Analysis Overview
SHA256
2d1307efa269e7f18f1818e672c028c76de3cb3c8ec3cd3c2bf9816bddf1a8de
Threat Level: Likely malicious
The file Styx Client Latest.dll was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Themida packer
Loads dropped DLL
Modifies file permissions
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Detected potential entity reuse from brand microsoft.
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Uses Task Scheduler COM API
NTFS ADS
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies registry class
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-04 02:39
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-04 02:39
Reported
2024-05-04 02:55
Platform
win10-20240404-en
Max time kernel
920s
Max time network
875s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\SKlauncher-3.2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation | C:\Windows\SYSTEM32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\SKlauncher-3.2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation | C:\Windows\SYSTEM32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\plugin-container.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\plugin-container.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\plugin-container.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\plugin-container.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\system32\SearchIndexer.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\netrasa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\netsstpa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Mfg | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d75c3648ce9dda01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice\Hash = "XloccveKy4k=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice\Hash = "Ic2WjTjhAPo=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice\Hash = "XRrqw2b8yJ8=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice\Hash = "0/XC9kmCGRI=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.crw = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000631eca42ce9dda01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice\Hash = "q+XwNltmszk=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jpg = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jpeg = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.bmp = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.cr2 = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.mp3 = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice\Hash = "GW4N77EiL3s=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice\Hash = "JS+FGoXvaCU=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000024ff1e44ce9dda01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.MOD = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice\Hash = "6mHckVCEABg=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice\Hash = "j/tsYAYZGa4=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice\Hash = "wCZ7VtG/eZ4=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice\Hash = "B66vHGrjmZM=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Windows\system32\svchost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4856d724ce9dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.msn.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5a04a42ace9dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomai = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\discord.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "122" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c01c476acd9dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\SKlauncher-3.2.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\SpotifySetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Styx Client Latest.dll",#1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.0.887999712\4506403" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1668 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {973c0e19-468f-4676-a9bc-9a7e3cf7dc30} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 1764 110bd7cb458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.1.446050010\874815219" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cdcb06f-ad29-4352-aaea-30588d917ee4} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 2120 110bd13e058 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.2.1730042422\478737894" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2700 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca3adf41-11dd-4081-86db-3f012e2dd24e} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 2872 110c16c9b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.3.1237374397\336167953" -childID 2 -isForBrowser -prefsHandle 3416 -prefMapHandle 3412 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70f24b6b-1cc3-4684-a48c-4234f10f1995} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 3440 110bffad058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.4.1307325138\1903305291" -childID 3 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3ea410e-b63b-4783-88b5-d4cc2a6295a0} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4044 110c2d67358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.5.2137342071\346219502" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2e490e6-e1bf-4504-9b89-71c9ec27574d} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4828 110c3e90b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.6.1978944985\1706004815" -childID 5 -isForBrowser -prefsHandle 5008 -prefMapHandle 5012 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4551e302-0f90-48ef-a9ff-a16fa5980735} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5000 110c3e90258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.7.1661281400\290559133" -childID 6 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c286bc1-11f6-4112-8373-4d1d4515b70a} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5184 110c3e91d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.8.1294526182\1450361678" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5616 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a690a82-b350-4099-8538-fbdf0ec4b531} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5608 110c4d47858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.9.1108011127\1032360864" -childID 8 -isForBrowser -prefsHandle 3780 -prefMapHandle 3776 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {456f2dcf-4a7e-4d90-b771-95064cd7026f} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 3736 110c4cd8558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.10.1684406509\1525640244" -childID 9 -isForBrowser -prefsHandle 4404 -prefMapHandle 4464 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd05fbdc-716e-4f01-a1fa-18d9ed958f57} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4372 110c652ca58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.11.2086820277\1980549273" -childID 10 -isForBrowser -prefsHandle 9808 -prefMapHandle 9800 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64cc2019-a515-411d-bda7-33184f58c6ae} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9820 110c6e8ca58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.12.1862435797\700863164" -childID 11 -isForBrowser -prefsHandle 9656 -prefMapHandle 9668 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a93652e-333f-46be-9bc4-34a17611aee0} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9620 110c680ee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.13.600509945\1384528513" -childID 12 -isForBrowser -prefsHandle 9432 -prefMapHandle 9436 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a61f0e25-33bd-40c0-88cc-f97293089635} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9424 110c6810658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.14.1263421710\1911442167" -childID 13 -isForBrowser -prefsHandle 9284 -prefMapHandle 9280 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2a52eff-ff29-404c-814e-418e522610e4} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9292 110c6810958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.15.544954875\1219671556" -parentBuildID 20221007134813 -prefsHandle 9220 -prefMapHandle 9052 -prefsLen 26795 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8b4fc45-1b46-48eb-9ba7-632d633f8704} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4944 110c7947a58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.16.1274785811\1815818950" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8972 -prefMapHandle 8976 -prefsLen 26795 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eda52076-04a6-4806-b7ae-a0da571dc4c9} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 8964 110c7949858 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.17.1855343261\663382790" -childID 14 -isForBrowser -prefsHandle 9036 -prefMapHandle 9668 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e3d16fd-1c4c-4aa1-9931-866f5d81a513} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5228 110c4dcb558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.18.1285229568\462011077" -childID 15 -isForBrowser -prefsHandle 9764 -prefMapHandle 9760 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c7e00a0-6ed6-4240-b196-bd89ac92fe38} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9320 110c6810058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.19.1976157023\85722970" -childID 16 -isForBrowser -prefsHandle 9724 -prefMapHandle 9752 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd11a12a-f722-4785-8a98-d700f64bd65e} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9728 110c785ae58 tab
C:\Users\Admin\Downloads\SKlauncher-3.2.exe
"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"
\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
C:\Windows\SYSTEM32\reg.exe
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
C:\Windows\SYSTEM32\rundll32.exe
rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j1321171856815587400.tmp
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\SKlauncher-3.2.exe
"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j5437175824312600673.tmp
C:\Users\Admin\Downloads\SKlauncher-3.2.exe
"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"
C:\Windows\SYSTEM32\reg.exe
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.0.310734679\261061867" -parentBuildID 20221007134813 -prefsHandle 1552 -prefMapHandle 1544 -prefsLen 21163 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c42c6795-e115-46eb-9234-a269b21a4725} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 1644 228d4dea658 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.1.999463985\584035123" -parentBuildID 20221007134813 -prefsHandle 1984 -prefMapHandle 1980 -prefsLen 21208 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1bbd1ec-4e26-4956-9f7e-3caad0320ca9} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2016 228c9edeb58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.2.644084541\1739429455" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2588 -prefsLen 21669 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c82a400-6680-4730-8df2-a543b93e6a01} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2744 228d894a858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.3.547506423\1670157360" -childID 2 -isForBrowser -prefsHandle 3292 -prefMapHandle 3288 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b00cd98e-c7ec-46ff-858f-1e53cf9c285b} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 3300 228c9e2db58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.4.1609226245\429034330" -childID 3 -isForBrowser -prefsHandle 4260 -prefMapHandle 3068 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d9eb0e-006a-4a86-92c4-a086b857ada0} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4272 228d9a68b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.5.1164091640\762926058" -childID 4 -isForBrowser -prefsHandle 4616 -prefMapHandle 4604 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e23c6852-a27e-441d-91ac-7f4c7d84ee0e} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4628 228db55ab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.6.331032107\10059452" -childID 5 -isForBrowser -prefsHandle 4584 -prefMapHandle 4484 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dd9139a-b1d4-4001-8a2a-7080867da6b0} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4796 228c9e61658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.7.1947744249\1925958596" -childID 6 -isForBrowser -prefsHandle 4076 -prefMapHandle 4952 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e37be63a-f43a-4332-8033-cc5ed3756876} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4968 228dbfc8558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.8.181608869\1441843822" -childID 7 -isForBrowser -prefsHandle 4484 -prefMapHandle 4776 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51b4bbcf-75ab-4f08-a7ea-f4d3c84a2734} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4368 228dbfc8858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.9.430830265\1510079521" -childID 8 -isForBrowser -prefsHandle 5152 -prefMapHandle 4360 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {982d0d4e-6f0e-4d97-986e-54be2f9dd784} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5320 228d500f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.10.850578388\1594658401" -childID 9 -isForBrowser -prefsHandle 4808 -prefMapHandle 4604 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20078405-df0f-4577-908b-2920fc9cf05d} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4888 228c9e66b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.11.92302279\621752347" -childID 10 -isForBrowser -prefsHandle 5644 -prefMapHandle 5752 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85b15e4e-90a0-4e8c-a3ad-74923f90b1c6} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4740 228de136858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.12.1762295337\1763708352" -childID 11 -isForBrowser -prefsHandle 6676 -prefMapHandle 6680 -prefsLen 27278 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {644539db-f181-441f-973f-3f8a23d9ec64} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 6688 228d9944058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.13.1448508076\1789163842" -parentBuildID 20221007134813 -prefsHandle 5912 -prefMapHandle 9780 -prefsLen 27549 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {721358c6-c7e8-4d69-8833-9be1d25a3add} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5940 228dcdae058 rdd
C:\Program Files\Mozilla Firefox\plugin-container.exe
"C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel="3384.14.1821759852\1634228517" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0" -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb19ae84-9c79-4686-91b1-07933724d733} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9796 228de11a258 gmplugin
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.15.2097297651\2122868500" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9376 -prefMapHandle 9380 -prefsLen 27592 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecb2a4b1-dac3-44a4-8177-ca9a193fd466} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9368 228dbfc7f58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.16.966661437\2128033485" -childID 12 -isForBrowser -prefsHandle 9732 -prefMapHandle 5468 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09ba4202-d712-477a-9aac-040b8cc9ae08} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9180 228d5f36458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.17.444572219\2089001540" -childID 13 -isForBrowser -prefsHandle 5668 -prefMapHandle 4856 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {880e36f0-8b8a-4273-b574-3c9fb1a49901} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4712 228dd51a658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.18.572836789\1815724653" -childID 14 -isForBrowser -prefsHandle 4804 -prefMapHandle 4280 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48fdae18-0929-44ba-94d8-ff5055eaa871} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5148 228ddc5ad58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.19.1949508474\1485909952" -childID 15 -isForBrowser -prefsHandle 9328 -prefMapHandle 4728 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8006380-fd52-4426-abbc-4abeb8625e07} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2700 228d7989958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.20.1253596689\1815879573" -childID 16 -isForBrowser -prefsHandle 8932 -prefMapHandle 8924 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e9f78c-fa70-4594-8da6-135708d49844} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 6568 228dcdace58 tab
C:\Users\Admin\Downloads\SpotifySetup.exe
"C:\Users\Admin\Downloads\SpotifySetup.exe"
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe -XshowSettings:properties -version
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe -Xdiag -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=16M -Djava.net.preferIPv4Stack=true -Xmx4096m -javaagent:C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar -DMcEmu=net.minecraft.client.main.Main -Dlog4j2.formatMsgNoLookups=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.jndi.rmi.object.trustURLCodebase=false -Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Dminecraft.launcher.brand=java-minecraft-launcher -Dminecraft.launcher.version=1.6.93 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.2.9\brigadier-1.2.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\7.0.14\datafixerupper-7.0.14.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6.jar net.minecraft.client.main.Main --username aidswalking --version 1.20.6 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 16 --uuid 2fdd2deb1aac362294e5f7983ce027d1 --accessToken 8cb5ad04f9f04b2abcbe3775a0ca1aee --clientId 0 --xuid 0 --userType msa --versionType release
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
SpWebInst0.exe /webinstall
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Spotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.0.126913019\354562248" -parentBuildID 20221007134813 -prefsHandle 1584 -prefMapHandle 1576 -prefsLen 21530 -prefMapSize 233967 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0fd53f0-ac14-4e97-892d-05c1b1719b99} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 1664 24819dfd258 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.1.75264054\35064039" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 21575 -prefMapSize 233967 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8fac820-7d65-48c7-a5a1-fb5f1021b5cb} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 2004 24819a38b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.2.1828580436\1153027785" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2676 -prefsLen 22036 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a025ec0a-04c0-473f-af60-0106bbdcaa2e} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 2692 2481da95f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.3.1619355321\77165057" -childID 2 -isForBrowser -prefsHandle 3320 -prefMapHandle 3332 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25c98c3a-bbb6-4dc7-b458-2e6a6e41bcf2} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 3340 2481eaf1358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.4.2083619640\1980051544" -childID 3 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {127d64ef-523a-4a3e-a60c-cead13d73215} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 3764 2481f577b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.5.2026837024\1053859198" -childID 4 -isForBrowser -prefsHandle 4676 -prefMapHandle 4672 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1bbfaed-7f08-4057-9869-0700ad381ced} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4656 248203a0558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.6.1699818969\1031350807" -childID 5 -isForBrowser -prefsHandle 4856 -prefMapHandle 4864 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d577b92-2589-4549-9ceb-dc964d4b2fca} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4976 24820f3f758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.7.1816067351\775385385" -childID 6 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47b3398d-1a5f-4ce0-8bd7-5e5f36b0e6ea} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4996 24820f81058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.8.106995842\1026413713" -childID 7 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d0ae3f2-b839-4c1f-b51e-cccb1a7b6c2a} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5392 24821074f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.9.69263752\298070589" -childID 8 -isForBrowser -prefsHandle 5420 -prefMapHandle 5552 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27e260fe-1f61-43ce-b2a2-7330da89531e} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5616 24820fb7b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.10.915848417\1108271500" -childID 9 -isForBrowser -prefsHandle 5860 -prefMapHandle 5812 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb184e33-a1c0-48ad-899c-6fa5cafaa3d0} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5292 24822485258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.11.227735943\385685535" -childID 10 -isForBrowser -prefsHandle 6056 -prefMapHandle 5392 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b55fe9c-bd5c-47f6-818e-e398927435f7} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5276 24822d7d158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.12.512288319\1136000791" -childID 11 -isForBrowser -prefsHandle 4364 -prefMapHandle 5780 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dedd343a-dd15-45c3-bc76-74caa1003074} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4360 2482247a858 tab
C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"
C:\Users\Admin\AppData\Local\Temp\jds241363312.tmp\jre-8u411-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jds241363312.tmp\jre-8u411-windows-x64.exe"
C:\Windows\SYSTEM32\rundll32.exe
rundll32.exe url.dll,FileProtocolHandler https://discord.gg/BdCcpDZ
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 688 692 700 8192 696
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe -Xdiag -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=16M -Djava.net.preferIPv4Stack=true -Xmx4096m -javaagent:C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar -DMcEmu=net.minecraft.client.main.Main -Dlog4j2.formatMsgNoLookups=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.jndi.rmi.object.trustURLCodebase=false -Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Dminecraft.launcher.brand=java-minecraft-launcher -Dminecraft.launcher.version=1.6.93 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.2.9\brigadier-1.2.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\7.0.14\datafixerupper-7.0.14.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6.jar net.minecraft.client.main.Main --username aidswalking --version 1.20.6 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 16 --uuid 2fdd2deb1aac362294e5f7983ce027d1 --accessToken 8cb5ad04f9f04b2abcbe3775a0ca1aee --clientId 0 --xuid 0 --userType msa --versionType release
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j6596417278842007051.tmp
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 44.233.67.78:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49771 | tcp | |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 78.67.233.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:49777 | tcp | |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | skmedix.pl | udp |
| US | 172.67.199.2:443 | skmedix.pl | tcp |
| US | 8.8.8.8:53 | skmedix.pl | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | skmedix.pl | udp |
| US | 172.67.199.2:443 | skmedix.pl | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | rsms.me | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.21.234.234:443 | rsms.me | tcp |
| US | 8.8.8.8:53 | rsms.me | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | rsms.me | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.21.234.234:443 | rsms.me | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | status.skmedix.pl | udp |
| US | 104.21.234.234:443 | rsms.me | tcp |
| US | 104.21.234.234:443 | rsms.me | tcp |
| US | 104.21.234.234:443 | rsms.me | tcp |
| US | 104.21.234.234:443 | rsms.me | tcp |
| DE | 142.132.140.101:443 | status.skmedix.pl | tcp |
| US | 8.8.8.8:53 | statuspage.betteruptime.com | udp |
| US | 8.8.8.8:53 | statuspage.betteruptime.com | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.140.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 232.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 156.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | p4-coduhnw4ycgzi-v2ln4xia753rm7nu-if-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | p4-coduhnw4ycgzi-v2ln4xia753rm7nu-if-v6exp3-v4.metric.gstatic.com | udp |
| GB | 216.58.213.3:443 | p4-coduhnw4ycgzi-v2ln4xia753rm7nu-if-v6exp3-v4.metric.gstatic.com | tcp |
| US | 8.8.8.8:53 | p4-coduhnw4ycgzi-v2ln4xia753rm7nu-if-v6exp3-v4.metric.gstatic.com | udp |
| GB | 216.58.213.3:443 | p4-coduhnw4ycgzi-v2ln4xia753rm7nu-if-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| NL | 142.250.147.120:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | rr5---sn-aigl6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| GB | 74.125.175.106:443 | rr5---sn-aigl6nzk.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-aigl6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-aigl6nzk.googlevideo.com | udp |
| NL | 142.250.147.120:443 | csi.gstatic.com | udp |
| GB | 74.125.175.106:443 | rr5.sn-aigl6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | 120.147.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.175.125.74.in-addr.arpa | udp |
| US | 104.21.234.234:443 | rsms.me | udp |
| US | 8.8.8.8:53 | files.skmedix.pl | udp |
| US | 104.21.50.12:443 | files.skmedix.pl | tcp |
| US | 8.8.8.8:53 | 12.50.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launchermeta.mojang.com | udp |
| US | 13.107.246.64:443 | launchermeta.mojang.com | tcp |
| US | 8.8.8.8:53 | piston-meta.mojang.com | udp |
| US | 13.107.246.64:443 | piston-meta.mojang.com | tcp |
| US | 8.8.8.8:53 | resources.download.minecraft.net | udp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 8.8.8.8:53 | libraries.minecraft.net | udp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 8.8.8.8:53 | sessionserver.skmedix.pl | udp |
| US | 104.21.50.12:443 | sessionserver.skmedix.pl | tcp |
| US | 8.8.8.8:53 | textures.skmedix.pl | udp |
| US | 104.21.50.12:443 | textures.skmedix.pl | tcp |
| US | 8.8.8.8:53 | beta.skmedix.pl | udp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | meta.skmedix.pl | udp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 104.21.234.234:443 | rsms.me | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | launchercontent.mojang.com | udp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| N/A | 127.0.0.1:51878 | tcp | |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.221.229.192.in-addr.arpa | udp |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 52.168.117.174:443 | browser.events.data.microsoft.com | tcp |
| US | 52.168.117.174:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | api.mojang.com | udp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 8.8.8.8:53 | sessionserver.mojang.com | udp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | launchermeta.mojang.com | udp |
| US | 13.107.246.64:443 | launchermeta.mojang.com | tcp |
| US | 8.8.8.8:53 | piston-meta.mojang.com | udp |
| US | 13.107.246.64:443 | piston-meta.mojang.com | tcp |
| US | 8.8.8.8:53 | resources.download.minecraft.net | udp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 8.8.8.8:53 | libraries.minecraft.net | udp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 104.21.50.12:443 | meta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.21.234.234:443 | rsms.me | tcp |
| US | 8.8.8.8:53 | api.mojang.com | udp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 8.8.8.8:53 | launchercontent.mojang.com | udp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | sessionserver.mojang.com | udp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 8.8.8.8:53 | piston-data.mojang.com | udp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| N/A | 127.0.0.1:55022 | tcp | |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | resources.download.minecraft.net | udp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 173.194.219.94:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 173.194.219.94:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 94.219.194.173.in-addr.arpa | udp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 8.8.8.8:53 | locate.measurementlab.net | udp |
| GB | 142.250.178.19:443 | locate.measurementlab.net | tcp |
| US | 8.8.8.8:53 | ghs.googlehosted.com | udp |
| US | 8.8.8.8:53 | ghs.googlehosted.com | udp |
| US | 8.8.8.8:53 | 19.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ndt-mlab1-lhr10.mlab-oti.measurement-lab.org | udp |
| GB | 34.147.202.50:443 | ndt-mlab1-lhr10.mlab-oti.measurement-lab.org | tcp |
| US | 8.8.8.8:53 | ndt-mlab1-lhr10.mlab-oti.measurement-lab.org | udp |
| US | 8.8.8.8:53 | ndt-mlab1-lhr10.mlab-oti.measurement-lab.org | udp |
| US | 8.8.8.8:53 | 50.202.147.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | open.spotify.com | udp |
| US | 151.101.3.42:443 | open.spotify.com | tcp |
| US | 8.8.8.8:53 | atc.spotify.map.fastly.net | udp |
| US | 8.8.8.8:53 | atc.spotify.map.fastly.net | udp |
| US | 8.8.8.8:53 | encore.scdn.co | udp |
| US | 8.8.8.8:53 | open.spotifycdn.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| BE | 23.14.90.106:443 | encore.scdn.co | tcp |
| BE | 23.14.90.106:443 | encore.scdn.co | tcp |
| BE | 23.14.90.106:443 | encore.scdn.co | tcp |
| BE | 23.14.90.106:443 | encore.scdn.co | tcp |
| US | 8.8.8.8:53 | a1520.dscc.akamai.net | udp |
| GB | 151.101.62.251:443 | open.spotifycdn.com | tcp |
| GB | 151.101.62.251:443 | open.spotifycdn.com | tcp |
| GB | 151.101.62.251:443 | open.spotifycdn.com | tcp |
| GB | 151.101.62.251:443 | open.spotifycdn.com | tcp |
| GB | 151.101.62.251:443 | open.spotifycdn.com | tcp |
| US | 8.8.8.8:53 | tls130rtt.spotifycdn.map.fastly.net | udp |
| GB | 151.101.62.251:443 | tls130rtt.spotifycdn.map.fastly.net | tcp |
| GB | 151.101.62.251:443 | tls130rtt.spotifycdn.map.fastly.net | tcp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | a1520.dscc.akamai.net | udp |
| US | 8.8.8.8:53 | tls130rtt.spotifycdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 151.101.62.251:443 | tls130rtt.spotifycdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | 42.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.62.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | udp |
| N/A | 127.0.0.1:55379 | tcp | |
| US | 8.8.8.8:53 | o22381.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | apresolve.spotify.com | udp |
| US | 34.120.195.249:443 | o22381.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | o22381.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | o22381.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | apresolve.spotify.com | udp |
| US | 35.186.224.25:443 | apresolve.spotify.com | tcp |
| US | 35.186.224.25:443 | apresolve.spotify.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 34.120.195.249:443 | o22381.ingest.sentry.io | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 35.186.224.25:443 | apresolve.spotify.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.224.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | open.spotify.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | www.spotify.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | clienttoken.spotify.com | udp |
| US | 8.8.8.8:53 | edge-web.dual-gslb.spotify.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 35.186.224.25:443 | edge-web.dual-gslb.spotify.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 35.186.224.25:443 | edge-web.dual-gslb.spotify.com | tcp |
| US | 35.186.224.25:443 | edge-web.dual-gslb.spotify.com | tcp |
| US | 35.186.224.25:443 | edge-web.dual-gslb.spotify.com | udp |
| US | 35.186.224.25:443 | edge-web.dual-gslb.spotify.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | edge-web.dual-gslb.spotify.com | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | spclient.wg.spotify.com | udp |
| US | 8.8.8.8:53 | api-partner.spotify.com | udp |
| US | 35.186.224.25:443 | api-partner.spotify.com | tcp |
| US | 35.186.224.25:443 | api-partner.spotify.com | tcp |
| US | 35.186.224.25:443 | api-partner.spotify.com | tcp |
| US | 35.186.224.25:443 | api-partner.spotify.com | tcp |
| US | 35.186.224.25:443 | api-partner.spotify.com | tcp |
| US | 35.186.224.25:443 | api-partner.spotify.com | udp |
| US | 35.186.224.25:443 | api-partner.spotify.com | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.scdn.co | udp |
| BE | 23.14.90.83:443 | i.scdn.co | tcp |
| BE | 23.14.90.83:443 | i.scdn.co | tcp |
| BE | 23.14.90.83:443 | i.scdn.co | tcp |
| BE | 23.14.90.83:443 | i.scdn.co | tcp |
| BE | 23.14.90.83:443 | i.scdn.co | tcp |
| BE | 23.14.90.83:443 | i.scdn.co | tcp |
| US | 8.8.8.8:53 | seeded-session-images.scdn.co | udp |
| GB | 151.101.62.248:443 | seeded-session-images.scdn.co | tcp |
| GB | 151.101.62.248:443 | seeded-session-images.scdn.co | tcp |
| US | 8.8.8.8:53 | scdnco.spotify.map.fastly.net | udp |
| GB | 151.101.62.248:443 | scdnco.spotify.map.fastly.net | tcp |
| GB | 151.101.62.248:443 | scdnco.spotify.map.fastly.net | tcp |
| US | 8.8.8.8:53 | scdnco.spotify.map.fastly.net | udp |
| US | 8.8.8.8:53 | charts-images.scdn.co | udp |
| GB | 151.101.62.248:443 | charts-images.scdn.co | tcp |
| GB | 151.101.62.248:443 | charts-images.scdn.co | tcp |
| GB | 151.101.62.248:443 | charts-images.scdn.co | tcp |
| GB | 151.101.62.248:443 | charts-images.scdn.co | tcp |
| US | 8.8.8.8:53 | 83.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.62.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gew1-spclient.spotify.com | udp |
| US | 35.186.224.18:443 | gew1-spclient.spotify.com | tcp |
| US | 35.186.224.18:443 | gew1-spclient.spotify.com | tcp |
| US | 35.186.224.18:443 | gew1-spclient.spotify.com | tcp |
| US | 8.8.8.8:53 | edge-web-gew1.dual-gslb.spotify.com | udp |
| US | 35.186.224.18:443 | edge-web-gew1.dual-gslb.spotify.com | tcp |
| US | 8.8.8.8:53 | edge-web-gew1.dual-gslb.spotify.com | udp |
| US | 35.186.224.18:443 | edge-web-gew1.dual-gslb.spotify.com | udp |
| US | 8.8.8.8:53 | 18.224.186.35.in-addr.arpa | udp |
| US | 35.186.224.25:443 | api-partner.spotify.com | udp |
| US | 8.8.8.8:53 | web-sdk-assets.spotifycdn.com | udp |
| GB | 151.101.62.250:443 | web-sdk-assets.spotifycdn.com | tcp |
| GB | 151.101.62.250:443 | web-sdk-assets.spotifycdn.com | tcp |
| US | 8.8.8.8:53 | tls13.spotifycdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | tls13.spotifycdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | 250.62.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-web-gew1.dual-gslb.spotify.com | udp |
| US | 35.186.224.18:443 | edge-web-gew1.dual-gslb.spotify.com | udp |
| US | 8.8.8.8:53 | pixel-static.spotify.com | udp |
| US | 8.8.8.8:53 | s.pinimg.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | www.fastly-insights.com | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 35.186.224.25:443 | pixel-static.spotify.com | tcp |
| GB | 18.165.201.58:443 | sb.scorecardresearch.com | tcp |
| BE | 23.55.96.209:443 | s.pinimg.com | tcp |
| US | 151.101.2.91:443 | www.fastly-insights.com | tcp |
| US | 104.18.32.137:443 | privacyportal-de.onetrust.com | tcp |
| US | 104.18.32.137:443 | privacyportal-de.onetrust.com | tcp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | e6449.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | h1.fastlyanalytics.map.fastly.net | udp |
| US | 35.186.224.25:443 | pixel-static.spotify.com | udp |
| US | 8.8.8.8:53 | e6449.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | h1.fastlyanalytics.map.fastly.net | udp |
| US | 8.8.8.8:53 | pixel.spotify.com | udp |
| US | 8.8.8.8:53 | platform.twitter.map.fastly.net | udp |
| US | 8.8.8.8:53 | platform.twitter.map.fastly.net | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 35.186.224.25:443 | pixel.spotify.com | tcp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 35.186.224.25:443 | pixel.spotify.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | spotify.demdex.net | udp |
| US | 8.8.8.8:53 | fastly-insights.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 151.101.2.91:443 | fastly-insights.com | tcp |
| US | 8.8.8.8:53 | fastly-insights.com | udp |
| BE | 23.55.96.209:443 | e6449.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| GB | 199.232.56.157:443 | platform.twitter.map.fastly.net | tcp |
| IE | 34.246.26.134:443 | spotify.demdex.net | tcp |
| US | 8.8.8.8:53 | ct.pinterest.com | udp |
| US | 8.8.8.8:53 | any-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | any-v4.pops.fastly-insights.com | udp |
| US | 151.101.66.91:443 | any-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | any-v4.pops.fastly-insights.com | udp |
| US | 151.101.0.84:443 | ct.pinterest.com | tcp |
| US | 151.101.0.84:443 | ct.pinterest.com | tcp |
| US | 8.8.8.8:53 | prod.pinterest.global.map.fastly.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | prod.pinterest.global.map.fastly.net | udp |
| US | 151.101.0.84:443 | prod.pinterest.global.map.fastly.net | udp |
| US | 8.8.8.8:53 | 58.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.96.55.23.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 91.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.26.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 8.8.8.8:53 | e4b41b9f-a266-4022-876f-a8bfe65ae761.eu.u.fastly-insights.com | udp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | s.twitter.com | udp |
| US | 151.101.194.91:443 | e4b41b9f-a266-4022-876f-a8bfe65ae761.eu.u.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | e4b41b9f-a266-4022-876f-a8bfe65ae761.eu.u.fastly-insights.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | s.twitter.com | udp |
| US | 8.8.8.8:53 | e4b41b9f-a266-4022-876f-a8bfe65ae761.eu.u.fastly-insights.com | udp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | concerts.spotifycdn.com | udp |
| US | 8.8.8.8:53 | t.scdn.co | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 146.75.74.250:443 | concerts.spotifycdn.com | tcp |
| GB | 151.101.62.248:443 | t.scdn.co | tcp |
| US | 8.8.8.8:53 | scdnco.spotify.map.fastly.net | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | astral-v4.pops.fastly-insights.com | udp |
| US | 151.101.2.91:443 | astral-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | yyc-v4.pops.fastly-insights.com | udp |
| US | 104.244.42.131:443 | s.twitter.com | tcp |
| CA | 146.75.110.91:443 | yyc-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | yyc-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | yyc-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | 131.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.110.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lfpg-v4.pops.fastly-insights.com | udp |
| FR | 199.232.170.91:443 | lfpg-v4.pops.fastly-insights.com | tcp |
| US | 34.120.195.249:443 | o22381.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | lfpg-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | lon-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | lfpg-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | lon-v4.pops.fastly-insights.com | udp |
| GB | 199.232.58.91:443 | lon-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | lon-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | iah-v4.pops.fastly-insights.com | udp |
| US | 151.101.182.91:443 | iah-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | iah-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | iah-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | 91.170.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.58.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.182.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thisis-images.spotifycdn.com | udp |
| BE | 23.14.90.106:443 | thisis-images.spotifycdn.com | tcp |
| US | 8.8.8.8:53 | seed-mix-image.spotifycdn.com | udp |
| US | 8.8.8.8:53 | i2o.scdn.co | udp |
| GB | 151.101.62.250:443 | seed-mix-image.spotifycdn.com | tcp |
| GB | 146.75.74.248:443 | i2o.scdn.co | tcp |
| GB | 146.75.74.248:443 | i2o.scdn.co | tcp |
| US | 8.8.8.8:53 | scdnco.spotify.map.fastly.net | udp |
| GB | 151.101.62.248:443 | scdnco.spotify.map.fastly.net | tcp |
| GB | 151.101.62.248:443 | scdnco.spotify.map.fastly.net | tcp |
| US | 8.8.8.8:53 | image-cdn-ak.spotifycdn.com | udp |
| US | 8.8.8.8:53 | cph-v4.pops.fastly-insights.com | udp |
| BE | 23.14.90.106:443 | image-cdn-ak.spotifycdn.com | tcp |
| US | 8.8.8.8:53 | cph-v4.pops.fastly-insights.com | udp |
| DK | 199.232.42.91:443 | cph-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | mosaic.scdn.co | udp |
| US | 8.8.8.8:53 | 248.74.75.146.in-addr.arpa | udp |
| GB | 146.75.74.248:443 | mosaic.scdn.co | tcp |
| GB | 146.75.74.248:443 | mosaic.scdn.co | tcp |
| DK | 199.232.42.91:443 | cph-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | scontent-bru2-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent-bru2-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | lin-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | scontent-bru2-1.xx.fbcdn.net | udp |
| IT | 146.75.54.91:443 | lin-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | lin-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | lin-v4.pops.fastly-insights.com | udp |
| BE | 179.60.195.12:443 | scontent-bru2-1.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 91.42.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.54.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | itm-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | cph-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | itm-v4.pops.fastly-insights.com | udp |
| JP | 151.101.90.91:443 | itm-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | itm-v4.pops.fastly-insights.com | udp |
| BE | 179.60.195.12:443 | scontent-bru2-1.xx.fbcdn.net | udp |
| JP | 151.101.90.91:443 | itm-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | 12.195.60.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a1520.dscc.akamai.net | udp |
| US | 8.8.8.8:53 | a1520.dscc.akamai.net | udp |
| US | 8.8.8.8:53 | for-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | for-v4.pops.fastly-insights.com | udp |
| BR | 146.75.6.91:443 | for-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | for-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | 91.6.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | scdnco.spotify.map.fastly.net | udp |
| US | 8.8.8.8:53 | platform-lookaside.fbsbx.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mosaic.scdn.co | udp |
| US | 8.8.8.8:53 | edge-web.dual-gslb.spotify.com | udp |
| US | 8.8.8.8:53 | edge-web-gew1.dual-gslb.spotify.com | udp |
| US | 8.8.8.8:53 | open.spotifycdn.com | udp |
| US | 8.8.8.8:53 | tls130rtt.spotifycdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | tls130rtt.spotifycdn.map.fastly.net | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | www-growth.scdn.co | udp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | get.microsoft.com | udp |
| GB | 146.75.74.248:443 | www-growth.scdn.co | tcp |
| GB | 146.75.74.248:443 | www-growth.scdn.co | tcp |
| GB | 146.75.74.248:443 | www-growth.scdn.co | tcp |
| GB | 146.75.74.248:443 | www-growth.scdn.co | tcp |
| GB | 146.75.74.248:443 | www-growth.scdn.co | tcp |
| GB | 146.75.74.248:443 | www-growth.scdn.co | tcp |
| US | 8.8.8.8:53 | scdnco.spotify.map.fastly.net | udp |
| US | 13.107.246.64:443 | get.microsoft.com | tcp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | encore.scdn.co | udp |
| US | 13.107.246.64:443 | part-0036.t-0009.t-msedge.net | tcp |
| US | 13.107.246.64:443 | part-0036.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | www.scdn.co | udp |
| US | 8.8.8.8:53 | pixel-static.spotify.com | udp |
| US | 8.8.8.8:53 | scdnco.spotify.map.fastly.net | udp |
| GB | 146.75.74.248:443 | scdnco.spotify.map.fastly.net | tcp |
| US | 8.8.8.8:53 | sc-static.net | udp |
| US | 8.8.8.8:53 | sp.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | sc-static.net | udp |
| GB | 99.84.8.252:443 | sc-static.net | tcp |
| US | 8.8.8.8:53 | spdc-global.pbp.gysm.yahoodns.net | udp |
| US | 8.8.8.8:53 | t.contentsquare.net | udp |
| US | 8.8.8.8:53 | sc-static.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | js.adsrvr.org | udp |
| US | 8.8.8.8:53 | cdn.branch.io | udp |
| US | 8.8.8.8:53 | 4721227.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | spdc-global.pbp.gysm.yahoodns.net | udp |
| US | 8.8.8.8:53 | dg2iu7dxxehbo.cloudfront.net | udp |
| GB | 18.164.70.100:443 | dg2iu7dxxehbo.cloudfront.net | tcp |
| GB | 13.224.132.80:443 | t.contentsquare.net | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| GB | 142.250.179.230:443 | 4721227.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cdn.branch.io | udp |
| US | 8.8.8.8:53 | t.contentsquare.net | udp |
| US | 8.8.8.8:53 | cdn.branch.io | udp |
| US | 8.8.8.8:53 | t.contentsquare.net | udp |
| US | 8.8.8.8:53 | cs41.wac.edgecastcdn.net | udp |
| US | 8.8.8.8:53 | tr.snapchat.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cs41.wac.edgecastcdn.net | udp |
| US | 8.8.8.8:53 | spotify.demdex.net | udp |
| US | 35.190.43.134:443 | tr.snapchat.com | tcp |
| US | 35.190.43.134:443 | tr.snapchat.com | tcp |
| US | 35.190.43.134:443 | tr.snapchat.com | tcp |
| GB | 13.224.132.80:443 | t.contentsquare.net | udp |
| US | 35.190.43.134:443 | tr.snapchat.com | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | gcp.api.sc-gw.com | udp |
| US | 8.8.8.8:53 | insight.adsrvr.org | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.70.164.18.in-addr.arpa | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 252.8.84.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.43.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | gcp.api.sc-gw.com | udp |
| US | 8.8.8.8:53 | insight.adsrvr.org | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | insight.adsrvr.org | udp |
| US | 52.223.40.198:443 | insight.adsrvr.org | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tr6.snapchat.com | udp |
| US | 8.8.8.8:53 | usc1-gcp-v61.api.sc-gw.com | udp |
| US | 35.190.43.134:443 | usc1-gcp-v61.api.sc-gw.com | tcp |
| US | 8.8.8.8:53 | usc1-gcp-v61.api.sc-gw.com | udp |
| US | 35.190.43.134:443 | usc1-gcp-v61.api.sc-gw.com | udp |
| US | 8.8.8.8:53 | c.contentsquare.net | udp |
| US | 8.8.8.8:53 | k-aeu1.contentsquare.net | udp |
| IE | 52.49.50.212:443 | c.contentsquare.net | tcp |
| US | 8.8.8.8:53 | c.ba.contentsquare.net | udp |
| IE | 52.49.80.58:443 | k-aeu1.contentsquare.net | tcp |
| US | 8.8.8.8:53 | k.ba.contentsquare.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | c.ba.contentsquare.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | k.ba.contentsquare.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | 212.50.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.80.49.52.in-addr.arpa | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | www-growth.scdn.co | udp |
| US | 8.8.8.8:53 | download.scdn.co | udp |
| GB | 151.101.62.248:443 | download.scdn.co | tcp |
| IE | 52.49.80.58:443 | k.ba.contentsquare.net | tcp |
| GB | 151.101.62.248:443 | download.scdn.co | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.minecraftservices.com | udp |
| US | 8.8.8.8:53 | sessionserver.skmedix.pl | udp |
| US | 104.21.50.12:443 | sessionserver.skmedix.pl | tcp |
| US | 13.107.246.64:443 | api.minecraftservices.com | tcp |
| US | 8.8.8.8:53 | sessionserver.mojang.com | udp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 8.8.8.8:53 | c.ba.contentsquare.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.spotify.com | udp |
| US | 8.8.8.8:53 | c.ba.contentsquare.net | udp |
| US | 8.8.8.8:53 | edge-web.dual-gslb.spotify.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:63056 | tcp | |
| US | 8.8.8.8:53 | open.spotify.com | udp |
| US | 151.101.3.42:443 | open.spotify.com | tcp |
| US | 8.8.8.8:53 | atc.spotify.map.fastly.net | udp |
| US | 8.8.8.8:53 | atc.spotify.map.fastly.net | udp |
| US | 8.8.8.8:53 | encore.scdn.co | udp |
| US | 8.8.8.8:53 | open.spotifycdn.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | tcp |
| BE | 23.14.90.83:443 | encore.scdn.co | tcp |
| BE | 23.14.90.83:443 | encore.scdn.co | tcp |
| US | 8.8.8.8:53 | a1520.dscc.akamai.net | udp |
| BE | 23.14.90.83:443 | a1520.dscc.akamai.net | tcp |
| BE | 23.14.90.83:443 | a1520.dscc.akamai.net | tcp |
| GB | 146.75.74.251:443 | open.spotifycdn.com | tcp |
| GB | 146.75.74.251:443 | open.spotifycdn.com | tcp |
| GB | 146.75.74.251:443 | open.spotifycdn.com | tcp |
| GB | 146.75.74.251:443 | open.spotifycdn.com | tcp |
| US | 8.8.8.8:53 | tls130rtt.spotifycdn.map.fastly.net | udp |
| GB | 146.75.74.251:443 | open.spotifycdn.com | tcp |
| GB | 146.75.74.251:443 | open.spotifycdn.com | tcp |
| US | 8.8.8.8:53 | a1520.dscc.akamai.net | udp |
| US | 8.8.8.8:53 | tls130rtt.spotifycdn.map.fastly.net | udp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 146.75.74.251:443 | open.spotifycdn.com | udp |
| US | 8.8.8.8:53 | 251.74.75.146.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| N/A | 127.0.0.1:63063 | tcp | |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| IE | 209.85.202.94:443 | id.google.com | udp |
| IE | 209.85.202.94:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 94.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.java.com | udp |
| NL | 23.62.61.137:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | e91569.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e91569.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | static.ocecdn.oraclecloud.com | udp |
| NO | 104.110.16.41:443 | static.ocecdn.oraclecloud.com | tcp |
| US | 8.8.8.8:53 | e11445.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11445.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.16.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | e4518.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4518.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.oracle.com | udp |
| BE | 23.55.97.240:443 | www.oracle.com | tcp |
| BE | 23.55.97.240:443 | www.oracle.com | tcp |
| US | 8.8.8.8:53 | e2581.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 141.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| GB | 216.137.44.99:443 | consent.trustarc.com | tcp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| US | 8.8.8.8:53 | 99.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent-pref.trustarc.com | udp |
| GB | 18.165.227.6:443 | consent-pref.trustarc.com | tcp |
| US | 8.8.8.8:53 | consent-pref.trustarc.com | udp |
| US | 8.8.8.8:53 | consent-pref.trustarc.com | udp |
| US | 8.8.8.8:53 | oracle.112.2o7.net | udp |
| US | 8.8.8.8:53 | oracle.112.2o7.net | udp |
| US | 8.8.8.8:53 | oracle.112.2o7.net | udp |
| IE | 66.235.152.225:443 | oracle.112.2o7.net | tcp |
| US | 8.8.8.8:53 | consent-st.trustarc.com | udp |
| GB | 143.204.194.2:443 | consent-st.trustarc.com | tcp |
| US | 8.8.8.8:53 | consent-st.trustarc.com | udp |
| US | 8.8.8.8:53 | consent-st.trustarc.com | udp |
| US | 8.8.8.8:53 | 6.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.194.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent-pref.trustarc.com | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | e4518.dscapi7.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4518.dscapi7.akamaiedge.net | udp |
| BE | 23.55.96.141:443 | e4518.dscapi7.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 02179917.akstat.io | udp |
| BE | 23.55.96.141:443 | 02179917.akstat.io | tcp |
| US | 8.8.8.8:53 | trial-eum-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | trial-eum-clienttons-s.akamaihd.net | udp |
| BE | 23.55.96.141:443 | 02179917.akstat.io | udp |
| US | 8.8.8.8:53 | a248.b.akamai.net | udp |
| US | 2.18.190.75:443 | a248.b.akamai.net | tcp |
| US | 2.18.190.68:443 | trial-eum-clienttons-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | a1024.dscg.akamai.net | udp |
| US | 8.8.8.8:53 | a248.b.akamai.net | udp |
| US | 8.8.8.8:53 | a1024.dscg.akamai.net | udp |
| US | 8.8.8.8:53 | 191-101-209-39_s-2-18-190-68_ts-1714791102-clienttons-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | x5s5cjycck7ewzrvuk7a-picox6-519dd7d6c-clientnsv4-s.akamaihd.net | udp |
| US | 2.18.190.82:443 | x5s5cjycck7ewzrvuk7a-picox6-519dd7d6c-clientnsv4-s.akamaihd.net | tcp |
| US | 2.18.190.79:443 | 191-101-209-39_s-2-18-190-68_ts-1714791102-clienttons-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | 75.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| NO | 104.110.22.225:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | e13073.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e13073.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 225.22.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sdlc-esd.oracle.com | udp |
| US | 8.8.8.8:53 | e2875.dscd.akamaiedge.net | udp |
| US | 23.220.112.104:443 | e2875.dscd.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e2875.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 104.112.220.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| NL | 92.123.165.224:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | rps-svcs.oracle.com | udp |
| NL | 92.123.165.224:443 | rps-svcs.oracle.com | tcp |
| US | 8.8.8.8:53 | 224.165.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | 234.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| NL | 95.100.96.8:443 | assets.msn.com | tcp |
| NL | 95.100.96.8:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 20.189.173.1:443 | browser.events.data.msn.com | tcp |
| US | 20.189.173.1:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 8.96.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | piston-meta.mojang.com | udp |
| US | 13.107.246.64:443 | piston-meta.mojang.com | tcp |
| US | 8.8.8.8:53 | sessionserver.skmedix.pl | udp |
| US | 8.8.8.8:53 | api.minecraftservices.com | udp |
| US | 13.107.246.64:443 | api.minecraftservices.com | tcp |
| US | 172.67.199.2:443 | sessionserver.skmedix.pl | tcp |
| US | 8.8.8.8:53 | sessionserver.mojang.com | udp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
Files
memory/4988-0-0x00007FF98A7E0000-0x00007FF98B490000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 5f580d5729d906e8d3dc102054013a38 |
| SHA1 | e267215fae86dd7d5dc76977e4b6e58ea6af2c0b |
| SHA256 | eb4f4702e7ab9d7d69d40b2087f6ab6dc648125e0f9f1b65b3209be821e0e49d |
| SHA512 | 5e6894907634d6ad20bbe48b554b917bc1181c217132355af8d66e62166034fef8b2e8aea20c585b2093b3209f93e5b79d49db20bd9bc8769cc07a702fbdd9c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0cab08d3-af1d-4294-a413-b78f641e77a0
| MD5 | d87f971cfadc118e4cc7cdd0a1678a3c |
| SHA1 | b880ac0867eb8f3f4a0187faf6f0df10dcb0fb19 |
| SHA256 | 27de742a1f901e702dde80af6a86a908af5e6719e0bfc50d0d59d5da82e90134 |
| SHA512 | 1a749fb1e24c0cf2f9ae5740d22529467b633689da9be3583c3081cb4404ec3e26ceba2c4e5b259be24aadd732c677325df0dbba89025e9583805975c1bba7e5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 38755fe7c3d6d0bc49e5e1b8557b3ec8 |
| SHA1 | 5658551bd8300c52b3c56c553f250881a276191d |
| SHA256 | 793495438ea4930528976414838f4b0a520adc94c8d5f9c0bdd2cb9db8db7b58 |
| SHA512 | ebfe7dc715a887242b3c1b4c7f2f76f14f2c83a042b4966987b11c0a9233da42d6bd2f53df9174c8787cfc9d94452e23451bf8f53d9dfd4e8d09de56ee1ffd68 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 615b87ab68ab7ae870f882f6a0d05c49 |
| SHA1 | 641ecbcc9cb62a3f07ee6d635097219bf6a7c548 |
| SHA256 | 2d89f97df79c1b4801fbffc4d1adf99a10595fdae6758afaa527bf7aca7770d9 |
| SHA512 | 6a76a7904f15f1b09bd46cd2f6ec5c7333e31fca1f4de96d8ee30cecf837f4c3cceac11937679d0edac2c8052503e01a059136d7a4c26e261a745b4ea5c18197 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2adc3021bac2bbc4caa517b051c0c705 |
| SHA1 | 37a9f18ee5526e1c09bb8a69b63e48ca0b40de31 |
| SHA256 | ea214d94312ede710d0447c8be141122b59c0b15eb973d3fde87aa5a0fd5ece3 |
| SHA512 | 9a8468a4ee5c96f5b32f13bac4d19fa66d596bb9446deef1e4ae9f5f226cf3b2b519bb8eb26fce616c8a5d99ce97480532052591e14bc3bae86760992a94748b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1e780a770210e1df33235fc23a5cbb1d |
| SHA1 | 0825cfa417fb8fad2579bb9f45a94bcd1efeeb2f |
| SHA256 | 2d0aaa45f3e399f6e9d06c31063b6e8e56f6fec289c8d0f200d1da0c7a21f3dc |
| SHA512 | 6c44e51d46b21a42e8f15e9917ae9b56dd2357b4238db06534d46e3fb169e14fc92dbfa364af13da423271387f30ba8ad4dfe06990e51b97dcdc3bd1bcad4e78 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 275da86bf66d090ddefa598e517c835c |
| SHA1 | 7716fc0d7afb152ad051e1b9fc904bba67c16365 |
| SHA256 | e97b5ca6ee7e1dafefb40bf961204cacfee5ea9cc5d23ff2c3a79fab61e3eff5 |
| SHA512 | d1bdbb2069706e78c1b6d51c0d326741042e990abd9fcee8a31325cce60d022589e995acd5f8f0c47f929bd093575b30487341941b7e60ffcb3da17dd14794b6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\0F6E48FC2FE3BA07CF39A943382347AA9FC8C2FC
| MD5 | 7095c62de7cca518ab5ebdb59d041415 |
| SHA1 | dcde115f5c11b445d0810dfa18330178ad165494 |
| SHA256 | 0c3cdd420c3efeb28c4f0dd9eb445c39908fadcff29bf5d345ee5f78ff0e99a6 |
| SHA512 | cb11f750f121e3781588af60ce1ecb696e70a71f89d6eec2ab34cffa0c8cb310d90dd335ca234d36cc2f13ce2dd5591a18db109f080324355a2038500b90c1e2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 21e5ed0a12006291965c4b6ba59ab88a |
| SHA1 | b25763bc00d96197f256631c13e3c09264448b26 |
| SHA256 | 5c42d7eff0fd1c720cb040af1fa16489d97bcd0d4f3df6faacb0c4057cd2963a |
| SHA512 | 8b1d592cb0293a4847c95470dc63b85dea5b72f5aed18d3c48dda651d9402fccaef56cb015180264892bbd077245ab8cbb816c1682d8c2e01451333d041d955c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 055d98f0940c27795f1d7b38ed26ebb5 |
| SHA1 | 8d0590b9992b263bdac77af66b1660efcbd7dd3b |
| SHA256 | 8013ac3dfb0309d52c0c93871a7325baeff9a7bc40a2a1dbf4a35ad798c9ad0f |
| SHA512 | f4c0fc08dbf467dcc73de5b3544dd1a113ad7c2e1209dadece0337f9f146ba39f9385948268d18a7dd88ac8fd43949951ef2daf58765b3a41b941127df8d9659 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2af81c22326ea3ebcfe987678712d455 |
| SHA1 | b4a305985ad2314254ce4c386185f8f7145d86a1 |
| SHA256 | 43b603d500c92e84300c1a30c33d4efb281b252b7e476b26af4291a81f278da4 |
| SHA512 | ef945ee60890cfc6f04d8a9ab0799cebbf7e9aaa6c808020afcf0f86380510187fa93201e9316af4654497ddb7242c4f9ebb8b5a508064437138e85f587f8270 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | db2e5b5c2e6f4590bcbfb44d8f735521 |
| SHA1 | c3685137745099860439806ddb15fcdc41d30f4b |
| SHA256 | cceb3c270c0dd5d72bcc56681f0972e9f49586c5122b00d4ad1d6ee3345fa4fb |
| SHA512 | fbef2dd46f2890c27254fd3ceac35baa69f3fe8aa944e96b19c21d965a48119b1cba8188ee96ae71facca8c5da98773142662b5bf80bb78ff98a1b5e4be24700 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e13d98b7c5c592e9ab29c285480dd5b8 |
| SHA1 | 17160e14ac18cc3d6003e9684aaa3878d9e47e6f |
| SHA256 | b287af7379daedafeac0c8b5ac33ed25b664e89ee7e594ed38695a21083a9526 |
| SHA512 | 7de380c466b30679fbf3bbf55bb733f31d4d7d0e1cc09a22b6322e8b85333ae96f7579e14619bbda88a47eb215a7604b930abb975033474b4cdf7a62af684e6e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | f3100902e17ab595d1f75dc634530ea3 |
| SHA1 | 8903a8a992c3d59ee53a3f4f5af50c159ac15835 |
| SHA256 | 0d0830f0d593df158b36eb356480c1635b01bd8ad9e53bb536e2ea89d2c6404a |
| SHA512 | 813c19d5a8703e0b9b0834d95d3d57abe05ed9525aa513fb1810752f2e00142effa665ebda4c45d8e881cea16167e16e71ae37657589ee951482a8c1e358748a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 720617bc7211e3eac7226f0ad3c6b0d5 |
| SHA1 | 4799a3bafe878e527b215378976a4b73861a6f4e |
| SHA256 | 246cf925828d370cd8e8a8d8672ab8885d9f161c50ac33f68e4921faac96e1f7 |
| SHA512 | 6151b2a20249bb7a6a08b1cd48202c330951f152c14aca255422a702c6f93784f3fca58b0dccdf41c90ab5ffc703b67d0adb90ccc64ddbe839d298ac24c0ffec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 07eeda5905d94c82e71de138820c89a5 |
| SHA1 | 5f79aaf58ed052812f29f2d3be425c873b6992f5 |
| SHA256 | 9a4673d1093fb2019673da84988806aeb141fdbe58ea7b5ff490a7ac6f0a6d5c |
| SHA512 | bb19625c6924ca3fa44938ad18232835fa5f6e219ac9655c03919721200fe6fc3989ab8d030e3024304e6bbe9bef5f2921d1e2b2982b07df84ea2f4fad03c7f2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9537421406476bd61d397dcb0d0873d6 |
| SHA1 | 129cda7bfa5d1a7dcd6e35003d0c595fcead58bb |
| SHA256 | 055bcb25bae9e180739167c22b9fcd8c669781915043180cb7ca3e3809e7b0ff |
| SHA512 | 40e3161902bf393a2bc49561458b38d64b3b63959cfb7b3f3be8a25f9a583fc3e08f8829993bd0e68cfffe970ebd02d5247ffce289a83ababd4ebf8606bf23c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d9012f853c1825c7179fc7bd98de4cce |
| SHA1 | 5c6deeb4d5cab5417507648a6b36217a821ce692 |
| SHA256 | 7b87d014ecc9fd1bdf3e8d09f63f3ae676bba3ac5dd2984a4f82c349b0895d67 |
| SHA512 | f83219d6dd3c0c63c9a34d098c03824e47f8f38e9f93b2e61dca7646e460cb9369e850288b22866adcd082b859d8d7bc8f548611b8c7066cd0af00b8fc843716 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b0c052671b7c854e587145dcc313e364 |
| SHA1 | a6dc3767aa0aadb4b5ca17b6ca83f767ffdf23c0 |
| SHA256 | dc8f6b86614e30097186122410fbdc19f83e22bf82af418588d3b5c5d458c44d |
| SHA512 | 1722c2011607bbd3f84e563d789320d1ff7a775d880ff0cc8ab4780619393a14b6c3cfd8726f1a595f4c7ed681f53f0aa8db38395c5706e182223bd459a18e3f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a149d1f5-3d4e-4589-a1c4-b993d26988e8
| MD5 | a6c51e0dfcb0aa17624236538acd65ed |
| SHA1 | 7365559fd1d0b35e7056370143bd7d3a7b3d6499 |
| SHA256 | 0eee2948f74938d90c898a7a9fe6fd139ae29d450f46484a28a7385463080b25 |
| SHA512 | d7eb1133ea91c299460eb1dda158e3c81a2a16e88dee81effca1281b017683a8c410e74f3fab4c2110e0d17d6efda1c09998b82afa8213cc9420918b0330510e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d857d081-98b6-407a-a213-d9de81804e08
| MD5 | f92e2b03778f8a870960262dfc0d77c3 |
| SHA1 | 7ede44ce3a4fcd355b6cd95f1ee738618e4cfaa9 |
| SHA256 | e2af15a2e422d6b7efc0c6c67843e63e4169c92bb70115ad56f18653a48a3aca |
| SHA512 | 52463acf31a40fbad6b74a8141ab7989c1ace63b4464eb2f3b7decd83840a235c838c74d82546919b466e641fa13e1b2ed5c8308ac14cec718618c1620b586a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cf5570288e8832b72b1b91b608cd3f72 |
| SHA1 | c7864936e6e48cb1757ad7d1d110fd8065f0fd92 |
| SHA256 | 4a1241dc5443795bc05c62a34dee2f54ab707a920c61a36df49a6b0092889a67 |
| SHA512 | 00271798ceee32ec9416d3c779be385bf86d2afe523796ed1b871626278748f04b8a7f204624f7b32321493c3e9089deb6e2211f82660256bd8d95d85e49e81c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20497
| MD5 | 6d4a2f6d4ee20d727d2a9a682d80e3e4 |
| SHA1 | 0322ad449c750c79b55c6d303928f89b9ee61079 |
| SHA256 | c74653d90a54e8243886352948b5a87440c496cf3e0ac95a04702cd2903e09b9 |
| SHA512 | ef1ea73f3924df0da88c5817eeb0aea1a61fceb0434626340c08d6481eb5572590dd6a9ac6c8512a09eb7698bd51122ffc9dc3c0e29e345679ad19bc184868c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f47c25b4e290101b93f307c6db4ad80c |
| SHA1 | df41aafc9c741ef71270a56c741dbd8b4bc507b8 |
| SHA256 | e541b94d2e3b90dcdaa86ef03afe9078c5b91b6f20908dbd2023214f86432666 |
| SHA512 | c26a961eed62aa83380bab7831e934aa79e8f590b0e6a16026e2e28e9779d56ac4fb57671d51aaaeb40bca5d10d31b2bbfde80033ce6eb89b7f3d1df6cb86907 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\25964F52691AED972ED9651DC62D2ED649D0CA04
| MD5 | e5cd50794c0d2825a42433caccccc917 |
| SHA1 | b11d9c51ddf38f2d9aa9309c4e4ddc6636719742 |
| SHA256 | 3abf96cbdb0a7ecd910658adb8de8db79623ed44c4f49a82d836e37296bfb3d0 |
| SHA512 | 8523bb6367b61d13ca56675843eefbf31332ac33ba4bc5ed5faa5ee8be401f5d59e05fa1574f1e566f28292b21e6ef605a15240018116698b02b211738737a83 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2642B139127293682A334A3B94AFED2E56EF6902
| MD5 | 5d043dcb366d1de4ea0ed1b79e4a5b3d |
| SHA1 | 633affca79db1b4030e1e298b16aaf8b0ed1d96c |
| SHA256 | 761be992cfb1e4bb91576ae3991485946c4880a397dad649757bbf9b4960449e |
| SHA512 | 487d861fd5c80d12466d18151f4e0509d88315de0d52af7c37bc75a2dc4c8220ef279c11ddae52104818a4fc1ef1b3a32d47b7b9722ad2689ba91a6af9bbb697 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A9820D3AA01082CAD0464F5D7B7ACC7020B5827A
| MD5 | dcf1de29a765aec52b0cb9c5d553e6c5 |
| SHA1 | 4fc52a7f9ebff65514f97653318c980ca5889f37 |
| SHA256 | 8e8a791b5e513aef213a99d184b1f3bfa96ef111925dbcafc2690e2643b4d942 |
| SHA512 | 961c3a6a7a29052b7ed26aa67255df613c4d93526dba120dac58aed3d3ebf0b1afcbf418bbe458f3e7540aa1ad2d728dde68b493aa828d2ff472b20aee925722 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5D725DA1DD35E8A5C0B1026F1D46210CD974636B
| MD5 | 9ba04773a44511a1c69881d5f5f2a1b4 |
| SHA1 | a9cf5e76ee4d87128e4cf0784585a1bc15e60411 |
| SHA256 | ab927615d54bfcccbd6bc30de6be6d8a1dc43941caa8a6c3ee7fe4c48fec45de |
| SHA512 | 22d9bb31a2ce5d335df594aae87d0142e6fcc88bcda32efcbb4d99e6572491df401b3a50200a80de50e36c79ce8d2ddf13855bd24e72efbdb29543feec0ce425 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\9884
| MD5 | 024d344d29e232abe0798129e62ef487 |
| SHA1 | 2b6b8056bce3dc5f9116a0fb711b5d8e1c923e95 |
| SHA256 | b7b21609c56ee3f6b6e915f6550ada97d370a8eee8360fcbea8b97533b26c27d |
| SHA512 | b545c5764c4dd98f3179cd8bf90f9876393b37816a4a8ba3a88c50adfba54f76b6733fde6eef7dbf8ff7b86f4738f8ab3150acf33260c7482554dee5eda53d1d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17224
| MD5 | 7f0e8f36f7018e7933ac248f1a06f04e |
| SHA1 | 85a094da1512105c774456f5e543d63aed0ba6ad |
| SHA256 | 6ac00e5f6f24063e496668813a8dcaa4090d20454af8ead2cf36d454102132c3 |
| SHA512 | ed21be80235e76bd793afb776618d8e56ba3adcf5519c84ee7d89cb865d21bba2301cdb614757d4c50d0714b70f235e53774e7e677a9fa338dabe9730d1a58c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\38080459652B535AD0DE543435FBA672A01C1BA2
| MD5 | 2b134f91d4f845e8d903861440b81b3d |
| SHA1 | 8a44ce48a950286c4a570503902216441c032216 |
| SHA256 | b09af8e6df0d1e16bc5436009a0b1728eaa0068e495bf3ad41027de6675c71b9 |
| SHA512 | 6457ff3dd0aac5b7c72260ff6088f9ef0f0ae6c1c8ae55d8a37d5b0af3584f1d07079ff14cb71933aba1439c2c2b363868a4a9784d4e171db2706b6c7984d04c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24262
| MD5 | 2ee4d9e68206f1788bc744c66e6687b9 |
| SHA1 | 818bfa5fe29755f3d4bb147a0090fc9254bf1cbf |
| SHA256 | 668a2d991915f8789c212dc10f9f237e585f947c5d8fc888f6ca8753039578ab |
| SHA512 | dd4276d08e8836ccda8b67ae5ea4d3179113d0b17b9f5990a2d5bb9435657af9ff777f5729e3b769e188929023d28116b49469cf71a43bda8a37bc42d4e2f317 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14128
| MD5 | a4d42cadeeb2312677278660e2d43a3e |
| SHA1 | dbaf03398bb25663e2b24b0b48cc7912176189d9 |
| SHA256 | 22c765ee02c1590ff2df3de8251c78197854018f005d78958b5d71d619cd277a |
| SHA512 | 52c68ddbeed2b71ab14ec5d2a5825dc2d4968889fdc1389e7be17492430cce311fb90cf067f2f4098f58824ad5e1f9620fcc863fff32bdc2d143a7f8f53b0cab |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20435
| MD5 | 5cf14c97c5fd47c6185f19f1bbd3b1e6 |
| SHA1 | 0501cd4f3506897327ea5269f1d232e66c7224c2 |
| SHA256 | 98be9e9c2405edc9beb6be33de5e4b193559f34d7da89e6220290efa74faf097 |
| SHA512 | 0a63b699e959ca9da0cdb72ca92d2361f17352386510e2831d586c4930ba05b0ce7bf6f99d45cf6b225ec8401b71d17f378ff6caad72f6b3d85d5c0f72597606 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\10C0543199997E1F7BC198EDED66D97B334F0C39
| MD5 | ebf8c65457a528f746c44149718dd2bd |
| SHA1 | 19dcdb7740c01b3e198ad2bfc4654695c64a0c5e |
| SHA256 | d9ec5793a26ea9db4881e24dee0acc440bd6ef7c6c29d9b920ad1004394b0214 |
| SHA512 | f687150f1578c001615b1eac3c8c095fa5fd429cf361d3599f2cf2d008d54def39c98d601db8048ef14d9e59be8bc5637650a70c77d6c823ac50a564b5246f69 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 50150ae61392cc657891b4aa72270157 |
| SHA1 | 8f8880ea293cfd13a5cefed5089201421d8a32d3 |
| SHA256 | adad95e3e8fbe799d821179ee84ab3eda09d551d2445dbf40ae598bbab8240d2 |
| SHA512 | b7223c3507b6b53428d8fdd7423d6f798fe0ed961506916b602de2fe2dd0c427ea974107e56dbfd84e56dfecf61244d7c3dc2a538d02bf9e461115da5efddfd7 |
C:\Users\Admin\Downloads\SKlauncher-3.b9mxBJXV.2.exe.part
| MD5 | 2bfc98e213a2f0708ed43f0f2bbcca32 |
| SHA1 | 9c777f1e46ed449d5b45fe8b0a8e0938e23159b1 |
| SHA256 | cd6ad49081e1244265ef98475218bb843765b72702e2c7635f6a2be6164439c9 |
| SHA512 | 54d3a8e86bf0c6cb1b120ac339adde49bd3a3ab54ad4781791d80a12dfc80948b6076a42adb930f1efdfbd2ddc08b0e8f85d29dfc6692c4a748bb042a1013068 |
C:\Users\Admin\Downloads\SKlauncher-3.2.exe
| MD5 | b63468dd118dfbca5ef7967ba344e0e3 |
| SHA1 | 2ba4f0df5f3bd284bf2a89aba320e4440d8b8355 |
| SHA256 | 05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf |
| SHA512 | 007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548 |
memory/4572-1001-0x0000027168C10000-0x0000027168E80000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 56f82cf8bafd040cf15786d69220bb4d |
| SHA1 | 9c833ef37a83d6bcd4db25f3bcc5aaae761ce501 |
| SHA256 | 843ae17e793a3a049d154f724b0af28663236c9a88d02f578e77b5cf0cea63ea |
| SHA512 | 5962aa159d5b3a25a9cbb8ad705e714a9614cac98cfcf2d1665ca6816a85b0ebaf87c44fc66038c0421657330926433071f30cf6adc49a153578d726e745da72 |
memory/4572-1019-0x00000271673F0000-0x00000271673F1000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | ffab5aea3cb0da8321d5ed023407dc59 |
| SHA1 | 7ab2102ea332ece6ad111652731a26336c3d0efe |
| SHA256 | afa43775b79cce5bb2a5aa79f349587c998d4d1d42d8d806f4c1ac71c4640300 |
| SHA512 | ffe37f12bf5ea1aad7544145cff0c923b9b90e88ac41dc9e9108259afb02fb39ed2c4ff826bfa0f028c07df37f46923ff1c4afbf6c18e6d83bc6e99aba23968a |
memory/4572-1021-0x0000027168C10000-0x0000027168E80000-memory.dmp
memory/332-1033-0x000001CFE0740000-0x000001CFE0741000-memory.dmp
memory/4776-1046-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1050-0x0000000002660000-0x0000000002661000-memory.dmp
\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-8927770824600.dll
| MD5 | dcd68a87b7e6edbcfde48150403b22eb |
| SHA1 | 28e4839a29725075772fccc39b44e194eb91e477 |
| SHA256 | ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c |
| SHA512 | ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71 |
memory/4776-1083-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1128-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1134-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1173-0x0000000002660000-0x0000000002661000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar
| MD5 | 5b0bfa78154b1c57ab68574af285fc6f |
| SHA1 | bf9f6b357352f81a2e4427c4e5d839b89b32d3b7 |
| SHA256 | 0e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f |
| SHA512 | 95dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26 |
memory/4776-1186-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1199-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1217-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1233-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1232-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1231-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1230-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1228-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1248-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1251-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1254-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1261-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1269-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1268-0x0000000002660000-0x0000000002661000-memory.dmp
memory/4776-1265-0x0000000002660000-0x0000000002661000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\+JXF4947268008213846848.tmp
| MD5 | fdb50e0d48cdcf775fa1ac0dc3c33bd4 |
| SHA1 | 5c95e5d66572aeca303512ba41a8dde0cea92c80 |
| SHA256 | 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123 |
| SHA512 | 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53 |
C:\Users\Admin\AppData\Local\Temp\e4jECA5.tmp_dir1714790833\SKlauncher-3.2.jar
| MD5 | 4d653e61ba01a521c56b9a70a9c9814e |
| SHA1 | de855dc3dbc914b497b58da92e0c21fff660796d |
| SHA256 | f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350 |
| SHA512 | e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def |
C:\Users\Admin\AppData\Local\Temp\+JXF4052844772325346394.tmp
| MD5 | 8f2869a84ad71f156a17bb66611ebe22 |
| SHA1 | 0325b9b3992fa2fdc9c715730a33135696c68a39 |
| SHA256 | 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1 |
| SHA512 | 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834 |
\Users\Admin\AppData\Local\Temp\jna-63116079\jna8028659467676948691.dll
| MD5 | 719d6ba1946c25aa61ce82f90d77ffd5 |
| SHA1 | 94d2191378cac5719daecc826fc116816284c406 |
| SHA256 | 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44 |
| SHA512 | 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b |
C:\Users\Admin\AppData\Local\Temp\+JXF5933899926327751379.tmp
| MD5 | ff5fdc6f42c720a3ebd7b60f6d605888 |
| SHA1 | 460c18ddf24846e3d8792d440fd9a750503aef1b |
| SHA256 | 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1 |
| SHA512 | d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | 1575102d67c5dbcd216d2fcbf15c344a |
| SHA1 | 6454955377f8771987c7db2dac7499681f74fa23 |
| SHA256 | 98dec316692a9568907c955beac1352e1432745931c13f6ee218bdfc435d9655 |
| SHA512 | 415a248e8e15cd376daf6405530351211b8d5fc14db7035daa48157cf87e51fc774185e7f7068954273c86a01a0d5b969aca95254b5e3f6dd4b2a07b2bda8bee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 95ceb5c879576e55da52ea8f9d63ad32 |
| SHA1 | 2a52dbf80dc99540a01533f65b2f3c52603992fe |
| SHA256 | 683b7fda4eca43282e719c0e49de04b28a75f8843decf5983a020d80e8678c00 |
| SHA512 | 737630a9964031584f2ff9c4a35d1abbaa79d6cec2f45201e39aa2ec95e7b8666326933eb378544549aea5f7f9bec45745c04ee968df1d35f919e7974612217a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\utymd3p\imagestore.dat
| MD5 | cd5c8be4077db33c28012a8c3891ca86 |
| SHA1 | 92abb49a3c6ac369ac698fbbcea9d84514e1bda3 |
| SHA256 | d43626d8df8991aa19a537bee3602d3c0783ef8febaadb306131fd8ecf806231 |
| SHA512 | a7306278f679ffaed2fa9517473dcd0cb9f811c4f1c22894ca8b26e55287b621860e2ad10709e43acbe759d19b08adc5c8dd8c60cf7e6a226896e05620b081e3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SGCG3FET\favicon[1].ico
| MD5 | 12e3dac858061d088023b2bd48e2fa96 |
| SHA1 | e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 |
| SHA256 | 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21 |
| SHA512 | c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HRBX3BZ1\login.live[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF7441BD4DF81C75E.TMP
| MD5 | 6549bd38fa0b5fa11ed4286b84612fb1 |
| SHA1 | 42ed26e812a8110c96c08cdde1cb87b62b1c16f7 |
| SHA256 | 77ee781f711b1e46f05cc1ad6da40d5b14196e3d91e21e29d78db724fffde8bb |
| SHA512 | 3bf35c0fdca75713e75472c85dac49e9372416e5eece704c15d14245d33b02639c3205bf659e28759b7e74663f1ec3c09e4cd5cca3c9e8119549987796e9e715 |
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_profiles.json.bak
| MD5 | 025b9420ef9449d52963b795805b8235 |
| SHA1 | b8c2f18753d4ab11d8861982da24f31fb78b18d5 |
| SHA256 | a3dab7338b766b3b4d8196a459359ff52ea3dc63771ae333969b7119db578dc8 |
| SHA512 | 35653735e71571f242c4b9c1ff72748f270482e5481390c6d4760e2ae7b5551dcaa6cf57b36fc3f6f21f1d90a19258288b0d5c6b78a462cf34b4d0e81f01ad31 |
C:\Users\Admin\AppData\Local\Temp\+JXF4768154438635635737.tmp
| MD5 | c4c47e3d7ed51a6bb67b7b8088a4b0e3 |
| SHA1 | b190f4e4e8f838c46ffe9507d966ea4d8b37d8ce |
| SHA256 | 5e606f805a71432d4875de7dab737bf9dea1187090f0a5190da9b1bbab09f57c |
| SHA512 | b4251618479c52398ca71cfc61ad88230a14145771ef1085ab9288486d7bfc841f0ea222909f8ba6882db6076df26bfe37e1c23917569270c86d6e7adee7cf13 |
C:\Users\Admin\AppData\Local\Temp\+JXF7542973517544719658.tmp
| MD5 | 4b1ffad3c0075af22674765ff1ee2f56 |
| SHA1 | 1f7b05d0ed1c6c15736115a59ad844adea5f1f66 |
| SHA256 | fe3714926082ac5764327e3b67ae52cb6f0cf6b8c4221c064a6cacf821079414 |
| SHA512 | 427db3fe5860676fab65a9b895d205620a1ec0aa172f45aa9ecef261820e25b84f3413bc5d0a9d0c1311422a8da1f5706ac4f6211a60aacc82974cf00ff036a4 |
C:\Users\Admin\AppData\Local\Temp\+JXF4784780067006700818.tmp
| MD5 | b97f16379b4c106616f60f702733f5c6 |
| SHA1 | 85c472fb9a7f256643bc4bba10f158dfaa1d1e8b |
| SHA256 | 4c392dcc8ad916f0f9df7559ab5563b01dd94f9f3b2db34617fe392e00060339 |
| SHA512 | d124af2c705b97cbb307497f88c47a5f7d320174d48626ea14ac27d42bcf8016f32810cf7ecb6af1261297b8c331a6ea89e2e35c3e2536390d8d6e500ed8d61e |
C:\Users\Admin\AppData\Local\Temp\+JXF7449354641279939100.tmp
| MD5 | 4154321279162ceac54088eca13d3e59 |
| SHA1 | 5e5d8c866c2a7abfd14a12df505c4c419a2a56f7 |
| SHA256 | 6bdebeb76083e187c7ae59420bfc24e851edb572e1a8d97c1c37b7b2dc26148c |
| SHA512 | 04ca175774cbe3f2d83543c01cc388e2715ab7b1378143db41bacdc7e7eddf05d3beef476f6acbe7ddeb34861984efb5fd7f299ec1820697c440b372d258aee7 |
C:\Users\Admin\AppData\Local\Temp\+JXF627935389043608021.tmp
| MD5 | a473e623af12065b4b9cb8db4068fb9c |
| SHA1 | 126d31d9fbb0d742763c266a1c2ace71b106e34a |
| SHA256 | 1bda81124d6ae26ed16a7201e2bd93766af5a3b14faf79eea14d191ebbd41146 |
| SHA512 | 1fbc2841783140fe54f3ab1fa84e1ded2534bcec3549ade2f513491b32178df515bd63a0a4a2c35017a6850ff9c3a24f8602357d912acf8ca92b8d68ba846d3a |
C:\Users\Admin\AppData\Local\Temp\+JXF7624541201658579969.tmp
| MD5 | 9a21378c7e8b26bc0c894402bfd5108c |
| SHA1 | 72bd9f3ca75ca691ce86fe1ebbdb269f5f737bae |
| SHA256 | 0d34f9588400a586b774be97e66ae8c076a8807b8455df0587b39d2a4a1a3b42 |
| SHA512 | 4a9d23a01f1a7474e0339d4d8b151d0269bfaf7d9e13ff6aa34d7f929002e8ff185f273e6f7afd2d40df3e0630a962dc7767d870dcf1766f3e04b8029a7b452e |
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
| MD5 | 802d1182a4685e1b86c0a9dcb3f2be36 |
| SHA1 | 3aea1c3d1925ec0e6c4e534adcccb1271c6a5f04 |
| SHA256 | e48ef14933f4eb6071497a5311ca0ac6e115f7a0d57a60e519296f8fd42ad4fe |
| SHA512 | ebde9d7c89fed73ea1766fdbaf716e5ba69068b5b0c913490c9ad8703540945e2cda248b0365d6a49acecae960a8fa846da53cfbf8e19b98a6da382267dc562c |
C:\Users\Admin\AppData\Local\Temp\i4j1321171856815587400.tmp
| MD5 | e269224895c7fb1d2083a4d5a5d0d51c |
| SHA1 | 27e1afdf2330f5a4b384091fdf76d8551c03e0ac |
| SHA256 | 51ab9d24f1e8deeb397ce4586dbc771841d19ae6d80dc809e120602a6df424c4 |
| SHA512 | 156420e4c2a9c0ff8cda952fdfccaefcc0c9ef67930f48f3b87864ed59b8db5bf11b9e1c1f3fa771836c1fc5653202837c0a52f41090495d488766a3111d844d |
C:\Users\Admin\AppData\Local\Temp\+JXF5712007104081739005.tmp
| MD5 | c5c41f7587f272a4c43a265d0286f7bb |
| SHA1 | 916224c963d04b93ed54ce7c201108f398e7e159 |
| SHA256 | d549110689cdde0821ca2c7148f7b47a097166b4169786a4a9ede675f5ce87f3 |
| SHA512 | d4b4d01088d9f506368dc19d709b4ba6be764929b0dd05775841e14cbbec674f216b81515ae529e95abfd22ed2f3e2d2774363dd4284c8c8b57d203599555f76 |
C:\Users\Admin\AppData\Local\Temp\+JXF8602201351783414257.tmp
| MD5 | 12ec66b825b504d752e8c333bf81dacf |
| SHA1 | 56896d3e6011466b7e6631c714c57e20ee8366d9 |
| SHA256 | 5fc09af94a447fae6f82c00f15dfaef9eae7c560e6cbe46d3e84524019a574aa |
| SHA512 | 8cb838589ac4f9819b7e2204517445df94663d3217297212973e8b2d9fece162155130ddc783e7e89ef2832d38bace731b2ae3b73aff36ad782c707813bc52b4 |
C:\Users\Admin\AppData\Local\Temp\+JXF4597361929477131352.tmp
| MD5 | 118abbe34a2979b66d6838805c56b7cd |
| SHA1 | 7f320cb81660fc6dff9cc5751f8fcc0134847c77 |
| SHA256 | d054d998ae12be33820b100e0ed3923d513fa5c79c6d4e7ca1953afeb262ea9b |
| SHA512 | 5bcad4a03ced2ce76c5ebf78cd2c1328a4ee27019807f56a48bf8a0f936c57f351f10726c176952f0cf08776a5ce53d34c14d6a848925be2789408a61678f381 |
C:\Users\Admin\AppData\Local\Temp\e4jECA5.tmp_dir1714790833\exe4jlib.jar
| MD5 | bd8451491a92b1aa5fe6d44bc9f3e1c6 |
| SHA1 | fe210263b4bdaa3719b00994e665839c8987094e |
| SHA256 | 8a416dab7b3028f3e79b41521b65432ab2d25dec9f85e220ade0157badc0dd41 |
| SHA512 | 3c1892e9f8812ed6e895936ad16f3f457f50283d88d37b45d780a1d5f0bb2751bb74585b03227d10367b9367c7c2eef68d88d914b8e3cbcca0b2dfca05ad0ebf |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4106386276-4127174233-3637007343-1000\83aa4cc77f591dfc2374580bbd95f6ba_ebaa0802-254d-4be1-a642-a8a5c0b06224
| MD5 | c8366ae350e7019aefc9d1e6e6a498c6 |
| SHA1 | 5731d8a3e6568a5f2dfbbc87e3db9637df280b61 |
| SHA256 | 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238 |
| SHA512 | 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd |
C:\Users\Admin\AppData\Local\Temp\imageio1397700649927498963.tmp
| MD5 | 4bc22d05b225a34a3ddb4f17d2469b77 |
| SHA1 | 11a7a273129b3deb9cd2c77ef1834b5643469d3d |
| SHA256 | face76c9c4fad9476a1d80483d41772c805808a1383012b1c22065e30d32ede6 |
| SHA512 | e00b03ba7550af9676c56c1ae39c00ccbae42a06011b37e3faec174ee1eda3dd16a223194824ba3f11e7d8bea78e74991af31b51a9066c3941864e13c91c45df |
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher\sklauncher.vmoptions
| MD5 | 616097195b6350dd5271aa6f30cc167a |
| SHA1 | 5e2e2d48a513ff1c4b9612e16c954e060c34831b |
| SHA256 | c0ad6503240446061d7da9181b625f149574430135e0d6ab32fb61f176c831fe |
| SHA512 | de5646740c390dcdaa94b020163f532978c11eb2d6896ff4c06197c0354e50d610926d40ff97d9a56e24b4e122d94f430efc76cf2539a989b9885d527c7654bb |
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher\sklauncher_data.bin
| MD5 | 42db12bffac56e4a4930e4b3aa92ee62 |
| SHA1 | 4328daa98c09fd77e139efe138fbd4ecf605b0ce |
| SHA256 | ac45002b2aceb188d5372b9a818329992da039b564a1261e069685c0dba8c674 |
| SHA512 | a10ed3cde6bb5afdd2bd34a2fb69719130c6821dc27eac0dd0b80fe33ff75059387aa0e1bfcdba05f5fd80edb8e7db290d0e30e03e9e700f285557d64f42924e |
C:\Users\Admin\AppData\Local\Temp\i4j5437175824312600673.tmp
| MD5 | 2544970a9292699f5c1311c2d27160f3 |
| SHA1 | 1b767d299fe08fe78d2860cce730eb5702fc5a3d |
| SHA256 | cf96f15ea83c1c1a2bd6f971aae59b0f7dac0bd02d40133950b49ac8e19f4b48 |
| SHA512 | d429b7a0daaab5e3a751101c960472460b70eca09d0be19efb88dde4deeb6f34312d3ad157176611cdaeb0600fa3b608787251d6f4309954d89db940828867d9 |
C:\Users\Admin\AppData\Local\Temp\imageio8750685964070628311.tmp
| MD5 | 8ee50698797304540fc85117d67fe39a |
| SHA1 | 2762547e578d3d4ca469b30a94c7535e57c5c72e |
| SHA256 | 90f1e2bcc7b6c2e9b5acbf3211ecb0b58f9e36b4f3db56acfc07f2a3577b644a |
| SHA512 | d0497ee7a43d35c06ea7c8052311f0c4c9d25b17329f93ba67344871d7441a77dcc381a2474656f8ef4a0f1b5bdebc906c6ec46713d04dc9ca82aa470c8a4a25 |
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher\accounts.json
| MD5 | 49752a0a39a19790fa3d12ac59bc94d1 |
| SHA1 | 1312bb92ca265a577ca152978895fb1f69ab4cc1 |
| SHA256 | 7fab60561b867a476c71e51249aaf7ef3452e42dfde01e7cd91220cd112cc666 |
| SHA512 | 4b64f1b11ea90af35e402ffa2392a9deb4454ebab9dba072710838f6448d0b3075a31a88bb74771a9c6c71c01507264ad22fc9ef19297354ebd361788699dc39 |
C:\Users\Admin\AppData\Local\Temp\SKL_TempStyleClass5840427437242871556.css
| MD5 | c335b272daae33aeb2c83e8a90461e8d |
| SHA1 | c7bcbf1905586bd39303853087e44e86a47c8b54 |
| SHA256 | e3c1fd97b905ff659aafd4220812d1747cd30bf83c9a960aca3a0b2399872722 |
| SHA512 | 5aec223b49bf45f86ef78a6ff9c21a8b6ae709fdee9254aa05b02aa2cd9aedd218b65e66a984577225b0a71ce8ddc5b43b9808b39a860915497f21c5412e3389 |
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.naming.rmi\ASSEMBLY_EXCEPTION
| MD5 | bd468da51b15a9f09778545b00265f34 |
| SHA1 | c80e4bab46e34d02826eab226a4441d0970f2aba |
| SHA256 | 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b |
| SHA512 | 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93 |
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.net\LICENSE
| MD5 | 663f71c746cc2002aa53b066b06c88ab |
| SHA1 | 12976a6c2b227cbac58969c1455444596c894656 |
| SHA256 | d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80 |
| SHA512 | 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab |
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.internal.vm.ci\ADDITIONAL_LICENSE_INFO
| MD5 | 512f151af02b6bd258428b784b457531 |
| SHA1 | 84d2102ad171863db04e7ee22a259d1f6c5de4a5 |
| SHA256 | d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83 |
| SHA512 | 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json
| MD5 | 38d5de040f836f59636acbfcb9b4854b |
| SHA1 | 50c0629a4ddcfe74dc1dc108e2d8a65545c74259 |
| SHA256 | 685d07ca85d5bb59d1e21526281281930e499dcdf9553e135f9c441c44593ae3 |
| SHA512 | 423fbaca940b262a66dad4afdaff52c95d56cba0ce8b11fd797fc40ac6ad7768f5c9757d65512eea0d9bca6e6cb9bdb0416db204158c7b6ad09dbd01be24bd58 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin
| MD5 | 098f635d6d8d9b6eb167a2a3a832fc99 |
| SHA1 | 12163efae3f650ab3d75b70c98887b5118dfbf62 |
| SHA256 | b501582c8cb4a5f568df38be335c9b3d46f975562bd2785511861a2fd6445d48 |
| SHA512 | 5dbbc21a7a5f4fa14c67975e564dcfe19d5bad1475e0979a688576b8285ee2b7785747e7d19284bb33dae3ff1fe2fa46c71fba6bf0d4c66680f24aa0e89f98fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\permissions.sqlite
| MD5 | 25052fa1c053a2c30505d5e62175e435 |
| SHA1 | 1294b79b4640067e73b6f1488dd862d2cd7b7c36 |
| SHA256 | 11a21a2466757240307e382cfb96536f60ba391296f17ac56e9fc77914fd64b1 |
| SHA512 | 28def49a85db2f4e115b2dddf17a5d3bdae890291f04b4f5c9757c78802d3d947d707db6e26a4428d5803cb7438d17903ff34bdda9ca0a4375c5452dc21903d4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\index
| MD5 | 45d406883fc3eb362c0ccd7c1278cecb |
| SHA1 | e7a23de2ab2c81c57dfc27c691857847f721f39a |
| SHA256 | e2ab6aa16223fecca9473199d1f11a24ad58291c43e451fbf7f42bcc2c1dbc3d |
| SHA512 | 80c9458fafcdc4479853b79f2d0704ff9c8342449ca5d8a7b2d25b3a71eb168a57c9fde4a83ef33e63b01c82f83c9efaa95403d075ddc0f6cc57cea89788c5d0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\index.log
| MD5 | fa729d6f6c1ce0aee67715e18e24350a |
| SHA1 | a4339bb16d047d238f9edbedc28affa0019a41a4 |
| SHA256 | 7031c476e4343fc4f2725bc100ef1f1d2ef25fbac01cb68f06fc33caa046cb78 |
| SHA512 | 060110ed8bec51414e5c5c8a4da339fd175f076f00144fafcb38cb5f84bcabdf6ccc745f724314fa0d2e0c0b48656277f69c8dccfa73343d5497b674a90bb6e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage.sqlite
| MD5 | debf32ada80a2241dfb3b9fd13ffc2a4 |
| SHA1 | 122203cdd1f11536ab975d536e39fbd594157f76 |
| SHA256 | 694b5cc8cfe554135252e03132bdca940a13bfb02e0ee205bdcff5ae7537026d |
| SHA512 | d90c80674a692629e5ef3d2d71b67133cbf69224fb6cf6e852b6b4fa04d721ca7243be2ef090ef6cc77980c186250cc82a0506b289c85f51135d955fae51b8c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cookies.sqlite
| MD5 | a4554613ffc799dd1fdb119cbcc77227 |
| SHA1 | 4a46d113bfa7b7f38cfafd8da7870bc67f407706 |
| SHA256 | 2680e6c3b206f3828c76801471e6ff49d9cccf6deaa93eb57af1ebcc95827731 |
| SHA512 | 0b09e56e84727bed7661263e018e21488d77a7e5417db8e3d7bea5114a441553ce0f22891bbeafea6f630149f28eaee8f411a1484fd4a7652d2219e74bccf0d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt
| MD5 | 9207c39f8d415b1867b5a2d1fe533221 |
| SHA1 | a533890a8b04613f72d27a7d439ff17c741d0c88 |
| SHA256 | 63723e42e61082c8026af2f47d93c28b60e0569f8083b499f28099ce403eda64 |
| SHA512 | bbe3d7d8b120d9d88385c4d3334b4cf91dd8d3faaba115518de4d931463df84e871581fb06f96b19dc8511a1f10026ddb375088ff3f477d8404ada9bc1e6b53e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 038a95e8f7bd5584c3f99c0e018b6961 |
| SHA1 | feaa021d20a70e343a12bd85239ad9039af70649 |
| SHA256 | 0008e107a2485ac77c6e224c6752f58ccbead638db55d383b0666647c79d84c9 |
| SHA512 | f126ad78fb2331245b20c3766945d436fbe2ec8353896f1b90175bf2067582fc876284c14706f72500d520c0f117d53602709f71dad5f9e74e373d71e43e659a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d4aa142e-ea0c-43ce-beee-585a4b509048
| MD5 | 306185fcc8de0806e9f3abacdc09ad69 |
| SHA1 | e31179d352cbc5d84891f1ef06d9de84c6da7fc5 |
| SHA256 | 9b2f585055c4d0d75490b6b765104c529b3d846842eed564cb5e93a9695277e0 |
| SHA512 | 102abe0d66ddfb2f157665f7ba0f80be47c988255c90b02bd18a3b291533b3d5adc4b810a2b3d43e91f4d2cdaac76c5f1e215e59e043983e21fd1c437f4ac214 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | fbca1ff62bb9c9fbd33d62e7938847a2 |
| SHA1 | 0b9df1e9e39d203a744b665c6ba16190d27ce88b |
| SHA256 | 7102ead620661e31d3a7ff430693d21ddc2236e4a2ad19bc5ed8da4bfb390760 |
| SHA512 | 8a98aedfe9ec06f18d0b1c5fd7dbc08c028e88e6f62d9fd1c2677435d2ebf0921b8e5d506c2ad95bcb42a42532707f3257a489767b9a867a8dd379eb9cc9df4a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt
| MD5 | 67b95a981d750bd67fb8bce0b5030355 |
| SHA1 | 6dc54909fceabfb9d0c96e0e40a9200aa7916291 |
| SHA256 | 2059e05b0282a145812a3861104477f40a30e68c4bc41764282601f6ad6c6c12 |
| SHA512 | a359abbd264c78491b31f10580c07bfa783aa0e669c1b02c3fa48f99768f7f3ca45974f3902cf006967afdf1611e3ff81512039fee03a54ca6e6d4707b2e424b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\8b6e71d2-6f6e-403d-bdc7-8cbeab97e352
| MD5 | d83a1f2c1f9ede5b36c42e2541935992 |
| SHA1 | 5aff57ecc62e050814b8ba00959697e72693553f |
| SHA256 | 6dc45e93ff41b36bcce61e3083b773caa2da2a0e3406ef76e97421310a8dfdd9 |
| SHA512 | 94adc85da874d986fe04e99cd476eaa38bf8cf08a1b7bd106c3b1f9083544e7ba6133c690b95df807e2326a4af27e5f6e0daef4756d127e4bd05622401703e0c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 64b29e316ddc56896f299f708c771138 |
| SHA1 | be8b2aff02aa0a6f530121f92c6850df06d37469 |
| SHA256 | d97d9c6dc363ce5c517e777cce8126e6e284dc9dd1810b765ebd15b20690f22a |
| SHA512 | 4722bbef3e998bdf8b4359b38596ec34904717d9f30984c3a280af5ba6d7f5f01ac902c56da3fe0189f143cb88676e11ed6d9627aa1b79aefe4c6420aa5d95ac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\events\events
| MD5 | 9cebd3f50eb9a3d2f84a84d82aeea34e |
| SHA1 | a56c3570fa294b301df5fdca4008fd76fa70042a |
| SHA256 | cf6066120f0fe0e7bd423e05c50e15ac5443b9a8674d8f6554af796bafe41769 |
| SHA512 | 41f7380dedc98ab7720e70d217e8b3e1c509ca3a367ead8f98be5049e382efe46bff46338d19880ecc317a7a068ac608542d1d137401779b5394af98bc0b3005 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite
| MD5 | 52f81dc1949409647056ecb7b7b2775f |
| SHA1 | e746d8bf5f2e5c07d371833685a0d6317cf3859d |
| SHA256 | 02ea9271575c3da7a83e99d3a1c068a4bc6a84d0bbe083a1b5fba7541ade4654 |
| SHA512 | 18423ad9ccbf09689f8b2f4b3f7e3e4258819a929aebf1366f52875eb2cb72c320e04d42785e6505e0ce330757567462e6bd9e8052f956f9e7c6451ee3989f8f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\favicons.sqlite
| MD5 | 101247fea8ec2cf02a32b78437b770d3 |
| SHA1 | 1b721902a6a448d5ef23c46b7973e0fdf52eb820 |
| SHA256 | d53aec18c789f0ac6e87c0a14918190a48d1b91dd83e3af96b553712756115f3 |
| SHA512 | f24f7176183de45f72515a396a4881daab93b2209230aa63e83cb7e0120cb4ccf2ab13a2a74734d2f5e3765bd7c1400530a73364eff809da489ec58a3421c3b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite
| MD5 | a35b2ae2d4664e541761d6071cc1fee5 |
| SHA1 | ed033c0403aa5e93a0f5a082c818a97e391f3f47 |
| SHA256 | f792cadc16eacdde791001bcf62ab3010add4a2bdc297e1eeca53f0c5e5b3b34 |
| SHA512 | 1ce2116ea1c56fae128214fc134863dd3832f2d429d3b55d4497072585b813cf4c28a82ea2e794ddfc7750cab7977f3a4af4c91aa09ac1e6ab7dd325cac989d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert9.db
| MD5 | 9ca000a0bbce4ae88d0d75e81f630404 |
| SHA1 | 9b2380d97a0d77081b22e3ab7071688c573eb637 |
| SHA256 | e113485262ff51848347e9a15ac38a3421537aa06c7e3060699c82f2ba1417c0 |
| SHA512 | 470e83127b15ba0d6da6576c4d41231ae3f56f4d56de46e81865cfd59972e7bfb11525c26c30da36baa5769d78c63c84f04eb5ee5c2e896b20cec86ff77af14c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 34ba09b33f64c6be138b74bf68503e54 |
| SHA1 | 60960511c231615255f5c838a582439b860fefac |
| SHA256 | f0332f29fe1327764cd1dd331369678bd858c364e625d1883a5c28e16cb0c73c |
| SHA512 | d8dc989adb073fc99ce50ef952b33c84e8ec42fd2c8273c4846b550835682a6b759cae15329fbf7893e1521db47b4bc234ba317bc9ff2fcb558b26732b18d8db |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C
| MD5 | fda1555824339c596c576643aab1ca49 |
| SHA1 | 419ea888d65fbdb87eebed859295a600ec1be5f4 |
| SHA256 | 3ed17f03c33fb305c22297ac40bfd01e55e1fb908dc57e51f4733a8705f69ba0 |
| SHA512 | 2f29804754a7588273859a0ef05392e7d57f89a3cf9729598b21bdbd3aac04fdf82a69cd2d8ab5860392cd3724319d5858624a3892ef825e680817db0f7211df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\formhistory.sqlite
| MD5 | 62237228461d36a521b3046c9ebe543d |
| SHA1 | 039baf8d61896f3ae462d6a1c337196afb29ae21 |
| SHA256 | e30b8ca951675088a21f75853b689347f38553b435de4530d096ecce2d58a661 |
| SHA512 | 656b4fc9827591d5b1ca4bd59010f20d69e83f5b1eb1828e8ebf702b652e1d85c3134dd60d64ec1ef72ce7ac059d33d622cb99051b8517b7be1678e094126c5b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 57d21d129f04e16170df1ae011eae7f3 |
| SHA1 | 52bffca93e3312973326c1e4cee4daf5e3238a74 |
| SHA256 | a9f4123289ecd4bd4706f3444fcb1657aff6fc7bcd17cc5860c02b11991835f1 |
| SHA512 | abb778bd1cb1d6b26ad68d0b394b22e7cc945b4aec3edca6e1bfd1d45ffc65bf7b5784464729068f33a511302590923346326fb31e11885789249e2b2e346474 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Cskmedix.pl%29\ls\usage
| MD5 | ef5bef2c23533b20775817e0acf08128 |
| SHA1 | 7e6292d37817cb31904c13795ff44f14e69a7678 |
| SHA256 | 0ef72b88336bf69ce23a2f09cd08268e0eb7ef6ce19e7fd0632c7179a22f7f31 |
| SHA512 | 61c57a8772cbfd11f9118704795d4ac30259b447ab34575ae25636fa1f7138d015e89514ea9025abf3fbce791cf597023a3ac209ca3a27031aa2f01aff2cd0c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Cskmedix.pl%29\.metadata-v2
| MD5 | 7f843187587ded2fc81ffea60f2e0339 |
| SHA1 | b75e4234b97c092000999e51d42f5b02e60b900a |
| SHA256 | debb8dc821a7cb086bb6a09cbc2318bcd5426b7ae4dc1e6307e2723b1038617f |
| SHA512 | d14b2e68a9f5f7f80de2eef8c2156ddb180ba891cef9e7ac335ef96cbf4ee7c563c82f253d7510815184bba565842b91f23f0282ebc4244acf532d1c73141376 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\ls\usage
| MD5 | bd528fcca9960597ca63fa020c5b1082 |
| SHA1 | c0ae420c7d6a6487479a757894bdb61ef76a64b5 |
| SHA256 | 89ae79ea8815f86407797af5e46f32547c7920320e427a0b1818a4fd1b82208e |
| SHA512 | 0eeef6d2f38bbfade7f7b992efb37e93b886dc82035eb5f518ea6c729d1a7d672c033f92dc88fda27b3f99e96f6a05e6da5a901178e3b2f29276b93b5abb5fbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\.metadata-v2
| MD5 | b85ad3acdc3748abdd4ce4894fcaaf73 |
| SHA1 | 12277eeb5899e1b33f57a1a6b4e9f920a48feeb3 |
| SHA256 | 89117e18bf7915c54bd8aa2289c5a0cd3f279e3756a9b4b4fc2705a36bd4a21a |
| SHA512 | 5030701858889f72f12b6687759ac6301b62461f316fd17039f6f3d83d09b6c9ab27967b2fc235e8fa4ac5748c8dbc5196519db61b73dd059cc4e5bfb029fb1f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12016
| MD5 | 2cc569bfac2b59817575450571cb667f |
| SHA1 | 6386165aa56c121e41aff04942d4b1dc0182abfa |
| SHA256 | 99f8133f96c9de9be341475c55ae4fa8607fc6265d3e0c5e2fdb02602dab0fcc |
| SHA512 | 6838fe77cedb80014b73c775c089fe5052eef509414b5b7407776fffbb209e3048b208ede4d3e522de8934cbe29e019d2aa8cf4cdf24d83fe343697df9435afd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25191
| MD5 | 04cea0cd4d957f0e192db9749a0f0148 |
| SHA1 | b933d04eb498d05b5da1b077dde0340bcf214a12 |
| SHA256 | 0a57dff807b166a5c6531f1986e6566a5826cec23122a1fc9e37c6c098b0e569 |
| SHA512 | 03e9c8971e29b128ae1266f6ed2092e0669db394536b4a8aa007e2edb1d1172765e81883db17f8d24e51e3c51feaf810dfa2cfc23bf1d506d5fba7586bf7b31a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21925
| MD5 | cef4aec50664920c6c24b4285558f152 |
| SHA1 | 480aba0792f91a606133f3ac45fc0b4922029c2a |
| SHA256 | 8831eb6aad16646f748fc34cfc83de885d27199a3331c3d24e5cfae3dc258b0f |
| SHA512 | a3d34c715c1b13fd2df4504420e63e275ae8481200f4c85f99a373d6c7514f973812574e9d89b97e3953bb6a1db8cdcc1dfa7e93b6d55cebfdd9659d84aff5c7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25798
| MD5 | 4f27849dcda948f9d1d61fe97c4a2bf5 |
| SHA1 | 8065691e2b55167b2b0316984402f098a4e4d426 |
| SHA256 | 3ed448329bbb48a288c70a604784fbace4d8156dc93722fe77c654eccf83dfb9 |
| SHA512 | 176fa15d9640737280ab9124a8e09e021db782f4208d609af0ede581521d6cfc3a0ed2860d6c8795e2cf59592b0b3eefc8023aee1c4b767e492a44bb0d9d6f14 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22532
| MD5 | 6d00e05552dfcfa34ca0f99082a7fef4 |
| SHA1 | 94a221a6007060284379a167dab9b7b3bdaada24 |
| SHA256 | aaaf9e7c6810716482a3b9fd4445ee84f8136fb5571e1eb8442b14ce10e2c186 |
| SHA512 | f79c4a52e54dd2c4c112abb103c91faf4ab99cd932fb5a7be9111caf8230786e8991d53f18fea5ab9ccf168fcfe22d7eda854ea0ff88cdde8308a4853e3cd9d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\19267
| MD5 | e1cdc67eb73b47cb98001c8a76423b77 |
| SHA1 | f958735ec0904fc220cc38751cda30b2587157b2 |
| SHA256 | 439bf8c5df4f6c7d645a94040e8de2b889aae90f978ecb6a7fc752f567105374 |
| SHA512 | e729b319daf48b2d40b27d116f4b1fcf38d59eabc82f28e0b3c09d8dc5b5dd44da398740a8075b66d951a6e80c59b39b4b8f216e789829a807cb28e90fbd472a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 26d651fb1a5ac6059fa0b49dd9330728 |
| SHA1 | 422489cf56bdc0a376bff824c5e3817d6f726679 |
| SHA256 | 7b6515319a1904ea151e361a85d223a6be64c8adc49334be4f4dcb55722845ec |
| SHA512 | e50020f7ccbf4ade858c6928e58d86f8309a19894de6ed0ba742e802cd66a46e8873c2f40ba0bd3e2e973f9bb69cb4a43fff258afbc939e98dda557ec4fb3258 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\26207
| MD5 | 24fbd8d34db747b35cd422dd19104820 |
| SHA1 | 7ec5950128d138c10160b569709475ade3da39e5 |
| SHA256 | 1ea7523ab1723097d2748e5974b2d422d047a2ff3bf8054853b594985d2daf49 |
| SHA512 | a459f2b703d9f8a9e6f23a37f7a69410f340b19525aa09f1df7d36f1319df3c3000e4c3dec20e7a8eb37f6bba6820b106929eda097f218badd4bebfa4f51c5e1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22942
| MD5 | b0822778f4b2014596374df7d8ec7724 |
| SHA1 | e9a3d2a98ded86274b225ca7f679b3191eb223b7 |
| SHA256 | a5cc48cc81c900f6b0652efd3c11408c38c714fe0097a64b712c9984154d9676 |
| SHA512 | 51d9066db91c093ed2a4245b163646c7929129b7010bc67075ace99ff183095cda2f894912c1f71b3c9bc23ec27629c4e9b877d8719bb4e9bafe9ba54c6aa71d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18217
| MD5 | 7acd6833e24cff702eee83992b5c0987 |
| SHA1 | de174fd744febfb9ebf3cb09024d2e2ba67534d4 |
| SHA256 | 26c0e494aef34738b89bef9f4208a2f32ab9871917de429bb5088474d3610fb4 |
| SHA512 | 19ad2865a5bba0639a5735c0f6f161c29025b256ba03812f1329e01e672335418551845b15cc9e8ce71e34d288906a9fc7ff857be4929ece7eb8acaddcab67e9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\23497B1A0ED28AAE2C6D515EA7BD9531C3020BF0
| MD5 | 1adf1d59633083ca073f351679cb4eb3 |
| SHA1 | bf5903003db43ea81ec36caa538719ff599238a5 |
| SHA256 | cdfeab4f8465668bb5f82653087fbe3e56b55588cb44092edffa907d629c5a92 |
| SHA512 | 627fd311abbc170813cfcb9d063f5f48a9320b43769733c138909b9f40c95dcd4bc69e07002a8f2787582f03b16a89dd18df1ecea3468e644d9cc2c37d2d9b7a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++open.spotify.com\cache\morgue\120\{a62b87d6-d776-4a1d-ba6d-d8de18681178}.final
| MD5 | a8a7fd2141ad855f81d1ddf519364693 |
| SHA1 | 97f7f3f17943dee44dd352681985a0f7293cac91 |
| SHA256 | 43648804333d60ba9cc91e77ab8216c723b2fb71f8a75dd4892bbaea53184e19 |
| SHA512 | 69ef0b52e9f74a10e27e625d65a202b620cb810cae0d6812d306331f4a27824dda4b21bf6f83b9e8cf9a3156bdb7e39e11eb52bda0078f37ec437a54e8b48fc4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 1174ffdf635b04dd16dccf89b0bbfa0b |
| SHA1 | 90d97ec441cf2604a2af6a04bd396d76378396c0 |
| SHA256 | 36a78df592a303a00bb51565528c3c903edb7546d3d2f4ac44424615de04d690 |
| SHA512 | feac0168d9bfc12fcde2357de5b3a4d4cef7b8a4b34399dc10dcf8e55d731f3eb97aa50cc280409d6389f18897f5c7c6b63dba88bee5dd3d563e5e34bf3c97da |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18990
| MD5 | 4b4ad4c2a358ac92750cae282d761776 |
| SHA1 | 02f5790d9898996ee0b3a80facbf3a70cb9ba876 |
| SHA256 | 456ae5a6e3da6af7512ad1af90ed0b674c6be16435d2a600389cf9b47708d58a |
| SHA512 | 87519c2f3ff5ee1e266578ad87c56d4bb201ad03b314a63311e74cb1941ddafbe6bc450d361bad329249909990ccff79b093f7ddadd2c36f144fea1d9f863fbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24928
| MD5 | eaf76453a1885d46479aa34f95cdee1b |
| SHA1 | 426131d60f26c0b082a9d1d12a5d7bc03ca58517 |
| SHA256 | cf24ce9c5739ff52ba7adbf615a711e36c464498382af1f0641da49bd03980c4 |
| SHA512 | 1466dbc033677e0b948420021eb88b509050f6e3811db1efc08ac05592e0912251eeff08d6a496f344fc62a136cdb93af94b8acf77f25a949782d6751a331313 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 09c775b1dc56a24bdde3bc03d97414bc |
| SHA1 | f75d00cbdaafb0673580ecb8230fc352fc0c96cf |
| SHA256 | 3bfa148d4dff4fcecfb8472491f3ee39f02eb6e038aabe2c65ff00cccb614dd3 |
| SHA512 | e748a3dfd54a7e11e3aa3395bee644e17999da86ffaef83c2c6b99cbb42e1e57753d6a875ab52a4c75728c1faa99bfe17e89e24b79f83d32b98e71de4cd80c48 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b5d253894269a44eb76f202c9d8c966a |
| SHA1 | ba353ac4a6007ef90bbd2484d42c649383ff0529 |
| SHA256 | fde6c76f3ea3cbf99b1d16f768af2559b5bd2d71c776889294c921532b795aca |
| SHA512 | da9e71d3c8896bbc93b9c2b9a8353618322baecd2f37177d5b44e504b86490aa55345dc8da1af37093f121c628ec21d05e529a2782c01319d0d562de0a992f43 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\10906
| MD5 | a7eecac23ef4649be7dc8c89d4846fe8 |
| SHA1 | 28e2c0b77804b9a3724e4fd08d20a26d7c161a3d |
| SHA256 | 85801a6d046f7d9b157efec4ef2b8eb515d46fa44eb6a9a95395841a25bc3467 |
| SHA512 | b3a81093150ebe966fe75277ddc0c3c4e84a1b67df930367fc0966ee7d12baac2c02c71d86d0374cf8c773bfc40cf52c2c9752e6fb5e60d8c5890447dcf6ae85 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12175
| MD5 | 27ae9a77ddd55e8954520805538c4f76 |
| SHA1 | f3a8baac444bdf2cb1e415139ae63166b19cadc4 |
| SHA256 | 40006997f2f0ebb5def319d5933d848db934e504d98cdfe1687e834017b959d7 |
| SHA512 | 0314efade6d744cbef75a14022789bf2ea1ae8659ee7ecb2a1c8036372a20415a6d63dc0b2b0219fef358f15bd5b68697e9c1fc56181e8f83a28dd029e421b7f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FD8B5A19DF57620BA56D7418AA339A3D779BDF33
| MD5 | 34a9e28124f9d2353918f560c91165fa |
| SHA1 | 392a9467a28de3589e6b831aac5ece47c25ba066 |
| SHA256 | e1600fb5386ca419986c8d1eca99b69d01b3c9768bc8c0d89788a9b65c81a2a0 |
| SHA512 | dc05e881a7810eb5fda61195b618eeb69f1634ceff1e155f7c389b35d4012bbeee5063385723d307e5d5f9854d546b8a6edfb8e0d61082b5fc160edd43ab04e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21878
| MD5 | 1ed61678748d7df44e8eb413b7bf5379 |
| SHA1 | d61e61aab527f3f0ed7cd05b85ef5cb675db0556 |
| SHA256 | 63dbf530c2d1a86124d403b1d5ccc5e98375bc4c89b567a7135c41b861fe2703 |
| SHA512 | 5e946d28f50ccd48e7325c07918426748040f3e94a2155071ea0a15c77ee84e84fd31f48a3bd77ac3789ab57d7605852b4a34d0ba9a699754446ce0bfdf27b73 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\15361
| MD5 | 5ae02d34d43c6380c94be7fa7d77d7ee |
| SHA1 | 3f42765b691b15d88d8a6493e61e083257ff3bbe |
| SHA256 | fe455341b59cf8da8258d5842e98581776f00a7bfedbf468797c6a6247c59bf3 |
| SHA512 | 3475147828dbc9616a4828af9bce36f054ab6847e4068812188d429c1b78c0a51329b670e777ce8449209a5e70363480e2b8f13bd8dc0c40ee8b5a7f8a857566 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\28346
| MD5 | d504a0da6af059483421be85915d922e |
| SHA1 | 65c62fed7d5a5b6a18ce8c0423bb162a1fcd9483 |
| SHA256 | 506d0b2fe1bc6bd6e84b88bed532de690cae6bf6c90ffb99f0ebd91c2c001c26 |
| SHA512 | 01db253b5e9aa433555427f0edfe3e11353d9c8bca2f7171f14a00a85da874c89f184cfd6bee050b69188e61a25129f636495bffaa55994ca0e33922b64560fa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f826cc75a2315542a45f6a228ebead65 |
| SHA1 | 228bc08c95e32e7f7dd97ee6a140e283a45cb8d2 |
| SHA256 | 67365265b71025d972e579bf237f9655014ddf0d2d03018772814e05bc89ceb1 |
| SHA512 | 12c3710638470ddd0a7561bfb01e138092e624e39ed7d8ffa44b1bb53d976929452efce9589e1a871b522f91a4d72348308c3e52b6116f7cae272fe0c1634c49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1586
| MD5 | c89e28f007ccc7a291fc614569ad0e75 |
| SHA1 | 542b4ddeb9ae5fdeb90d0b46aaad8a3808138d6c |
| SHA256 | b6bef9667aee810f35d369920a7227e19daa02e749b4790f6a5b7d7a9937ad7d |
| SHA512 | c41aa666f70539b889b56b2ae36acabd5cc2a72a68d49ff451ba36169bd0c647c77c7ced3a30242d22a6ab678ac45f5ca7e330771673e5f270a3a4f02e413384 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\store.json.mozlz4.tmp
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17239
| MD5 | ec7a996f1c4c4d7c99aada459bc876be |
| SHA1 | 2190a4f5118ead5623da4ba3e1996d1e30bedf97 |
| SHA256 | 9bacac22c451a0e087c04849eb96751b2fa7a409ae3616f3dca8f84108868698 |
| SHA512 | 545e8f098853d8171d9ef6ed4a31a1cbc314594add2c9d5326176724831ca182a01909d2264bdd0cc9a59587c5fb6519efbcd52ac2cb49e6ea257999b9c07bc2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\11753
| MD5 | 76ff2ed66b2b5813310dc09cab716adc |
| SHA1 | dc49fe3a55e9374673e6c497d64caaae05cbc473 |
| SHA256 | f652fa5add11af08d6a113c5e4a2f71e06cc8b713643ce7cace82e69555f3f92 |
| SHA512 | 36766bc9c5e6ccd736777d41dc18f29776c425efc3a020d41b4bb860c01d4384ee81d0f6f6bfd6456683904af40acea0d887f63a6f3588636ce97b53541d88a1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\13347
| MD5 | c3b52858f0f38382fdad28d99845b7b3 |
| SHA1 | d1b364ef47a119bb133fc452f6425cdfeb9bac44 |
| SHA256 | 315c5ebfa93653b18923afd8d9b02b261bc8f8c13db0ae1573bb00f93829ba95 |
| SHA512 | 205b01357dce078902312a932b0dac063e4ff8027b1798322b024534f4e4b8112d5f354c3f712e16ce4eb5e721c2216a37ec58c70daedecd338996f75dea76de |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17645
| MD5 | cde6c8ba42c3edbc641bce0b92f907d4 |
| SHA1 | c67861604ad249c1b82e834192786733cf5dbd1d |
| SHA256 | 65805385536c24490c9b8761f9a0c231c8a903bc26375acdf438b5ec5c546976 |
| SHA512 | 1411120fa933b9a05f6b11b153271f9fd1809eb10eb80d6f05c783e854313d52034d42c8167739eb9de7d92813bf51766954c2fa2144a2ec770346eef5b3c559 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 412b33c60e7ef6330eb6922017b3de27 |
| SHA1 | 0ad464d36341cc387d8bdcbfd796ee7c6746fd2a |
| SHA256 | 70d5a295002bfec362fd299310d28f3c9fc263d0a6715d3871599ad41971eef6 |
| SHA512 | de5085b7293da932ab2c9f7e9984533dee0cbb9d407fe7817c6fd09bea7ae24f214e3a341e9fa0a0c47099263793d853ce329a5b2b264e6082ba8e5bd4872a9f |
C:\Users\Admin\Downloads\SpotifySetup.1KNYQARm.exe.part
| MD5 | cc98845b2100c8598411b753cab5ea58 |
| SHA1 | a253a714fa68ff34391be3476f307c8edbf637b2 |
| SHA256 | 2bf4be1f2ece869159c1f8d5c0a8a4b806e8b9007c1bcf2193a36621f99279e8 |
| SHA512 | a48b77a9d255221e3f72cff6499f063a5aa7c0f25369734422934b6844fb0519af31215141a11c09983bd2bef737c34517c30e68dd6589b0d0808459931a0893 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 21a383d1370f8d29f13efba3527f231d |
| SHA1 | 4c96b6c16aa49633dc695b22fd3d3f297779cfd4 |
| SHA256 | e41fbc2c4cba45855a961ccf12c43f19d90d673378affdd18b28c68b5fc4b328 |
| SHA512 | 50d058cb2cda9136dec85c966d02873780efef351b24563b5fe7f1b7f1ffb0717a10fac91c9d5f87eb3869acb195aa4fd028644df778dab09d53bd4649753522 |
memory/6440-12728-0x0000000001250000-0x0000000002BAD000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980\lwjgl.dll
| MD5 | d8ea3886d9f59b514bfa5b24ab69c0ab |
| SHA1 | 2bf57942dff5360889f0e89c58d5acdc54e5f1ea |
| SHA256 | a39adf52947fafd954c2a86ce031abb8c59825f7ee50337ac8c41e4280abe82d |
| SHA512 | ba8af0415c7b0454dd8bdccf78ed59da3bb5cc5f631dd060d3cd0eaf74d8f55d7531248b6b8a995ba5b672dc0386d3fa198e8c761f2e1cc0304da0dc029bf29e |
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980\jemalloc.dll
| MD5 | e58d41175587d4355fe06bf8b8a1ab32 |
| SHA1 | 6403f8243ea983a225b3bcda6c821a0029ad9ee2 |
| SHA256 | 9abf0095066ebab37b78968e11370a8078313e48cb5be8eda01f67623c6a6248 |
| SHA512 | fc432ddb67dce8a672ac268d25f01d40c1d614e4ef34cbac6c4a2c01742ebab5d00c7ef5d9f0ef46ce0b3b6a4d5ace581fcf8c247d492c3882f561015d9e2ae4 |
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980\glfw.dll
| MD5 | 8cabdbe3d67546771b02af5d42073cfe |
| SHA1 | 2e19147110b9872a52814956bab151a7aa80ce58 |
| SHA256 | affa7e54eb0dedce4a5721c327c1a16035edbbd039cd402e08107d6d2d55eb1a |
| SHA512 | b7f46feef779e5772fc7711fda601fdda6ee4bf41d4fb87735a0b8fdc5fdbbdab23ba1760989e15d66cf9ba65409933cbce858eda169d04f13f401198245ad1f |
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980\lwjgl_tinyfd.dll
| MD5 | e7349669dee3093d266849685efecc60 |
| SHA1 | e7c3d94ad9d83f0762dfd82780d2a683d5d9b3c0 |
| SHA256 | ec7d76e6ef7a99628ef6f8b6e544294b700108c341837779e6e2c01c0bc3da9c |
| SHA512 | 41d772a4a9673db43a4584af78d5c128278b27efc01b7da47a9f8f629fd004aa8e4c63186d93b6cb7b664325272f0a291a1e80d9ae799910989171c1cdec34c8 |
memory/6440-12827-0x0000000001250000-0x0000000002BAD000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms
| MD5 | 3e64827b712d0b179bbb4704b64589d9 |
| SHA1 | 1af9f076d8fb5cb370ba9c353ed8decc636c1f06 |
| SHA256 | e8dbad0bc20ee85b96b0dd345f16348c7110fdc7870979fb908ee36b1acabac0 |
| SHA512 | 18db4c470787a71cc1ce90afaa9f9206bdfe8c12a1400a48a22c9c7f3a4c10b793bcb694c281ccaaddee18cabd19315a43e62492bf0ed95a7cc44f68eb3fc9c1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 2992a843b6825e902a42e2f2afa751af |
| SHA1 | 329b89c8904c28fb3f35d758a40bf1fddf579c42 |
| SHA256 | 7b1091bf034ae7a218f7a90425a88352bc414f57a7770c3683c22308ad92d912 |
| SHA512 | bc0215c882d33edd8d8ae40234748541684bbbe9167b561043a3ed35d90bb55fc278230f788879a6bbb614e21e41acfe4af806858d3e8ff909ba731a9fc005d8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\n8k18eEP3XVV5fxtpoQkUw==.ico
| MD5 | 27d74d899cc3eb145b9c3f4731d03679 |
| SHA1 | ab503c850078e3e0f4f5682c122cb729b6d07fc4 |
| SHA256 | 316cfafdd8b1bc8579f8dd241a1072c87873cdb11ab6b1e0f05e7d71369a6b19 |
| SHA512 | 9c92502eee1c6d8181d5a17b1b30b9a8542db4a85b4551308142aafc0da648c37ce084a6c7b6409e3780b8bbeb26feba0af9fbe8ee0bb6078b77e0bf47388c72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | d0fe97f4d35082c0ce77beb8362ec643 |
| SHA1 | 61248aff38f3fcd18741de6ffa4fc12078f90bb7 |
| SHA256 | 0286ccc6c8d5d160833af587b93edb1376b46a8a9a4be889744a6773e0bc3ca1 |
| SHA512 | 3fecda21df6c9aae2b69513c0f5c4081366379b440922400649ec13c2d584fb6affa75eea3529ee1761b763825f4b37f18e126e1c2ffa38c3f42a9cd4c1b365b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite
| MD5 | 6ff0ed7be7040846fb30175bbfb564f3 |
| SHA1 | 4f9ec6935e6d40e5d951710fdbbfcc8ba6fe4da9 |
| SHA256 | 290476623db9d4d5cb424626ffa8419692202745dfcbc2bcc64312357a6181ab |
| SHA512 | 30f5499daa6e006cef3a3b1fc5d8980ea41a6be918d4f62ace16d43bfd64ae027a9cd52e7823675b0c2f1fdc934970f1e9ad9ab161e9722d1d9ce6f6d2d7a39e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | 2ad4fe43dc84c6adbdfd90aaba12703f |
| SHA1 | 28a6c7eff625a2da72b932aa00a63c31234f0e7f |
| SHA256 | ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933 |
| SHA512 | 2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\ed9ef829-5f3d-4622-8621-8a0a3bd52575
| MD5 | 592d30ce2242bfd8b098d439b54f5d0f |
| SHA1 | 1a98457a0a283421a18c5ba9f66d57fa91a2b9f8 |
| SHA256 | c1c9725681b250a73b20cc7b744eff5d30c6eeae38988cc606d48b4efc493561 |
| SHA512 | fcc50fbbf5af130ee765390ef63d5c070c6704d1902a38e2b36a0bd855494c78eb99b84473f947b5c6f96e37d8b9ba5a95c62c6b36e1b09f2274113403b434e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\dd616d1e-88ae-45e6-a2c1-06971edf59bc
| MD5 | 16f6bc2554afb0143a54e088cfb50df5 |
| SHA1 | a61da7bd0b528916c400769d832bc3c11f5fd52b |
| SHA256 | 8481d0f22b917bf9511b164b4f709670abaddc3009a2ca7e967e59924cb800b9 |
| SHA512 | bb2bae1f5ecd87b2f2eaa85eee0cfa0048f00d6cfa533b2b3709a75552a141d2590049917d001682617444db3abf0572b606b145ddb7040c4b5199e1388b7882 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | db963a7840de1003c7c6fe0ee8370381 |
| SHA1 | 75fe298c38e4b70a66e3f9fa629506bc837cfb91 |
| SHA256 | 257dcee5f2ddda380183b364cd8c06f81184dd4544b87756564a3e05ff08b6af |
| SHA512 | 84be350b74df9ef2b7a23854600a862417d2914fd73d3d1c977c7029e789382c09108cbe2bc9375e1249303e74ef571fc963ff598e2cdf65e616f5d7e1c28c36 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8FE6BB5B069E32193FA90551D0CABC9D6A7D8B08
| MD5 | bb922ba5056ce4f336c29a5a96e016dd |
| SHA1 | 5c759f684f4922d0549540191ce6e41ae599ddcd |
| SHA256 | a3046d6a1126064fd36b4b40320216f9db0368fbb5c90870e74cc880acba3b55 |
| SHA512 | db21d0c8027e3ec669e6006c2ca69ce3af1b31a9260626d6b8dd48352c0ff5f8d598ee65fd7b24bf3231d488e3d65533218ceacecb90cd031faa66e9a849640b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A9AF614317B357EF73559D5B7C5EFB6999CD6B5B
| MD5 | d177d002ba370e5bdd026c69e6dc350e |
| SHA1 | 67b1989b51c75133e124084886f43cca2d1bfd01 |
| SHA256 | 6b9fec390d04e7687376d3add5b3f8f9a8afb65ae5174eafa463b5915cb57426 |
| SHA512 | 0bccf171b7158e8f40f35ff1a7c320914164c8ae1c27219ed1338ee8a70a60db5eb872ee2dd3236a580044754c86bf290d5ce9a8b3e026b4d79d7a7eb3ef8f13 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d3f8cfe547a662b7f69e15ec8e089622 |
| SHA1 | ec9b1474c41d9acb38f71636352eb647e8efd361 |
| SHA256 | 4b4210490f671b66ba9749ad0e84e9e34acec891573df52aadc667d1b595d128 |
| SHA512 | b7d10b895e98f4fd912853c30b512a7d48f58f004a9388691d86ec6c3130923418ea5167f1623d864296320cacd600343c4a2303dc96269b52a958458b9030c8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\3260
| MD5 | f9cec4d047d47182eeb40b4b231c90bc |
| SHA1 | 6cf8ed4214831f00eb2241c1c15601a0c294dabf |
| SHA256 | e4eaf957a70868c5c838a0a002aa606ce5874788f9289debb019464fa23448b1 |
| SHA512 | 72c78abe74763afe9ec03e4537da3e3aa2f7317c0e1b303cc422d11b4f457990c31b2a214b8262674c729672e9f830b927ee0ebbd3ffe5a566571c470a1b8b89 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\32763
| MD5 | 90ab449d6f7e4ef2d3ecbcc685c930e1 |
| SHA1 | cadbd070b57ddd92d7b47ddb5b446f4507f0d8a0 |
| SHA256 | 6c566778a0eeb42c4c724f9423f32b12da38de33263749e8d8204330ae85ed79 |
| SHA512 | 4b8cd5369ad8f5b3278970baed9976cd19c7443a57b0069cd1261459374490254cde933084552eea9feb4cf99ee38c68dc11362b36724c2a805156df3fd2adfa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\16323
| MD5 | 9bc8a42d0850e751a64cb53ee98f1003 |
| SHA1 | f836d810d71c3518c96fe83c9a182290d6cc30d6 |
| SHA256 | 3b211107ece18a679837931460ae76382bbebd02b051af1f203d1a44c5bd1594 |
| SHA512 | 5f563b82c28279764401cf4e3d24ce78ee6f32881a88b20c4e3fc96929b6250e0e4f160c17a36c0effa7930efe5e072d3c7e698f895ff5ab3f0dce7b68a28756 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2d7ed6b8d3a286c7a16f2453cdff10c3 |
| SHA1 | 0bc175e95d3d51d2e9e3ede3b15b00d9ba10a19a |
| SHA256 | 1bfadfaa06013526189a06448369ae7d3788e29e2efdb0cb74512f04f1280e70 |
| SHA512 | a3630c14c8f10faff79c8ba9a8f4725c6892e08d2a218f9fc7bc97f74b2ea0143695999582270e731c24b1ba71c767126e54ec06195aac3e1bc124e8dba0e7a9 |
C:\Users\Admin\Downloads\jre-8u411-windows-x64.D1XWpXur.exe.part
| MD5 | c352b03e421407a2aa9eb8ad3a12856c |
| SHA1 | f75431d84190b539a76d47bbecdb0c9fbdcf7667 |
| SHA256 | 6eada6e5391930544fdece53aac83be53b9b4b66bb1dd02ec9b39650eb0e7b12 |
| SHA512 | f659c09aa8632b27981ee94a6b4846edd3e28e3243c4cbf5efa42d2744e5c24839199b42129e109fab169e17c1070930f02c2c76c6f0b49aef4871a1cc7466b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 20b553263597f20c7c6f6b0a4574c317 |
| SHA1 | e7e75605ab684d5285e014199bd7e6c243451813 |
| SHA256 | 02f72736ffd279a2f66628fda1d6d8142cfe4004b844ca53954c2018ef2f9c15 |
| SHA512 | 6d2b8dc3c3bb12ab2d3f312c7cde20180babf397d40a1f01ae9ace200247561ff4c9a5642a897fe386547f8a3414ccfc79a4558fe4acf35155f96f45499f055a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5d20bf190065566a124a6ab96129471b |
| SHA1 | 6eeaaccd0e64357607bfcf93581c7e3dc7fd856e |
| SHA256 | 15b14f7b429afab372577d0ba2a92e754f46ba29e446e19d846419db7a56a244 |
| SHA512 | 90152a48116b3086e717bc0d3c8a708d4a6805c0f9cb88aea8c769592ef8635af09611441244c2051916f4799d3fb938dbc805aa9f1c02a716d32686286a7ca2 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 9f5c4807dee20e35df749052a9b6c7c4 |
| SHA1 | 2b16fd4a41999bbb67d97f3cdb9fcb1f54b7b094 |
| SHA256 | 0f7cdcc92812368bebc2a9861a004773e5fafcb9e495830fe5acb3669a7d622f |
| SHA512 | 777b1a763b94df20f2309ea069a3e2b3fc3db10fab4f799c98967cf0cfdf1de2ffb4ce9cda44860ac2a0380fae13bee452e4d23b6cd03167ee56519ef5c2e921 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | c8dc58eff0c029d381a67f5dca34a913 |
| SHA1 | 3576807e793473bcbd3cf7d664b83948e3ec8f2d |
| SHA256 | 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17 |
| SHA512 | b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | ec822112e6adb9eb96e96322cfd89839 |
| SHA1 | 8d745b8587f74415e168176b10215f38f531392e |
| SHA256 | 308b807ea50c72e520c3eec4bf9f360e75696b8013dc9942175376946073706f |
| SHA512 | 777c38d1ff7c14615167c6ea4c67b10f15b8f51ea44d146661507b07ba8e4de9105d285bdbec44db6b2a7fd831905e524c6ba159ed07bb2c75237c6085bf3355 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 819f1a97cfdc1dfd9dcb2ccd706f4471 |
| SHA1 | 6acd78e07d545c8d7fe30e9c1c07d10f7ac590e3 |
| SHA256 | 3a3cf8750b1499ed31cb91ef6026c03c323258e8cc5ed6c87039f8f0b2fb255b |
| SHA512 | 18b7b980772ac49cbdafd9e4b37dc5f52eba6059ab8bfde0ba3fee5e5b8ae66876b57191a6b6ead2de780790650a6793ba1872790768923b57c4b405eb3e7a85 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\utymd3p\imagestore.dat
| MD5 | 432e44c11b6ce57e13d2fecbfadf40bf |
| SHA1 | d1807e1f7234911616599f5b6d9bf03a6e8f5f49 |
| SHA256 | c95c7174bc6ae1f87b895dc18013e19637c063ceea7c20223ce3802777989106 |
| SHA512 | d5e3537b56f89c9ae2b23186afd99793278939b9a4862062f348c66e652972e73aab6c1626f904cb0f18e9436dbe906692c19d683170b28a3669803fdfd466d1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RML28J1S\favicon[1].ico
| MD5 | ec2c34cadd4b5f4594415127380a85e6 |
| SHA1 | e7e129270da0153510ef04a148d08702b980b679 |
| SHA256 | 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7 |
| SHA512 | c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\LU5KO5ZN\www.msn[1].xml
| MD5 | 59c807415954a187767fbff598f45afc |
| SHA1 | bf7df49f35b7bb36223b0a531560198695f9b297 |
| SHA256 | 19e72630d126e051f4f40f5fa2ecc338bd81db81a7ad2b2ef9ac10f23bb292b5 |
| SHA512 | d35a827fe4f6ca3c80fa5936162794d37b25ae8023f76003c5f31ea300347b5c3b4be23c252fab64a07c264b4214f58d3b64045ed6b31b884d745998cfa0ad86 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 1f5692a0e45358680b4f05ce4d829a41 |
| SHA1 | 66bd7695a315783b5206fd57aef1c80b4c071cd3 |
| SHA256 | 18fa8313253ea5b9274dd8b3c7aa161defde8607cf6b3e728b26123c09658fb4 |
| SHA512 | e3f710f739b75b36189f57ff199eb58cd152e35d95d4b7a7067d07692227b9d4400385ab24067abc4a987d4b5b8f0ec974993d4ad0cccee2f9108aa2340a94ee |
C:\Users\Admin\AppData\Roaming\.minecraft\assets\indexes\16.json
| MD5 | f342edb6b13da9caf67f6ab25d8a0b4b |
| SHA1 | 2424100100917826a5933159802456d10f50d99a |
| SHA256 | 65c4941404715a1090a87d5e799c70b0e5b51be9971d3db0cec2b687de2350bd |
| SHA512 | 04e8057c56c4e6c009f46c7f626b0e13ab244f01813a6186e8b1cdc3b29e5c14cfb14053b2ecef35ca612bd2f31a3b3c7adb61cbd5740fff58472dc8091012ab |
memory/10160-18824-0x0000000001250000-0x0000000002BAD000-memory.dmp