cc18cc3f2e45a639474b26572c9be2fc46f0c81c82596d2df7825db5b76fc28d2e7e2b6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore.jsonlz4

MD5 477efa2ce1156036ca77589afd9488a3
SHA1 0a8725b101a1e0481d998959bc9fcd83f85c7830
SHA256 f399d4cebbc29ef784f44d2c88ed223489fa9de9cf06678be8b697d93674a271
SHA512 b6a5771321b1abf7fe9bb46ad8df995f5a00b227d1d24b8c08993e93217e241cfad5f4ce694f0c9807c18980455105e66e304baa21733b6a11f3fe6360207914

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js

MD5 40bbd5e2b1f8db353fe0c0864cade1d2
SHA1 038af6e0fe9b88ebecda7d26a6e1838372c6e2b9
SHA256 6ff39c62da6156db73b6817a438111ac95aa9a68a5365b7f6ee5b03bca9664b6
SHA512 979daa76163fc7ca67c39bca5a72e6f53a2461bb3f261e66fccbad0ba8d8f5706c2234965d139f3ac5ea299600df9712433e909a8ea5981da08dc2da5436e45c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\AlternateServices-1.txt

MD5 5f01bdabecbae1f18c835496c1acd7be
SHA1 59b50935b1da887659c71d79ee2c533fcd6ce0ca
SHA256 b2f059f41b2da518d9a0a6a9576f67968711a76d90a73574a91ddf4557cf60f4
SHA512 a0ab8d1ed4dce937dd656204e0d13d714ea7c21f875dc7e3eef4ea73ca168e63b25c8bf9a842835825634af3a0dbb1c5a72e5508ce5aad7f781dedd20ee8ede5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0e10a8550dceecf34b33a98b85d5fa0b
SHA1 357ed761cbff74e7f3f75cd15074b4f7f3bcdce0
SHA256 5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61
SHA512 fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

\??\pipe\LOCAL\crashpad_5044_ZVOPIKHRUZRZWYMB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3b1e59e67b947d63336fe9c8a1a5cebc
SHA1 5dc7146555c05d8eb1c9680b1b5c98537dd19b91
SHA256 7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263
SHA512 2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 28bdf1c77a53be7e158c970af9bfcc04
SHA1 d91867a52d09ad493a452c29a99161e2bb6931e2
SHA256 dcb222d27bdf12eb3e76491b3e5eeb7e7c0dff8d86a338479c299af149afe37f
SHA512 df55317e258b846a2c092b868260e106b586e0f203623b9a4d3436d54f9bfca3a0db855a7828386db6cc59634aaa469af132e28ba4d49894986415e80d01e257

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3ab21cc3826c45764f75b6dbd81df992
SHA1 56ed98231cdf14c9c324db8bc0ae3acd79b3eb3a
SHA256 5a0fc107271a38141c354ff437608b467a821ae24219ab8fbbaf37d04943e3ab
SHA512 305fc943faa6faffdf403a032fcf4a869cb29ae0da40706fc49abc6531a63283be1499e47b0ad76e165ddde601f1e9873ac2fcac8bfcb0e7d85cc5c8211a9013

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a95fae3599822e5a3471f459e35fea79
SHA1 1ec95076361748e4a3e612e3110bb1579ca5d48c
SHA256 50a97805dedc8a0ef53aa96d4b300d4a04da2cd4343935447b1fe2eafd1d77f6
SHA512 c88f5963cba3921ecd2a3f2c612a6ee2e8b71d6bdd9c5cf8e5f5b01b3c330fccb46494030d466d3611a9177c96fd2cdf7325a2e97bb61738f2face95267f5a28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 54c066833d04d68bde124bc6152d1406
SHA1 616710d1300989c07c56463b60b00502935116c3
SHA256 595f0da39a54dcb65f28cdcdf0b733c582479a97b4e8d9bb194b4e735913905f
SHA512 3a494b17bb1c43b556e2a42361e321f922274b98b0d49653a7ab66f11aff95da741e8aec13d656df5fc9e7962b263fb2e35bbab948132ee99c6f5f64cef2d30c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d4941.TMP

MD5 67447a7de3af1a821ce1bc2b767fd540
SHA1 733b6ec3af918db6fcf47667987c1c84143ceb3b
SHA256 e539936b3638ba01a4548b2669a1a1519fff783a90fa3c581676d9522aa38a9b
SHA512 d16597d811ea35a0d016e845d55db6994828ae2876aba2d8586f059cd6dfd16d76fd1b037c5d833d41fe2e4b65158f1e08e51e7e29ef57fdbbe7f2a6c0a49bbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 200f341f56e90b8ee9968c484e268a1a
SHA1 d8f4d44e5de24a68e508ee03b96df9d9235ee438
SHA256 0008d7e0ff159450ede66d9b316e8796f3fe05fd843a721ea65abd54e3e39521
SHA512 4d8ec256555d56afe08553cda815a0cf9baae13e61195ebcab734264a36b1877a4fb42ef4e4dd5ca4b854c75e53a2fb697987e70919d1ab74443ee434e00602c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 94e24b5ae3a355b4ebffea1c4ecd78eb
SHA1 484597e7b19fa055dab9337dc3d7981fb708de14
SHA256 8793781f515734a62758e2ee7bf2f224d0468171e674bbbe8a5d3fdcba0284c5
SHA512 696950051f04c18aeb27b03389f00e1f732f8ed5bf8fc0888bbe9a8886a2f5aa7f8c8c4683a7cc4bdd529da6d4a1368dc417fb596365f818475af055ca7abd3a

C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe

MD5 f87a6d4641fc581c9b23b44a1a47506c
SHA1 fb1248fac7fa53f9565918b340b29f630d462cbb
SHA256 63712b1b2aaf11ec0b24f0014c8a4ef3609aac584521d0bee8923f7feb9d1ea4
SHA512 ba8aa0470ccd898ad1ec4beb8e8dcda485431fc902396c9006f3e144a0d16c747d532cba752feeb621afbb3f9c8405e164af8121972180f635731a33a069b467

C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe

MD5 cc630e12e13866026972810cc3191d3e
SHA1 6209861d147e86165af5424e5892b991f98329cf
SHA256 61a42e47f5698dddd6afc08a771043d07c39507be0251ca094eb7ed69d0368b1
SHA512 695ee6ba6002e91936c04d5be5eff620968b1846ba3effa659aa724b6e53aadc57ddddfe07256721a461ffc6363ce5634a962f5e84a1b899a57e1325a5819af5

C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe

MD5 5e314151de7c003b4639812e39c6d609
SHA1 bd862fd4565abc16a8d81c2fa6e70ba2607d2153
SHA256 9bb2d823fa32e196561e71a6f8ad3649b333a1eff6c6af2ed527e9394252c8e7
SHA512 1509a5019f9bd5f2aad2a0e1561d9aea172404a285b8a7cb39a4f9bcf1914dfc537b0e224a7e347f0e9be54647a78c2c7a9d6f3baa9851e11aa0ea239dc9e74d

C:\Windows\Temp\{B7F226A1-2048-449B-BDC9-1CB6DDD3F295}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe

MD5 9656c3086081a41540338b94df6ae084
SHA1 dc87b2d0dde3604437d13d2f89fe9ecb7c7b0373
SHA256 6a7a85e1b9e899ce83ca29eca2e0b34126acf97675991b431b279278a03c41f2
SHA512 7bdfc5943968403b787700f5c4e12d88f34bdca4569fbff21e178c17eba40f8db68135aaf426b990617316c10b86687a08375c611c4a9e5a8db8eb2c2be3e9cc

C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.ba\wixstdba.dll

MD5 4356ee50f0b1a878e270614780ddf095
SHA1 b5c0915f023b2e4ed3e122322abc40c4437909af
SHA256 41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512 b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\.ba\bg.png

MD5 9eb0320dfbf2bd541e6a55c01ddc9f20
SHA1 eb282a66d29594346531b1ff886d455e1dcd6d99
SHA256 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA512 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 808b0552cf911142b6d28b3229d12860
SHA1 ae0482b8d54efac8916f58c99ee9cfdcebda282d
SHA256 3314a32ab68bb23ea26a0882b68a20e36760c341d615072a374bdaf0542a34c2
SHA512 a71905d64074144e9281e12b91de939071394307b2071e24c86845ac3c9addcce495a0bddb5d4784b5ce3cb59c011bdd684bf9e16b274c453ebbef5dc6a71ccb

C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\dotnet_runtime_7.0.16_win_x64.msi

MD5 582c8d077076ef963bc21d757a984b63
SHA1 36a66bf42ee29809a0cceda6e46b1009d44df9ab
SHA256 e07232882a13bbbb7e9bd1a1b299c087ae28b0a837781f430c778d66248e6f92
SHA512 f0227b909ed3d749d3f3d0002d8708f2032184319babec3391a83cfc52f6b40f78ba326c836aa13843aba77de40be440851aca3c1668b5cd0241316f04a03797

C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\dotnet_hostfxr_7.0.16_win_x64.msi

MD5 3db1b0ad874499a5bd80b9ad2ed2103f
SHA1 77f02d58918daa3cb25364960a1196ce2f711d0f
SHA256 7b32cfc57dae7fe08f7ed00d54771107aeb4b80305a7269f6b9ac2cb19710c35
SHA512 e2214799e8febb31e2dadeef8904e5692fb94f916500960642b780a4b68f9bd2d8d7e62d579418bcced9a7b0f7ff958e672783fc019617d17499e8c5e1b777e1

C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\windowsdesktop_runtime_7.0.16_win_x64.msi

MD5 5089f8fd6f0c5be267acba4f892320a9
SHA1 02e504cefb7e88fce87a2b8ed2a75bcb811cb42e
SHA256 6fa4bcc25cd0bd921037cab8ad2188246ca5cc6cb53de4f7a6d60822b16ebc32
SHA512 bcc0403a7f5b29ad70294e1fae23f9af1609019c54f175e857c59dae6143f185366a84975fe168b0638d4de501eada986f9072a0bb8e4cf0e9c188a215ee6d6f

C:\Windows\Temp\{E0E3E6EA-571F-4581-8D80-8A9EF97C0C95}\dotnet_host_7.0.16_win_x64.msi

MD5 a1f68b5ec6da37ffc65f12f106d70f3d
SHA1 1bef05fa3f179a9ad079326a5a38b7728a81967c
SHA256 7c01b2af6cd178d88dc11b2c12840beb0b08f8dc4e8958ba8d7166759e0c64b8
SHA512 0dc65ee5f8a4720012e678dbeaaa44df10e12ad7941f4835c37a0d178abb7f282d0ee13e7b45fc56141489826c3c980020179ffb5973989a463f4aeacd188a93

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240222201447_000_dotnet_runtime_7.0.16_win_x64.msi.log

MD5 391a39ee200ac1b8ad1c8868a7175849
SHA1 7f69b2b1fa350cd30a6839014ee39a42df19a5ce
SHA256 c85923874c73218083a9400b5350fb4c8b2231a9ca5ed62365a48890ccc77897
SHA512 77e4927aee63299cf8701fd2005514083e71724e21d205c4156ecce2d6d4c2a5e5726e98d574af041e89f99c15edcc396536c63e9e3dff7db22664e28fbc00b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4a58f84fc8666772d72054603a629775
SHA1 8b519d14ab880c4eae8577ed93c12b57bfd5cefe
SHA256 848415e750e27f6372ff8c8d5c3a1ed4d41a0c4e2ad80014a2ef41e8188cb41f
SHA512 050bf0c76e5f58e4eadad52eaa79ec9bdbd78768076f4ce52b6afa1665a5c7507995e30b206d9e783ffab92c4c2acbeed7fe52295bbaa131137428457a584240

C:\Windows\Installer\MSIA9D.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Windows\Installer\e5e060d.msi

MD5 aac5c3109eea682ed41382a363767426
SHA1 1328428ae70492c1d64feb9fe7c34317b5f14f14
SHA256 6ae3ddf51100019f7e19c0168848444462b57a9fa9de4cce320f58fce1299e6f
SHA512 3cf520066be953ed8121775b3d6a8921e77796cdeb77dc7cf5ee245d8ce0f7ead696691d4988c3eff64ee814d97c75d63eeaf9e6e6fa3ad56ecd3b8c1826ad9e

C:\Config.Msi\e5e060c.rbs

MD5 2d897bb2826ba77dbaf5b6eb8ea4865a
SHA1 071605fd23b21d654326f4a9f8479e8272e2c723
SHA256 f5e45f855c6f04031a74d50ba9970e789cdae05dae1bb91d0939c33ed978f4bc
SHA512 fdc868c93b01da932b1f64cdf5674a7259047f950f0473b749faaa4eb694e593fcc4c33ef666e1d749c2dc9e0b7f485d482b241f8b7d2c09a54b7f520ba2cf32

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240222201447_001_dotnet_hostfxr_7.0.16_win_x64.msi.log

MD5 6fdc279481982394634ba9b19c34513a
SHA1 82d153c23a0df1e6a366bb61dca3599ea5b70321
SHA256 c0118d2766486291ac89ec9103b2b5676a7bd4f2afa5b576e6ba5609cb03c79e
SHA512 1ff01b01e4d90e053550daaea4897eb98a356b9537dc27e53d9b852de590f78fd5501e6beb362fa744e6b872a32182c2146f15373effaada27c040b760825bf1

C:\Config.Msi\e5e0611.rbs

MD5 7e5eda03e1cd26db0e91f1e541142c52
SHA1 401a9b34dc0e7e91033313202ef0c62e7ac3af57
SHA256 2e27ef15f3ece2667c3994a10910046531badf7633f7e64efb097ac5d978e9ca
SHA512 8a72d4eaf05be6418ea933b5077ca2f5ee4c8bedbf511df2118190d4d40d0705f5f7d913267591f2b1a0af138e2c69f2c4ec89adfc2e0c24e5f9dd0c65f6998c

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240222201447_002_dotnet_host_7.0.16_win_x64.msi.log

MD5 b23e9123ac109793ece36740c2678985
SHA1 147ac3a28ea9bb5b6db995ba8e648d96e121829e
SHA256 081c0158be6b5fa75a9422eebf4458b41efa4c37d80d317273b972ff492c6fbb
SHA512 51e9854f8588731dd3336a26cb0a55ab3fe8711b91547f1e2055492d0c11fc0f5a5ac9e31d7649269a2ea6269e45f30d1fbf6c1cac4c8c383d0472324f52e4c2

C:\Program Files\dotnet\ThirdPartyNotices.txt

MD5 5c13a5ea8c8cc3474240981d0ffa88ff
SHA1 1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80
SHA256 4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da
SHA512 32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88

C:\Config.Msi\e5e0616.rbs

MD5 a21764e05a5e075339cf6bbf878c2355
SHA1 6a80280f4468b310b5292591580f7f4db3c77852
SHA256 53611992867f47d85a7b26f02987351dcf1e841e4f996c47a330ab663a1d8c75
SHA512 2ff969b765f9610cb27996728380421178ac59bd17fafe92f7a02651be73558a137ae64cefa46c37e7c7a4fb63f04e2faaade24e0649b09609b1f7d3b3a459c6

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240222201447_003_windowsdesktop_runtime_7.0.16_win_x64.msi.log

MD5 dfacb3fcd9b82271e7525bb658052552
SHA1 0bf17676ed8e34f58f48d23b249bbf537af7ab42
SHA256 727454b96d6419e9d779ed43a2cecea38d21c08fda6797f8a644900e11398b01
SHA512 48e634225547253bb70f7de13ff602f1841e13cfcc12d32a6628c2351638375ad4b5660c4dfedbfaee751727a6d7a518622ada83abaa658d07c317e55624c644

C:\Windows\Installer\e5e061d.msi

MD5 d079a220fbf02ab89e53ac56efc42cd4
SHA1 8a42d27748dd07d46def2045f3ea8ca9c8388ba3
SHA256 0184e4536db8bd0a57cd2f80946ed435339e1977494488ca66dcf5454fc4ed03
SHA512 7aad48a392168911f131e4270c64a0eb05902434b6dce9821c216c6544e91b25d90efda366e9c376ee9c25d9fb9431f61428ee3b05b053d8eb015cd2b8ad8bea

C:\Config.Msi\e5e061c.rbs

MD5 1e080e66a10f4193b8349dd417b3278b
SHA1 d649eb50d0907177a5209aa623f1fa207fa39a64
SHA256 eb2b8fed2b370672f52b3c4a107f4bb015a4ba401177398db62201b8f6dc886f
SHA512 a7c08f66a1db3f965042db72648508a5afff5b63f91a79da79d4cfb9a5a09dc5edc5541e31fd76b1090695362b2ab6f7285e2899704b235d4b60cc9deb0a8849

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d9211c5c69a6652627746c4b7e7eb61b
SHA1 18e0f0a286dd130fdbe43fde2a4511bb188617b7
SHA256 f3492276ba0a802d1be94edeeb0e131e25ac30b6e49c6790619825e9ddec5c4f
SHA512 dc128f16c9931afc84af75d77ff42e93c3ccc09acdaadf2d3f44b0fb5885ca295d3984b360ebce952a34a82cc2d2f0b6f96ee0281c61250d19b78d3859836d29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6ee2f74e5039357b003a4f30380cd9ad
SHA1 9d86f60f4f4249ce575a35ded017653dee71eca2
SHA256 3c757dd6e353e0e36f36e0d43eb39fe3eba6969bd0398069215951ddb88fa43e
SHA512 e1fa206ce72c19949e8d963e4cda538d0c03c7c3c6a9fa9927b5de511504644a55f6d6905349a119b828cbc8699932a934b083b31186f4265777dcbd0633d889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 63938bd722f2130255d3125ba163e556
SHA1 8c818ec8f7fe25a431390211fad069a68c71364b
SHA256 286feeed8483587632a93e5fcf423a55159c6b4097cd72badf704537a8fb05f4
SHA512 421482381c513df23ae3fff0438c84468b57e10e493d489af6c5ce05bdcdabf64230b3e2a4ad8bd855d74193a50c61ba2c38f1f87b8076c55010b5d3aa40f9e0

C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json

MD5 3deb9f3c8b4119aa7de8da6126679551
SHA1 b17abfcc58751439f95b2e4e61ccf878e2818d05
SHA256 2d2927af7b8107fb4b694634c0a9e5bfbfb8e8eebdc597dac733c7841dfb4267
SHA512 ceef77f03876d8baa535e1a10592b9551aa7a488e33ac0a357db93d50da2fa23b65526a4ea90f5b3942d334ba2688633b1b278940701b6f6fec4607d4005ee68

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json

MD5 01da0d56ab33c0ed0e7ac85e5244190f
SHA1 9e1e4b59e590038f769e5fa01fb326109a7f38e5
SHA256 7133274dc5efab688a6efe2f43ca33e78a2498ef39efcad231b0e07ad2c26d17
SHA512 e11967ba33c719da1681a7f98056d40f450788d9b7c8b2f580d8bc7998fc35a78c53fc970301b097c527fab79fd477adad4eafcd75b4bb376d33c3fece9e8926

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json

MD5 ce04d47e59a50ce6bfec7228b658b872
SHA1 185b1eed8449732a4ca8097280ff93efd0ebe9c2
SHA256 cd33dc99a0dd2056abc49127d335d5288e9197e95d4a2836e9b1cfbbb1582b66
SHA512 36b38c8b44defe8f632e074a1bc5445d1c1d324fbefac3cd345bb015f33a7a31482004188eeb147be9f1015ce40797a37351228932b6940e7b4865a698957d89

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll

MD5 07d32c17cefc890238c9d4c836b21ad3
SHA1 8901bbd735f5366ff77733821fd0bfaee778b453
SHA256 61d3284520ffd8199f68642bbefd84336e35f6ae71ae6b9e4813a80f1bfd099a
SHA512 497ea9f6b59b78fa2dfa11916af53eb0d9e430d73374cde6564558031ef66703b22954d571404adb5957f3e635612c03be66ec872aae47a1de2321f2f078e7fd

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll

MD5 2a1c4c9fe6fad3d4080a95291b42af49
SHA1 f43fd14a71d3291806e1d0410cce9dd6aaed74a4
SHA256 9984cef70363b81dc58af8872a9b5fb225a3520c7297547ab4b941c3ed6990d0
SHA512 bfc15960d9cb8423b8dad11dc8e9910bc9a898ff59bcb05729e613008b63a242319c7c7e001a4f25b474be733acf98f24df8f6f6b3afc797b99185831a2370a4

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll

MD5 8b658473a01ffe6e1136cb7ebf56d7c0
SHA1 437d34e38d3ebaab6614c5fe8fa6c47bc7cf3591
SHA256 646a13d60f5a7478de72b1135a518652d9acdd82d4943cb57cf9d1d95ba47681
SHA512 33612685da60fdaa78853703ccd50dc9d0dc071eb01ffe565f7cd96c481ac132b8f955fd6c91d9530efb427b8cc43807792ea2ce0d9a4e5013ba4afebd4539e8

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll

MD5 c4e254ba9d2b52cb2bc6b5100fc6e43c
SHA1 1d395972f99e98b7a9c48c23be5a3006f28fded6
SHA256 1a74efbb420a7aaa27feca5d8a52c580978bcfe5db15b746d488f134f5c61bf3
SHA512 6642e66ec10d2a228db2cb5e0ecbd0d4b16fbe5debcad311b80f7cf7b229d4ecb466bc74af5bbfd1fcbcfd4c330805f72a90cdc22f48d59a385ca634f637d0b1

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll

MD5 43e757bceec2ccabe17a50cab9a7ed28
SHA1 496ad9d83bc36c28cd49f8ff76640bb03dbc45cc
SHA256 4de6d08fa9961eaf30c35e87376ce570ed75991c11b4e716feb32f0b1c23df0b
SHA512 caa7b15be761682a84a132924438a83ebad53642c7248ea5cd577473ebdcef0394cfc18735117f35f61d3b3f5a66636c5790edb1281c5231843b75ba1aa746d1

C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json

MD5 0f899cc39c45d3dcb08f732ff6f3839e
SHA1 d9acb92dd385b83fbd902b356b32a1ff0969661c
SHA256 473644f2ae357b155d050113ddc6ace5f971fa38d769ef724939a415f69a300c
SHA512 b3bcd384527d93084931b668ac27b7fafe51f53b0a489c409016975a9356996010fb31672a1cf459c77e0fd7c3e67c656fb8512097f0893581fd6b2226c0c5e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\28989c86-8208-4761-91d4-a8f073a279a6

MD5 768f1bcba62c11338b13d3a93b1fe171
SHA1 79a2d4a41210422239e50cf71bd9767aa78812e3
SHA256 f4c3fa543c90d2184a21bd55784cf27b7f37e1fb97e89dbfc97da3f089e0f483
SHA512 e78537d674688913a712080278495c8b18f37855e4e0105dde46b13fdd182ffdd41e6531fab64dbdaadea16d7ca65f062448e8290097f6562aab0273d9a2f938

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\83b6b031-008f-4803-a4ed-4a878f3c8714

MD5 53617a16b0ff26b1903b884952c5b7b4
SHA1 a312e31182f59cfa1dafd9780566a60c7b553d00
SHA256 30b84eb4650ed77c8d7962ddbbbe2e5327ee039f3869fb66c5a9cf60a30d9a50
SHA512 1898717ebde4e36ab231acfb510d9406808353dc92c3c3bdde83fed64e65fe6040e1051c77a5af42bc026e6afaec32ad7db20b7298b7f22b53e378492796348f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\db\data.safe.bin

MD5 84f8e60a81311d262ec7dce25a276ab0
SHA1 7dd31cdbddfe3acd5c45f5cab0d320a9fe9d325e
SHA256 b26beb2c0a4c9f485c502544ed7723c6cd8d308793d7dbfa94064bd7a3273fa0
SHA512 941165829028ed535b4261b02eb3bc5e6a7cd4cb5999dd71444b71ae647d9d47d0c6b497e080bb777b32752095c35a81f4f5ee44a756dbab879dd941feafcd24

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\8DD38B1D2E458601D2CA0C084D148B982678448E

MD5 a588c9bfe2852bd79e29e8ed57565b59
SHA1 901869498855d9ec58da7e39fe7e69158a4a8631
SHA256 5840b3ab36d42f5d43d234ea53d891f6bfd51707d605fbdb1ce39fab63d6b701
SHA512 ee8cf63a3cdd5d5f714a9c94ba6a920a577c72c69f5f29f13bb191d6c5f239bd715a572d80e38f51971f5bc3fc9e5803ade8ba17506932b797c5fd5a3a58559f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0c0e55c39853d66decfc8b5f991e7ae2
SHA1 dfd381791180d2b2c8f8e8a61b8adc6d3b632b20
SHA256 0e832416524d0826765b70874b8629b097bc615510ef13608de9246ca3eb77e2
SHA512 f39137e68d80a0a336f5f17ed7597abd3aefbd437d07c333d2a798aa826cc274298596a10fea82c7c7505b21992d1f38ee3df87bf2a7e8e8a452e49f117cc239

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e19c1d4682b18c8611e26e73ad49e493
SHA1 0c962f43d0c8a0ce63361c8ee765bc9681883e89
SHA256 0e3416186b2dd81b5e3a82dd1490b6f2e7fa56a8742fe35d98df6933f3edfba4
SHA512 c27d2705c6795f8205299aaeb78d7e7ea9bb9050802a915fab3ffefae28115dd78f40d8cb44b1866170f1c5d8aca39e9e17014e73aa3d22e111379663fe012ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js

MD5 cffd0924ab1832f0b130c80d845986fd
SHA1 01696a45828dafee36ee3af71ea71acc135d3ce5
SHA256 a43ad22cfa4bb5d5e88655b5ee633d5f848384012524cd7b75915f4e031e55cb
SHA512 e929aa311e306e5118f8f3a9c18299fcbdba89ccf3f31e15a3f358dfd239087b37ff402b54e765c79b67bc16d780389e1c81097566f3fd7182c803ca73485186

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\entries\166F2232D21D568AF4700252B7B75E876BF9C981

MD5 d8e3cc9afffb4b4275f9415a794a8bc9
SHA1 c69b829b47a7c3761efeb8b6c94d81a0692586ef
SHA256 af1ad0a72ec41e8807e30b527749b2c82707c31ecd8fe0d52d9fa60e0a500cae
SHA512 b3c1c65e8381f64aa841aeeeef1c8de110a0c4fd1d57534d79b5ba8422d0a8fe5b97d0eb78ff32741b37e54444862e0239c74523bdecda85204fa232b7ba4283

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\crashes\store.json.mozlz4.tmp

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zk78kq5.default-release\cache2\doomed\22899

MD5 7497aa5d77a7e23f3a2c465de27bb565
SHA1 bba017d2361fc1a5eef9b40431e30306d77a1328
SHA256 0f55cd2b60fb5ce617873a9f4b9fa7d05c9e78930cee6c1efd0ddc72774921d1
SHA512 cbb2e140c5bffd60d351c1ff2ca7311b930074ae25adfd3d5dbf947730af52082ccaf0f481b081165f7f58d72e8e5480fdd9f67ddf92f44b7e354d251a96a959

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7fe8b5e2edaa37c8e8b8031d8ea7e090
SHA1 2f8921d0d4008d48aba644d1057fe998b9954ec0
SHA256 b0043cbb958b08b59bc67bd000a52f8abe8da232d3c4732cabca19d5c489edcf
SHA512 853c211e1b42e1ab1720fca5e68955f04feab0ad009c0c3282a52ff05bf45f7e94e8cd2ec15a07f1d1684056ba1e70328b96e9a3689c33fab0edcc41f761ce72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0346a68c1e3349ac95cb4d6c56ced810
SHA1 d615f7372228b15ce53a1b7252477348040c9e1b
SHA256 86a52d7e3e7eaab9ca98f357fcae6b10e9d7646641f202d95053db603cb9fcfe
SHA512 d760da3fb6e8da228a9646b8a549eedc6a51b7a6c43f0ed311b7441a15bc348defc46d7c1d4c7370240850caa8698ce768a72b972f4f94a66f884457896fdd81

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

MD5 e169b5e95b1d415611e4c4b203712f0b
SHA1 77313b690a4b914b73eac080a89c232a30c22fa9
SHA256 70b94bd860d8826040ca814273ff2644b94ccb68ed962155c76bfb799dd6e00d
SHA512 65e506e557e0a688c5ac01092637c568d0bb0e137f9a66d894dbd2e382811818f7932029a0b4163fdc047f6cce60ba7292c52502681b2d882b780db1ea8998ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 70af8ecd176f0df2bb6f84c67e885939
SHA1 53302a50e20b0c70f3707e4efc06ee941a54f1bd
SHA256 898c204795428dcec290f8e64d1e2932af425ecbfdbee894b1fcc898ef17e431
SHA512 1e0c580292589e6cbe1093c3b11c0a0cad818d0ff6638e9c520f4faeef9898299d1adbedd9bb0121d6cc0d832b90ed7000085a93fcd5bb4a72c363935975aabc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 642b9208b707d23bfdb27d935b9beba3
SHA1 2101692b47ca2592406b5806b33ec2ecebc991b6
SHA256 17f461c810a3f13f2239675db51856885e2a2bfafe2263061d3b8b1e846d3a5b
SHA512 3b1b2855e98eed6b49d08542394ece0606dac3e73f177c4044786dc6a7b423753edb74a2b01a924cf2f30154bffbb3cfc0901cc4cedc5b250c4a9aacf4e5ff9d

C:\Users\Admin\Downloads\Client.--g3ZRVD.Install.win.x64.zip.part

MD5 e0158b549806d194aa8597977a357009
SHA1 02d1af7acd0982f0a0ba14ffce7286db845bfc6d
SHA256 b49aba7cb22f398d666b0582000910c13d7351e6fe9c9eae21cce39a7a5d29d5
SHA512 394e3c6175db5b3c6da270a8ae172e8aa4707ed147f37fad555e2151674c1082f5c293594b1a16f5647c5a6dcbb05f679b2cd2599bb542de3ac5a9d74218f1c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\001e157d-c0b2-4543-93f2-3a40f29c12d3

MD5 e446170e60ab755d5d9cdaf3253423fe
SHA1 be89ecbacf8a41dd65286380cfd6d39c8ddd2e95
SHA256 88fe39e76a01adb645efea73dbfe9dfd039f782d9a3deb76416e6b50ad50de11
SHA512 9badefee8963cb4aaf9ed5fe8e707d6f352db6c36d5fcaa1fdeb39c2c29aa12eb8e721ff57a13d772b8c49cdd76031dd244a8012102509d9fbcc15c37b69c56c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\1ae54a79-f357-4d27-830c-51f3b81eb181

MD5 58deefc4f50767c858b1021c67fe59ba
SHA1 d258f961fec4f6f44ad985d252b36594d4b443bd
SHA256 c5f088a16b01ed45160577ea9431dd1c7cbf03f1963325c8ac66bb20fc3d30e9
SHA512 b96af2a0733fbb54a418e35d38eb6588edcba8dce1abdf1e0a5427c142ed06a3904da83951a1bc9b00565110cbd88a2b895ddff72a82a9ec533bede93065188a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\db\data.safe.bin

MD5 6493b1342a020762672e3c717b8185fd
SHA1 0922eb4ca0d60e696b20639a9a45480b62d6a08f
SHA256 c2fd2dbbf3a24ae1cb1a61da6954817575076941bdd4de6772dfaf0a1c8e6dfd
SHA512 30ac7c58867872bf73db8c81ee4fc159daaef0c65fc4ce4f43f9ebc6f94b24491c6d74f91043ccda82893c7004b339cfbc11394864d5ff7aa2f9b0c056e6032d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 05769328bb028a162c6ce1bcc548897a
SHA1 743aabe6090bf1ade1b49d5aacacdd9dbbffaf05
SHA256 6604a890e7a5fc5c23d59c8a0d988c6822d49fb1d38962a241daae26422b315c
SHA512 c382a2a7f1ee0b7bb49bdc56d00bff27e087b8f4bfb215e86ac2e2e56bb6e872828a0a6e644bece6afe74c3481d6826ba35ec37503e5f6019f57772b94b8e72d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\broadcast-listeners.json.tmp

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

memory/5752-4695-0x0000000000400000-0x0000000000428000-memory.dmp

memory/4284-4703-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4708-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4721-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4728-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4729-0x0000000002270000-0x0000000002271000-memory.dmp

memory/4284-4731-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4733-0x0000000002270000-0x0000000002271000-memory.dmp

memory/4284-4734-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4738-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4741-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4744-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4747-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4750-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4755-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4758-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4760-0x00000000023A0000-0x00000000043A0000-memory.dmp

memory/4284-4761-0x00000000024A0000-0x00000000024A8000-memory.dmp

memory/4284-4762-0x0000000002488000-0x0000000002490000-memory.dmp

memory/4284-4763-0x0000000002438000-0x0000000002440000-memory.dmp

memory/4284-4765-0x0000000002490000-0x0000000002498000-memory.dmp

memory/4284-4764-0x00000000023A0000-0x00000000043A0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 82678367fa4297a26727ccc84e0b2f60
SHA1 0c65ab90390566f7d2f5b4751b9027f6bac1d22a
SHA256 fbf7356b28e05edc871dda40b318b147e6d07ece028da3d67c3cfbd30bfa0f29
SHA512 e5474444eecac25a06fe26a22dce9aa9311740dca264de1c824a36a7bc55216f301e934667fe0b9c3c7b062694f8a37e45ecce6b3889cb33bb47ecb9bd198db5