Malware Analysis Report

2025-01-19 00:38

Sample ID 240504-c5lynsec26
Target Styx Client Latest.dll
SHA256 2d1307efa269e7f18f1818e672c028c76de3cb3c8ec3cd3c2bf9816bddf1a8de
Tags
themida microsoft discovery phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2d1307efa269e7f18f1818e672c028c76de3cb3c8ec3cd3c2bf9816bddf1a8de

Threat Level: Likely malicious

The file Styx Client Latest.dll was found to be: Likely malicious.

Malicious Activity Summary

themida microsoft discovery phishing

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Themida packer

Loads dropped DLL

Modifies file permissions

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Detected potential entity reuse from brand microsoft.

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Uses Task Scheduler COM API

NTFS ADS

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies registry class

Checks SCSI registry key(s)

Modifies Internet Explorer settings

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 02:39

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 02:39

Reported

2024-05-04 02:55

Platform

win10-20240404-en

Max time kernel

920s

Max time network

875s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Styx Client Latest.dll",#1

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation C:\Windows\SYSTEM32\rundll32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation C:\Windows\SYSTEM32\rundll32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\plugin-container.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Windows\system32\SearchProtocolHost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\system32\SearchIndexer.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\INF\netrasa.PNF \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\INF\netsstpa.PNF \??\c:\windows\system32\svchost.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Mfg C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 C:\Windows\system32\svchost.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d75c3648ce9dda01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice\Hash = "XloccveKy4k=" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice\Hash = "Ic2WjTjhAPo=" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice\Hash = "XRrqw2b8yJ8=" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice\Hash = "0/XC9kmCGRI=" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.crw = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000631eca42ce9dda01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice\Hash = "q+XwNltmszk=" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jpg = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia C:\Windows\system32\SearchFilterHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jpeg = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.bmp = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.cr2 = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.mp3 = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice\Hash = "GW4N77EiL3s=" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice\Hash = "JS+FGoXvaCU=" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000024ff1e44ce9dda01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.MOD = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice\Hash = "6mHckVCEABg=" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice\Hash = "j/tsYAYZGa4=" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice\Hash = "wCZ7VtG/eZ4=" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice\Hash = "B66vHGrjmZM=" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4856d724ce9dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.msn.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5a04a42ace9dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomai = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\discord.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "122" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c01c476acd9dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\SKlauncher-3.2.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\SpotifySetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeCreatePagefilePrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: 33 N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241363312.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241363312.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241363312.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 4268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 2496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 3608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 3608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4268 wrote to memory of 3608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Styx Client Latest.dll",#1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.0.887999712\4506403" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1668 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {973c0e19-468f-4676-a9bc-9a7e3cf7dc30} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 1764 110bd7cb458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.1.446050010\874815219" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cdcb06f-ad29-4352-aaea-30588d917ee4} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 2120 110bd13e058 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.2.1730042422\478737894" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2700 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca3adf41-11dd-4081-86db-3f012e2dd24e} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 2872 110c16c9b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.3.1237374397\336167953" -childID 2 -isForBrowser -prefsHandle 3416 -prefMapHandle 3412 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70f24b6b-1cc3-4684-a48c-4234f10f1995} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 3440 110bffad058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.4.1307325138\1903305291" -childID 3 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3ea410e-b63b-4783-88b5-d4cc2a6295a0} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4044 110c2d67358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.5.2137342071\346219502" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2e490e6-e1bf-4504-9b89-71c9ec27574d} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4828 110c3e90b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.6.1978944985\1706004815" -childID 5 -isForBrowser -prefsHandle 5008 -prefMapHandle 5012 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4551e302-0f90-48ef-a9ff-a16fa5980735} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5000 110c3e90258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.7.1661281400\290559133" -childID 6 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c286bc1-11f6-4112-8373-4d1d4515b70a} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5184 110c3e91d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.8.1294526182\1450361678" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5616 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a690a82-b350-4099-8538-fbdf0ec4b531} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5608 110c4d47858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.9.1108011127\1032360864" -childID 8 -isForBrowser -prefsHandle 3780 -prefMapHandle 3776 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {456f2dcf-4a7e-4d90-b771-95064cd7026f} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 3736 110c4cd8558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.10.1684406509\1525640244" -childID 9 -isForBrowser -prefsHandle 4404 -prefMapHandle 4464 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd05fbdc-716e-4f01-a1fa-18d9ed958f57} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4372 110c652ca58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.11.2086820277\1980549273" -childID 10 -isForBrowser -prefsHandle 9808 -prefMapHandle 9800 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64cc2019-a515-411d-bda7-33184f58c6ae} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9820 110c6e8ca58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.12.1862435797\700863164" -childID 11 -isForBrowser -prefsHandle 9656 -prefMapHandle 9668 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a93652e-333f-46be-9bc4-34a17611aee0} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9620 110c680ee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.13.600509945\1384528513" -childID 12 -isForBrowser -prefsHandle 9432 -prefMapHandle 9436 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a61f0e25-33bd-40c0-88cc-f97293089635} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9424 110c6810658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.14.1263421710\1911442167" -childID 13 -isForBrowser -prefsHandle 9284 -prefMapHandle 9280 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2a52eff-ff29-404c-814e-418e522610e4} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9292 110c6810958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.15.544954875\1219671556" -parentBuildID 20221007134813 -prefsHandle 9220 -prefMapHandle 9052 -prefsLen 26795 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8b4fc45-1b46-48eb-9ba7-632d633f8704} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 4944 110c7947a58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.16.1274785811\1815818950" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8972 -prefMapHandle 8976 -prefsLen 26795 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eda52076-04a6-4806-b7ae-a0da571dc4c9} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 8964 110c7949858 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.17.1855343261\663382790" -childID 14 -isForBrowser -prefsHandle 9036 -prefMapHandle 9668 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e3d16fd-1c4c-4aa1-9931-866f5d81a513} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 5228 110c4dcb558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.18.1285229568\462011077" -childID 15 -isForBrowser -prefsHandle 9764 -prefMapHandle 9760 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c7e00a0-6ed6-4240-b196-bd89ac92fe38} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9320 110c6810058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4268.19.1976157023\85722970" -childID 16 -isForBrowser -prefsHandle 9724 -prefMapHandle 9752 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd11a12a-f722-4785-8a98-d700f64bd65e} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" 9728 110c785ae58 tab

C:\Users\Admin\Downloads\SKlauncher-3.2.exe

"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j1321171856815587400.tmp

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\SKlauncher-3.2.exe

"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j5437175824312600673.tmp

C:\Users\Admin\Downloads\SKlauncher-3.2.exe

"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.0.310734679\261061867" -parentBuildID 20221007134813 -prefsHandle 1552 -prefMapHandle 1544 -prefsLen 21163 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c42c6795-e115-46eb-9234-a269b21a4725} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 1644 228d4dea658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.1.999463985\584035123" -parentBuildID 20221007134813 -prefsHandle 1984 -prefMapHandle 1980 -prefsLen 21208 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1bbd1ec-4e26-4956-9f7e-3caad0320ca9} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2016 228c9edeb58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.2.644084541\1739429455" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2588 -prefsLen 21669 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c82a400-6680-4730-8df2-a543b93e6a01} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2744 228d894a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.3.547506423\1670157360" -childID 2 -isForBrowser -prefsHandle 3292 -prefMapHandle 3288 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b00cd98e-c7ec-46ff-858f-1e53cf9c285b} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 3300 228c9e2db58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.4.1609226245\429034330" -childID 3 -isForBrowser -prefsHandle 4260 -prefMapHandle 3068 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d9eb0e-006a-4a86-92c4-a086b857ada0} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4272 228d9a68b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.5.1164091640\762926058" -childID 4 -isForBrowser -prefsHandle 4616 -prefMapHandle 4604 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e23c6852-a27e-441d-91ac-7f4c7d84ee0e} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4628 228db55ab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.6.331032107\10059452" -childID 5 -isForBrowser -prefsHandle 4584 -prefMapHandle 4484 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dd9139a-b1d4-4001-8a2a-7080867da6b0} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4796 228c9e61658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.7.1947744249\1925958596" -childID 6 -isForBrowser -prefsHandle 4076 -prefMapHandle 4952 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e37be63a-f43a-4332-8033-cc5ed3756876} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4968 228dbfc8558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.8.181608869\1441843822" -childID 7 -isForBrowser -prefsHandle 4484 -prefMapHandle 4776 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51b4bbcf-75ab-4f08-a7ea-f4d3c84a2734} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4368 228dbfc8858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.9.430830265\1510079521" -childID 8 -isForBrowser -prefsHandle 5152 -prefMapHandle 4360 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {982d0d4e-6f0e-4d97-986e-54be2f9dd784} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5320 228d500f558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.10.850578388\1594658401" -childID 9 -isForBrowser -prefsHandle 4808 -prefMapHandle 4604 -prefsLen 26847 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20078405-df0f-4577-908b-2920fc9cf05d} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4888 228c9e66b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.11.92302279\621752347" -childID 10 -isForBrowser -prefsHandle 5644 -prefMapHandle 5752 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85b15e4e-90a0-4e8c-a3ad-74923f90b1c6} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4740 228de136858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.12.1762295337\1763708352" -childID 11 -isForBrowser -prefsHandle 6676 -prefMapHandle 6680 -prefsLen 27278 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {644539db-f181-441f-973f-3f8a23d9ec64} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 6688 228d9944058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.13.1448508076\1789163842" -parentBuildID 20221007134813 -prefsHandle 5912 -prefMapHandle 9780 -prefsLen 27549 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {721358c6-c7e8-4d69-8833-9be1d25a3add} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5940 228dcdae058 rdd

C:\Program Files\Mozilla Firefox\plugin-container.exe

"C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel="3384.14.1821759852\1634228517" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0" -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb19ae84-9c79-4686-91b1-07933724d733} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9796 228de11a258 gmplugin

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.15.2097297651\2122868500" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9376 -prefMapHandle 9380 -prefsLen 27592 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecb2a4b1-dac3-44a4-8177-ca9a193fd466} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9368 228dbfc7f58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.16.966661437\2128033485" -childID 12 -isForBrowser -prefsHandle 9732 -prefMapHandle 5468 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09ba4202-d712-477a-9aac-040b8cc9ae08} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9180 228d5f36458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.17.444572219\2089001540" -childID 13 -isForBrowser -prefsHandle 5668 -prefMapHandle 4856 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {880e36f0-8b8a-4273-b574-3c9fb1a49901} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4712 228dd51a658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.18.572836789\1815724653" -childID 14 -isForBrowser -prefsHandle 4804 -prefMapHandle 4280 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48fdae18-0929-44ba-94d8-ff5055eaa871} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5148 228ddc5ad58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.19.1949508474\1485909952" -childID 15 -isForBrowser -prefsHandle 9328 -prefMapHandle 4728 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8006380-fd52-4426-abbc-4abeb8625e07} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2700 228d7989958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.20.1253596689\1815879573" -childID 16 -isForBrowser -prefsHandle 8932 -prefMapHandle 8924 -prefsLen 27592 -prefMapSize 233583 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e9f78c-fa70-4594-8da6-135708d49844} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 6568 228dcdace58 tab

C:\Users\Admin\Downloads\SpotifySetup.exe

"C:\Users\Admin\Downloads\SpotifySetup.exe"

C:\Windows\System32\SystemSettingsBroker.exe

C:\Windows\System32\SystemSettingsBroker.exe -Embedding

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservice -s SstpSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s RasMan

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe -XshowSettings:properties -version

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe -Xdiag -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=16M -Djava.net.preferIPv4Stack=true -Xmx4096m -javaagent:C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar -DMcEmu=net.minecraft.client.main.Main -Dlog4j2.formatMsgNoLookups=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.jndi.rmi.object.trustURLCodebase=false -Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980 -Dminecraft.launcher.brand=java-minecraft-launcher -Dminecraft.launcher.version=1.6.93 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.2.9\brigadier-1.2.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\7.0.14\datafixerupper-7.0.14.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6.jar net.minecraft.client.main.Main --username aidswalking --version 1.20.6 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 16 --uuid 2fdd2deb1aac362294e5f7983ce027d1 --accessToken 8cb5ad04f9f04b2abcbe3775a0ca1aee --clientId 0 --xuid 0 --userType msa --versionType release

C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe

SpWebInst0.exe /webinstall

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s RasMan

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Spotify.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.0.126913019\354562248" -parentBuildID 20221007134813 -prefsHandle 1584 -prefMapHandle 1576 -prefsLen 21530 -prefMapSize 233967 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0fd53f0-ac14-4e97-892d-05c1b1719b99} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 1664 24819dfd258 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.1.75264054\35064039" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 21575 -prefMapSize 233967 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8fac820-7d65-48c7-a5a1-fb5f1021b5cb} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 2004 24819a38b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.2.1828580436\1153027785" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2676 -prefsLen 22036 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a025ec0a-04c0-473f-af60-0106bbdcaa2e} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 2692 2481da95f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.3.1619355321\77165057" -childID 2 -isForBrowser -prefsHandle 3320 -prefMapHandle 3332 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25c98c3a-bbb6-4dc7-b458-2e6a6e41bcf2} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 3340 2481eaf1358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.4.2083619640\1980051544" -childID 3 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {127d64ef-523a-4a3e-a60c-cead13d73215} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 3764 2481f577b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.5.2026837024\1053859198" -childID 4 -isForBrowser -prefsHandle 4676 -prefMapHandle 4672 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1bbfaed-7f08-4057-9869-0700ad381ced} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4656 248203a0558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.6.1699818969\1031350807" -childID 5 -isForBrowser -prefsHandle 4856 -prefMapHandle 4864 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d577b92-2589-4549-9ceb-dc964d4b2fca} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4976 24820f3f758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.7.1816067351\775385385" -childID 6 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47b3398d-1a5f-4ce0-8bd7-5e5f36b0e6ea} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4996 24820f81058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.8.106995842\1026413713" -childID 7 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d0ae3f2-b839-4c1f-b51e-cccb1a7b6c2a} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5392 24821074f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.9.69263752\298070589" -childID 8 -isForBrowser -prefsHandle 5420 -prefMapHandle 5552 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27e260fe-1f61-43ce-b2a2-7330da89531e} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5616 24820fb7b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.10.915848417\1108271500" -childID 9 -isForBrowser -prefsHandle 5860 -prefMapHandle 5812 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb184e33-a1c0-48ad-899c-6fa5cafaa3d0} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5292 24822485258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.11.227735943\385685535" -childID 10 -isForBrowser -prefsHandle 6056 -prefMapHandle 5392 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b55fe9c-bd5c-47f6-818e-e398927435f7} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 5276 24822d7d158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6488.12.512288319\1136000791" -childID 11 -isForBrowser -prefsHandle 4364 -prefMapHandle 5780 -prefsLen 27214 -prefMapSize 233967 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dedd343a-dd15-45c3-bc76-74caa1003074} 6488 "\\.\pipe\gecko-crash-server-pipe.6488" 4360 2482247a858 tab

C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds241363312.tmp\jre-8u411-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds241363312.tmp\jre-8u411-windows-x64.exe"

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://discord.gg/BdCcpDZ

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\system32\SearchProtocolHost.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 0 688 692 700 8192 696

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe -Xdiag -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=16M -Djava.net.preferIPv4Stack=true -Xmx4096m -javaagent:C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar -DMcEmu=net.minecraft.client.main.Main -Dlog4j2.formatMsgNoLookups=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.jndi.rmi.object.trustURLCodebase=false -Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1304970597250 -Dminecraft.launcher.brand=java-minecraft-launcher -Dminecraft.launcher.version=1.6.93 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.2.9\brigadier-1.2.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\7.0.14\datafixerupper-7.0.14.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6.jar net.minecraft.client.main.Main --username aidswalking --version 1.20.6 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 16 --uuid 2fdd2deb1aac362294e5f7983ce027d1 --accessToken 8cb5ad04f9f04b2abcbe3775a0ca1aee --clientId 0 --xuid 0 --userType msa --versionType release

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x340

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe i4j6596417278842007051.tmp

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 44.233.67.78:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49771 tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 78.67.233.44.in-addr.arpa udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
N/A 127.0.0.1:49777 tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 skmedix.pl udp
US 172.67.199.2:443 skmedix.pl tcp
US 8.8.8.8:53 skmedix.pl udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 skmedix.pl udp
US 172.67.199.2:443 skmedix.pl udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 rsms.me udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.234.234:443 rsms.me tcp
US 8.8.8.8:53 rsms.me udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 rsms.me udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.234.234:443 rsms.me udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 status.skmedix.pl udp
US 104.21.234.234:443 rsms.me tcp
US 104.21.234.234:443 rsms.me tcp
US 104.21.234.234:443 rsms.me tcp
US 104.21.234.234:443 rsms.me tcp
DE 142.132.140.101:443 status.skmedix.pl tcp
US 8.8.8.8:53 statuspage.betteruptime.com udp
US 8.8.8.8:53 statuspage.betteruptime.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 2.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 234.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 101.140.132.142.in-addr.arpa udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 216.58.201.97:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 216.58.204.67:443 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
BE 64.233.167.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 156.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 p4-coduhnw4ycgzi-v2ln4xia753rm7nu-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 p4-coduhnw4ycgzi-v2ln4xia753rm7nu-if-v6exp3-v4.metric.gstatic.com udp
GB 216.58.213.3:443 p4-coduhnw4ycgzi-v2ln4xia753rm7nu-if-v6exp3-v4.metric.gstatic.com tcp
US 8.8.8.8:53 p4-coduhnw4ycgzi-v2ln4xia753rm7nu-if-v6exp3-v4.metric.gstatic.com udp
GB 216.58.213.3:443 p4-coduhnw4ycgzi-v2ln4xia753rm7nu-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
NL 142.250.147.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 rr5---sn-aigl6nzk.googlevideo.com udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
GB 74.125.175.106:443 rr5---sn-aigl6nzk.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-aigl6nzk.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-aigl6nzk.googlevideo.com udp
NL 142.250.147.120:443 csi.gstatic.com udp
GB 74.125.175.106:443 rr5.sn-aigl6nzk.googlevideo.com udp
US 8.8.8.8:53 120.147.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.175.125.74.in-addr.arpa udp
US 104.21.234.234:443 rsms.me udp
US 8.8.8.8:53 files.skmedix.pl udp
US 104.21.50.12:443 files.skmedix.pl tcp
US 8.8.8.8:53 12.50.21.104.in-addr.arpa udp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 8.8.8.8:53 resources.download.minecraft.net udp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 8.8.8.8:53 libraries.minecraft.net udp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 8.8.8.8:53 sessionserver.skmedix.pl udp
US 104.21.50.12:443 sessionserver.skmedix.pl tcp
US 8.8.8.8:53 textures.skmedix.pl udp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 8.8.8.8:53 beta.skmedix.pl udp
US 172.67.199.2:443 beta.skmedix.pl tcp
US 8.8.8.8:53 meta.skmedix.pl udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 172.67.199.2:443 meta.skmedix.pl tcp
US 104.21.234.234:443 rsms.me tcp
US 172.67.199.2:443 meta.skmedix.pl tcp
US 172.67.199.2:443 meta.skmedix.pl tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
N/A 127.0.0.1:51878 tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.133:443 login.microsoftonline.com tcp
NL 40.126.32.133:443 login.microsoftonline.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.168.117.174:443 browser.events.data.microsoft.com tcp
US 52.168.117.174:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 8.8.8.8:53 api.mojang.com udp
US 13.107.246.64:443 api.mojang.com tcp
US 8.8.8.8:53 sessionserver.mojang.com udp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 8.8.8.8:53 resources.download.minecraft.net udp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 8.8.8.8:53 libraries.minecraft.net udp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 172.67.199.2:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 172.67.199.2:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 172.67.199.2:443 meta.skmedix.pl tcp
US 172.67.199.2:443 meta.skmedix.pl tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.21.234.234:443 rsms.me tcp
US 8.8.8.8:53 api.mojang.com udp
US 13.107.246.64:443 api.mojang.com tcp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 sessionserver.mojang.com udp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 8.8.8.8:53 piston-data.mojang.com udp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
N/A 127.0.0.1:55022 tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 resources.download.minecraft.net udp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 8.8.8.8:53 id.google.com udp
US 173.194.219.94:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
US 173.194.219.94:443 id.google.com udp
US 8.8.8.8:53 94.219.194.173.in-addr.arpa udp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 8.8.8.8:53 locate.measurementlab.net udp
GB 142.250.178.19:443 locate.measurementlab.net tcp
US 8.8.8.8:53 ghs.googlehosted.com udp
US 8.8.8.8:53 ghs.googlehosted.com udp
US 8.8.8.8:53 19.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 ndt-mlab1-lhr10.mlab-oti.measurement-lab.org udp
GB 34.147.202.50:443 ndt-mlab1-lhr10.mlab-oti.measurement-lab.org tcp
US 8.8.8.8:53 ndt-mlab1-lhr10.mlab-oti.measurement-lab.org udp
US 8.8.8.8:53 ndt-mlab1-lhr10.mlab-oti.measurement-lab.org udp
US 8.8.8.8:53 50.202.147.34.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 open.spotify.com udp
US 151.101.3.42:443 open.spotify.com tcp
US 8.8.8.8:53 atc.spotify.map.fastly.net udp
US 8.8.8.8:53 atc.spotify.map.fastly.net udp
US 8.8.8.8:53 encore.scdn.co udp
US 8.8.8.8:53 open.spotifycdn.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.googleoptimize.com udp
BE 23.14.90.106:443 encore.scdn.co tcp
BE 23.14.90.106:443 encore.scdn.co tcp
BE 23.14.90.106:443 encore.scdn.co tcp
BE 23.14.90.106:443 encore.scdn.co tcp
US 8.8.8.8:53 a1520.dscc.akamai.net udp
GB 151.101.62.251:443 open.spotifycdn.com tcp
GB 151.101.62.251:443 open.spotifycdn.com tcp
GB 151.101.62.251:443 open.spotifycdn.com tcp
GB 151.101.62.251:443 open.spotifycdn.com tcp
GB 151.101.62.251:443 open.spotifycdn.com tcp
US 8.8.8.8:53 tls130rtt.spotifycdn.map.fastly.net udp
GB 151.101.62.251:443 tls130rtt.spotifycdn.map.fastly.net tcp
GB 151.101.62.251:443 tls130rtt.spotifycdn.map.fastly.net tcp
GB 142.250.200.46:443 www.googleoptimize.com tcp
US 8.8.8.8:53 www.googleoptimize.com udp
US 8.8.8.8:53 a1520.dscc.akamai.net udp
US 8.8.8.8:53 tls130rtt.spotifycdn.map.fastly.net udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 142.250.178.4:443 www.google.com udp
GB 151.101.62.251:443 tls130rtt.spotifycdn.map.fastly.net udp
US 8.8.8.8:53 42.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 251.62.101.151.in-addr.arpa udp
US 8.8.8.8:53 106.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 142.250.200.46:443 www.googleoptimize.com udp
N/A 127.0.0.1:55379 tcp
US 8.8.8.8:53 o22381.ingest.sentry.io udp
US 8.8.8.8:53 apresolve.spotify.com udp
US 34.120.195.249:443 o22381.ingest.sentry.io tcp
US 8.8.8.8:53 o22381.ingest.sentry.io udp
US 8.8.8.8:53 o22381.ingest.sentry.io udp
US 8.8.8.8:53 apresolve.spotify.com udp
US 35.186.224.25:443 apresolve.spotify.com tcp
US 35.186.224.25:443 apresolve.spotify.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 34.120.195.249:443 o22381.ingest.sentry.io udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 35.186.224.25:443 apresolve.spotify.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 8.8.8.8:53 25.224.186.35.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 open.spotify.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 www.spotify.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 clienttoken.spotify.com udp
US 8.8.8.8:53 edge-web.dual-gslb.spotify.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 35.186.224.25:443 edge-web.dual-gslb.spotify.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 35.186.224.25:443 edge-web.dual-gslb.spotify.com tcp
US 35.186.224.25:443 edge-web.dual-gslb.spotify.com tcp
US 35.186.224.25:443 edge-web.dual-gslb.spotify.com udp
US 35.186.224.25:443 edge-web.dual-gslb.spotify.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 edge-web.dual-gslb.spotify.com udp
NL 2.18.121.73:80 ciscobinary.openh264.org tcp
NL 2.18.121.73:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.187.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 73.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 spclient.wg.spotify.com udp
US 8.8.8.8:53 api-partner.spotify.com udp
US 35.186.224.25:443 api-partner.spotify.com tcp
US 35.186.224.25:443 api-partner.spotify.com tcp
US 35.186.224.25:443 api-partner.spotify.com tcp
US 35.186.224.25:443 api-partner.spotify.com tcp
US 35.186.224.25:443 api-partner.spotify.com tcp
US 35.186.224.25:443 api-partner.spotify.com udp
US 35.186.224.25:443 api-partner.spotify.com udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.scdn.co udp
BE 23.14.90.83:443 i.scdn.co tcp
BE 23.14.90.83:443 i.scdn.co tcp
BE 23.14.90.83:443 i.scdn.co tcp
BE 23.14.90.83:443 i.scdn.co tcp
BE 23.14.90.83:443 i.scdn.co tcp
BE 23.14.90.83:443 i.scdn.co tcp
US 8.8.8.8:53 seeded-session-images.scdn.co udp
GB 151.101.62.248:443 seeded-session-images.scdn.co tcp
GB 151.101.62.248:443 seeded-session-images.scdn.co tcp
US 8.8.8.8:53 scdnco.spotify.map.fastly.net udp
GB 151.101.62.248:443 scdnco.spotify.map.fastly.net tcp
GB 151.101.62.248:443 scdnco.spotify.map.fastly.net tcp
US 8.8.8.8:53 scdnco.spotify.map.fastly.net udp
US 8.8.8.8:53 charts-images.scdn.co udp
GB 151.101.62.248:443 charts-images.scdn.co tcp
GB 151.101.62.248:443 charts-images.scdn.co tcp
GB 151.101.62.248:443 charts-images.scdn.co tcp
GB 151.101.62.248:443 charts-images.scdn.co tcp
US 8.8.8.8:53 83.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 248.62.101.151.in-addr.arpa udp
US 8.8.8.8:53 gew1-spclient.spotify.com udp
US 35.186.224.18:443 gew1-spclient.spotify.com tcp
US 35.186.224.18:443 gew1-spclient.spotify.com tcp
US 35.186.224.18:443 gew1-spclient.spotify.com tcp
US 8.8.8.8:53 edge-web-gew1.dual-gslb.spotify.com udp
US 35.186.224.18:443 edge-web-gew1.dual-gslb.spotify.com tcp
US 8.8.8.8:53 edge-web-gew1.dual-gslb.spotify.com udp
US 35.186.224.18:443 edge-web-gew1.dual-gslb.spotify.com udp
US 8.8.8.8:53 18.224.186.35.in-addr.arpa udp
US 35.186.224.25:443 api-partner.spotify.com udp
US 8.8.8.8:53 web-sdk-assets.spotifycdn.com udp
GB 151.101.62.250:443 web-sdk-assets.spotifycdn.com tcp
GB 151.101.62.250:443 web-sdk-assets.spotifycdn.com tcp
US 8.8.8.8:53 tls13.spotifycdn.map.fastly.net udp
US 8.8.8.8:53 tls13.spotifycdn.map.fastly.net udp
US 8.8.8.8:53 250.62.101.151.in-addr.arpa udp
US 8.8.8.8:53 edge-web-gew1.dual-gslb.spotify.com udp
US 35.186.224.18:443 edge-web-gew1.dual-gslb.spotify.com udp
US 8.8.8.8:53 pixel-static.spotify.com udp
US 8.8.8.8:53 s.pinimg.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 www.fastly-insights.com udp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 35.186.224.25:443 pixel-static.spotify.com tcp
GB 18.165.201.58:443 sb.scorecardresearch.com tcp
BE 23.55.96.209:443 s.pinimg.com tcp
US 151.101.2.91:443 www.fastly-insights.com tcp
US 104.18.32.137:443 privacyportal-de.onetrust.com tcp
US 104.18.32.137:443 privacyportal-de.onetrust.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 e6449.dsca.akamaiedge.net udp
US 8.8.8.8:53 h1.fastlyanalytics.map.fastly.net udp
US 35.186.224.25:443 pixel-static.spotify.com udp
US 8.8.8.8:53 e6449.dsca.akamaiedge.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 h1.fastlyanalytics.map.fastly.net udp
US 8.8.8.8:53 pixel.spotify.com udp
US 8.8.8.8:53 platform.twitter.map.fastly.net udp
US 8.8.8.8:53 platform.twitter.map.fastly.net udp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 35.186.224.25:443 pixel.spotify.com tcp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 35.186.224.25:443 pixel.spotify.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 spotify.demdex.net udp
US 8.8.8.8:53 fastly-insights.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 151.101.2.91:443 fastly-insights.com tcp
US 8.8.8.8:53 fastly-insights.com udp
BE 23.55.96.209:443 e6449.dsca.akamaiedge.net udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
GB 199.232.56.157:443 platform.twitter.map.fastly.net tcp
IE 34.246.26.134:443 spotify.demdex.net tcp
US 8.8.8.8:53 ct.pinterest.com udp
US 8.8.8.8:53 any-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 any-v4.pops.fastly-insights.com udp
US 151.101.66.91:443 any-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 any-v4.pops.fastly-insights.com udp
US 151.101.0.84:443 ct.pinterest.com tcp
US 151.101.0.84:443 ct.pinterest.com tcp
US 8.8.8.8:53 prod.pinterest.global.map.fastly.net udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 prod.pinterest.global.map.fastly.net udp
US 151.101.0.84:443 prod.pinterest.global.map.fastly.net udp
US 8.8.8.8:53 58.201.165.18.in-addr.arpa udp
US 8.8.8.8:53 209.96.55.23.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 91.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.26.246.34.in-addr.arpa udp
US 8.8.8.8:53 91.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 e4b41b9f-a266-4022-876f-a8bfe65ae761.eu.u.fastly-insights.com udp
US 104.244.42.69:443 t.co tcp
US 8.8.8.8:53 t.co udp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 s.twitter.com udp
US 151.101.194.91:443 e4b41b9f-a266-4022-876f-a8bfe65ae761.eu.u.fastly-insights.com tcp
US 8.8.8.8:53 e4b41b9f-a266-4022-876f-a8bfe65ae761.eu.u.fastly-insights.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 s.twitter.com udp
US 8.8.8.8:53 e4b41b9f-a266-4022-876f-a8bfe65ae761.eu.u.fastly-insights.com udp
BE 64.233.167.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 concerts.spotifycdn.com udp
US 8.8.8.8:53 t.scdn.co udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 146.75.74.250:443 concerts.spotifycdn.com tcp
GB 151.101.62.248:443 t.scdn.co tcp
US 8.8.8.8:53 scdnco.spotify.map.fastly.net udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 91.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 astral-v4.pops.fastly-insights.com udp
US 151.101.2.91:443 astral-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 yyc-v4.pops.fastly-insights.com udp
US 104.244.42.131:443 s.twitter.com tcp
CA 146.75.110.91:443 yyc-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 yyc-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 yyc-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 131.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 91.110.75.146.in-addr.arpa udp
US 8.8.8.8:53 lfpg-v4.pops.fastly-insights.com udp
FR 199.232.170.91:443 lfpg-v4.pops.fastly-insights.com tcp
US 34.120.195.249:443 o22381.ingest.sentry.io udp
US 8.8.8.8:53 lfpg-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 lon-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 lfpg-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 lon-v4.pops.fastly-insights.com udp
GB 199.232.58.91:443 lon-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 lon-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 iah-v4.pops.fastly-insights.com udp
US 151.101.182.91:443 iah-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 iah-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 iah-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 91.170.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.58.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.182.101.151.in-addr.arpa udp
US 8.8.8.8:53 thisis-images.spotifycdn.com udp
BE 23.14.90.106:443 thisis-images.spotifycdn.com tcp
US 8.8.8.8:53 seed-mix-image.spotifycdn.com udp
US 8.8.8.8:53 i2o.scdn.co udp
GB 151.101.62.250:443 seed-mix-image.spotifycdn.com tcp
GB 146.75.74.248:443 i2o.scdn.co tcp
GB 146.75.74.248:443 i2o.scdn.co tcp
US 8.8.8.8:53 scdnco.spotify.map.fastly.net udp
GB 151.101.62.248:443 scdnco.spotify.map.fastly.net tcp
GB 151.101.62.248:443 scdnco.spotify.map.fastly.net tcp
US 8.8.8.8:53 image-cdn-ak.spotifycdn.com udp
US 8.8.8.8:53 cph-v4.pops.fastly-insights.com udp
BE 23.14.90.106:443 image-cdn-ak.spotifycdn.com tcp
US 8.8.8.8:53 cph-v4.pops.fastly-insights.com udp
DK 199.232.42.91:443 cph-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 mosaic.scdn.co udp
US 8.8.8.8:53 248.74.75.146.in-addr.arpa udp
GB 146.75.74.248:443 mosaic.scdn.co tcp
GB 146.75.74.248:443 mosaic.scdn.co tcp
DK 199.232.42.91:443 cph-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 scontent-bru2-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-bru2-1.xx.fbcdn.net udp
US 8.8.8.8:53 lin-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 scontent-bru2-1.xx.fbcdn.net udp
IT 146.75.54.91:443 lin-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 lin-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 lin-v4.pops.fastly-insights.com udp
BE 179.60.195.12:443 scontent-bru2-1.xx.fbcdn.net tcp
US 8.8.8.8:53 91.42.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.54.75.146.in-addr.arpa udp
US 8.8.8.8:53 itm-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 cph-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 itm-v4.pops.fastly-insights.com udp
JP 151.101.90.91:443 itm-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 itm-v4.pops.fastly-insights.com udp
BE 179.60.195.12:443 scontent-bru2-1.xx.fbcdn.net udp
JP 151.101.90.91:443 itm-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 12.195.60.179.in-addr.arpa udp
US 8.8.8.8:53 91.90.101.151.in-addr.arpa udp
US 8.8.8.8:53 a1520.dscc.akamai.net udp
US 8.8.8.8:53 a1520.dscc.akamai.net udp
US 8.8.8.8:53 for-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 for-v4.pops.fastly-insights.com udp
BR 146.75.6.91:443 for-v4.pops.fastly-insights.com tcp
US 8.8.8.8:53 for-v4.pops.fastly-insights.com udp
US 8.8.8.8:53 91.6.75.146.in-addr.arpa udp
US 8.8.8.8:53 scdnco.spotify.map.fastly.net udp
US 8.8.8.8:53 platform-lookaside.fbsbx.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 mosaic.scdn.co udp
US 8.8.8.8:53 edge-web.dual-gslb.spotify.com udp
US 8.8.8.8:53 edge-web-gew1.dual-gslb.spotify.com udp
US 8.8.8.8:53 open.spotifycdn.com udp
US 8.8.8.8:53 tls130rtt.spotifycdn.map.fastly.net udp
US 8.8.8.8:53 tls130rtt.spotifycdn.map.fastly.net udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 www-growth.scdn.co udp
GB 142.250.200.46:443 www.googleoptimize.com udp
US 8.8.8.8:53 get.microsoft.com udp
GB 146.75.74.248:443 www-growth.scdn.co tcp
GB 146.75.74.248:443 www-growth.scdn.co tcp
GB 146.75.74.248:443 www-growth.scdn.co tcp
GB 146.75.74.248:443 www-growth.scdn.co tcp
GB 146.75.74.248:443 www-growth.scdn.co tcp
GB 146.75.74.248:443 www-growth.scdn.co tcp
US 8.8.8.8:53 scdnco.spotify.map.fastly.net udp
US 13.107.246.64:443 get.microsoft.com tcp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 encore.scdn.co udp
US 13.107.246.64:443 part-0036.t-0009.t-msedge.net tcp
US 13.107.246.64:443 part-0036.t-0009.t-msedge.net tcp
US 8.8.8.8:53 www.scdn.co udp
US 8.8.8.8:53 pixel-static.spotify.com udp
US 8.8.8.8:53 scdnco.spotify.map.fastly.net udp
GB 146.75.74.248:443 scdnco.spotify.map.fastly.net tcp
US 8.8.8.8:53 sc-static.net udp
US 8.8.8.8:53 sp.analytics.yahoo.com udp
US 8.8.8.8:53 sc-static.net udp
GB 99.84.8.252:443 sc-static.net tcp
US 8.8.8.8:53 spdc-global.pbp.gysm.yahoodns.net udp
US 8.8.8.8:53 t.contentsquare.net udp
US 8.8.8.8:53 sc-static.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 js.adsrvr.org udp
US 8.8.8.8:53 cdn.branch.io udp
US 8.8.8.8:53 4721227.fls.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 spdc-global.pbp.gysm.yahoodns.net udp
US 8.8.8.8:53 dg2iu7dxxehbo.cloudfront.net udp
GB 18.164.70.100:443 dg2iu7dxxehbo.cloudfront.net tcp
GB 13.224.132.80:443 t.contentsquare.net tcp
PL 93.184.220.66:443 platform.twitter.com tcp
GB 142.250.179.230:443 4721227.fls.doubleclick.net tcp
US 8.8.8.8:53 cdn.branch.io udp
US 8.8.8.8:53 t.contentsquare.net udp
US 8.8.8.8:53 cdn.branch.io udp
US 8.8.8.8:53 t.contentsquare.net udp
US 8.8.8.8:53 cs41.wac.edgecastcdn.net udp
US 8.8.8.8:53 tr.snapchat.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 cs41.wac.edgecastcdn.net udp
US 8.8.8.8:53 spotify.demdex.net udp
US 35.190.43.134:443 tr.snapchat.com tcp
US 35.190.43.134:443 tr.snapchat.com tcp
US 35.190.43.134:443 tr.snapchat.com tcp
GB 13.224.132.80:443 t.contentsquare.net udp
US 35.190.43.134:443 tr.snapchat.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 gcp.api.sc-gw.com udp
US 8.8.8.8:53 insight.adsrvr.org udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 100.70.164.18.in-addr.arpa udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 252.8.84.99.in-addr.arpa udp
US 8.8.8.8:53 80.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 134.43.190.35.in-addr.arpa udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 gcp.api.sc-gw.com udp
US 8.8.8.8:53 insight.adsrvr.org udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 insight.adsrvr.org udp
US 52.223.40.198:443 insight.adsrvr.org tcp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.237:443 bat.bing.com tcp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 tr6.snapchat.com udp
US 8.8.8.8:53 usc1-gcp-v61.api.sc-gw.com udp
US 35.190.43.134:443 usc1-gcp-v61.api.sc-gw.com tcp
US 8.8.8.8:53 usc1-gcp-v61.api.sc-gw.com udp
US 35.190.43.134:443 usc1-gcp-v61.api.sc-gw.com udp
US 8.8.8.8:53 c.contentsquare.net udp
US 8.8.8.8:53 k-aeu1.contentsquare.net udp
IE 52.49.50.212:443 c.contentsquare.net tcp
US 8.8.8.8:53 c.ba.contentsquare.net udp
IE 52.49.80.58:443 k-aeu1.contentsquare.net tcp
US 8.8.8.8:53 k.ba.contentsquare.net udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 c.ba.contentsquare.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 k.ba.contentsquare.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 212.50.49.52.in-addr.arpa udp
US 8.8.8.8:53 58.80.49.52.in-addr.arpa udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 www-growth.scdn.co udp
US 8.8.8.8:53 download.scdn.co udp
GB 151.101.62.248:443 download.scdn.co tcp
IE 52.49.80.58:443 k.ba.contentsquare.net tcp
GB 151.101.62.248:443 download.scdn.co tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 api.minecraftservices.com udp
US 8.8.8.8:53 sessionserver.skmedix.pl udp
US 104.21.50.12:443 sessionserver.skmedix.pl tcp
US 13.107.246.64:443 api.minecraftservices.com tcp
US 8.8.8.8:53 sessionserver.mojang.com udp
US 13.107.246.64:443 sessionserver.mojang.com tcp
US 8.8.8.8:53 c.ba.contentsquare.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.spotify.com udp
US 8.8.8.8:53 c.ba.contentsquare.net udp
US 8.8.8.8:53 edge-web.dual-gslb.spotify.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
N/A 127.0.0.1:63056 tcp
US 8.8.8.8:53 open.spotify.com udp
US 151.101.3.42:443 open.spotify.com tcp
US 8.8.8.8:53 atc.spotify.map.fastly.net udp
US 8.8.8.8:53 atc.spotify.map.fastly.net udp
US 8.8.8.8:53 encore.scdn.co udp
US 8.8.8.8:53 open.spotifycdn.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.46:443 www.googleoptimize.com tcp
BE 23.14.90.83:443 encore.scdn.co tcp
BE 23.14.90.83:443 encore.scdn.co tcp
US 8.8.8.8:53 a1520.dscc.akamai.net udp
BE 23.14.90.83:443 a1520.dscc.akamai.net tcp
BE 23.14.90.83:443 a1520.dscc.akamai.net tcp
GB 146.75.74.251:443 open.spotifycdn.com tcp
GB 146.75.74.251:443 open.spotifycdn.com tcp
GB 146.75.74.251:443 open.spotifycdn.com tcp
GB 146.75.74.251:443 open.spotifycdn.com tcp
US 8.8.8.8:53 tls130rtt.spotifycdn.map.fastly.net udp
GB 146.75.74.251:443 open.spotifycdn.com tcp
GB 146.75.74.251:443 open.spotifycdn.com tcp
US 8.8.8.8:53 a1520.dscc.akamai.net udp
US 8.8.8.8:53 tls130rtt.spotifycdn.map.fastly.net udp
GB 142.250.200.46:443 www.googleoptimize.com udp
GB 142.250.178.4:443 www.google.com udp
GB 146.75.74.251:443 open.spotifycdn.com udp
US 8.8.8.8:53 251.74.75.146.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
N/A 127.0.0.1:63063 tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
IE 209.85.202.94:443 id.google.com udp
IE 209.85.202.94:443 id.google.com tcp
US 8.8.8.8:53 94.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.137:443 www.java.com tcp
US 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
US 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
US 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
NO 104.110.16.41:443 static.ocecdn.oraclecloud.com tcp
US 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
US 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
US 8.8.8.8:53 137.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 41.16.110.104.in-addr.arpa udp
US 8.8.8.8:53 s.go-mpulse.net udp
BE 23.55.96.141:443 s.go-mpulse.net tcp
US 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
US 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
US 8.8.8.8:53 www.oracle.com udp
BE 23.55.97.240:443 www.oracle.com tcp
BE 23.55.97.240:443 www.oracle.com tcp
US 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
US 8.8.8.8:53 141.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 240.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 consent.trustarc.com udp
GB 216.137.44.99:443 consent.trustarc.com tcp
US 8.8.8.8:53 consent.trustarc.com udp
US 8.8.8.8:53 consent.trustarc.com udp
US 8.8.8.8:53 99.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
GB 18.165.227.6:443 consent-pref.trustarc.com tcp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 oracle.112.2o7.net udp
US 8.8.8.8:53 oracle.112.2o7.net udp
US 8.8.8.8:53 oracle.112.2o7.net udp
IE 66.235.152.225:443 oracle.112.2o7.net tcp
US 8.8.8.8:53 consent-st.trustarc.com udp
GB 143.204.194.2:443 consent-st.trustarc.com tcp
US 8.8.8.8:53 consent-st.trustarc.com udp
US 8.8.8.8:53 consent-st.trustarc.com udp
US 8.8.8.8:53 6.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 2.194.204.143.in-addr.arpa udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 consent.trustarc.com udp
US 8.8.8.8:53 c.go-mpulse.net udp
BE 23.55.96.141:443 c.go-mpulse.net tcp
US 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
US 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
BE 23.55.96.141:443 e4518.dscapi7.akamaiedge.net udp
US 8.8.8.8:53 02179917.akstat.io udp
BE 23.55.96.141:443 02179917.akstat.io tcp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
BE 23.55.96.141:443 02179917.akstat.io udp
US 8.8.8.8:53 a248.b.akamai.net udp
US 2.18.190.75:443 a248.b.akamai.net tcp
US 2.18.190.68:443 trial-eum-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 a1024.dscg.akamai.net udp
US 8.8.8.8:53 a248.b.akamai.net udp
US 8.8.8.8:53 a1024.dscg.akamai.net udp
US 8.8.8.8:53 191-101-209-39_s-2-18-190-68_ts-1714791102-clienttons-s.akamaihd.net udp
US 8.8.8.8:53 x5s5cjycck7ewzrvuk7a-picox6-519dd7d6c-clientnsv4-s.akamaihd.net udp
US 2.18.190.82:443 x5s5cjycck7ewzrvuk7a-picox6-519dd7d6c-clientnsv4-s.akamaihd.net tcp
US 2.18.190.79:443 191-101-209-39_s-2-18-190-68_ts-1714791102-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 75.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 68.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 javadl.oracle.com udp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
US 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
US 8.8.8.8:53 225.22.110.104.in-addr.arpa udp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
US 23.220.112.104:443 e2875.dscd.akamaiedge.net tcp
US 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
US 8.8.8.8:53 104.112.220.23.in-addr.arpa udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
NL 92.123.165.224:443 rps-svcs.oracle.com tcp
US 8.8.8.8:53 224.165.123.92.in-addr.arpa udp
US 8.8.8.8:53 discord.gg udp
US 162.159.135.234:443 discord.gg tcp
US 162.159.135.234:443 discord.gg tcp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 www.msn.com udp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 assets.msn.com udp
NL 95.100.96.8:443 assets.msn.com tcp
NL 95.100.96.8:443 assets.msn.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.189.173.1:443 browser.events.data.msn.com tcp
US 20.189.173.1:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 8.96.100.95.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 8.8.8.8:53 sessionserver.skmedix.pl udp
US 8.8.8.8:53 api.minecraftservices.com udp
US 13.107.246.64:443 api.minecraftservices.com tcp
US 172.67.199.2:443 sessionserver.skmedix.pl tcp
US 8.8.8.8:53 sessionserver.mojang.com udp
US 13.107.246.64:443 sessionserver.mojang.com tcp

Files

memory/4988-0-0x00007FF98A7E0000-0x00007FF98B490000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 5f580d5729d906e8d3dc102054013a38
SHA1 e267215fae86dd7d5dc76977e4b6e58ea6af2c0b
SHA256 eb4f4702e7ab9d7d69d40b2087f6ab6dc648125e0f9f1b65b3209be821e0e49d
SHA512 5e6894907634d6ad20bbe48b554b917bc1181c217132355af8d66e62166034fef8b2e8aea20c585b2093b3209f93e5b79d49db20bd9bc8769cc07a702fbdd9c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0cab08d3-af1d-4294-a413-b78f641e77a0

MD5 d87f971cfadc118e4cc7cdd0a1678a3c
SHA1 b880ac0867eb8f3f4a0187faf6f0df10dcb0fb19
SHA256 27de742a1f901e702dde80af6a86a908af5e6719e0bfc50d0d59d5da82e90134
SHA512 1a749fb1e24c0cf2f9ae5740d22529467b633689da9be3583c3081cb4404ec3e26ceba2c4e5b259be24aadd732c677325df0dbba89025e9583805975c1bba7e5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 38755fe7c3d6d0bc49e5e1b8557b3ec8
SHA1 5658551bd8300c52b3c56c553f250881a276191d
SHA256 793495438ea4930528976414838f4b0a520adc94c8d5f9c0bdd2cb9db8db7b58
SHA512 ebfe7dc715a887242b3c1b4c7f2f76f14f2c83a042b4966987b11c0a9233da42d6bd2f53df9174c8787cfc9d94452e23451bf8f53d9dfd4e8d09de56ee1ffd68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 615b87ab68ab7ae870f882f6a0d05c49
SHA1 641ecbcc9cb62a3f07ee6d635097219bf6a7c548
SHA256 2d89f97df79c1b4801fbffc4d1adf99a10595fdae6758afaa527bf7aca7770d9
SHA512 6a76a7904f15f1b09bd46cd2f6ec5c7333e31fca1f4de96d8ee30cecf837f4c3cceac11937679d0edac2c8052503e01a059136d7a4c26e261a745b4ea5c18197

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2adc3021bac2bbc4caa517b051c0c705
SHA1 37a9f18ee5526e1c09bb8a69b63e48ca0b40de31
SHA256 ea214d94312ede710d0447c8be141122b59c0b15eb973d3fde87aa5a0fd5ece3
SHA512 9a8468a4ee5c96f5b32f13bac4d19fa66d596bb9446deef1e4ae9f5f226cf3b2b519bb8eb26fce616c8a5d99ce97480532052591e14bc3bae86760992a94748b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1e780a770210e1df33235fc23a5cbb1d
SHA1 0825cfa417fb8fad2579bb9f45a94bcd1efeeb2f
SHA256 2d0aaa45f3e399f6e9d06c31063b6e8e56f6fec289c8d0f200d1da0c7a21f3dc
SHA512 6c44e51d46b21a42e8f15e9917ae9b56dd2357b4238db06534d46e3fb169e14fc92dbfa364af13da423271387f30ba8ad4dfe06990e51b97dcdc3bd1bcad4e78

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 275da86bf66d090ddefa598e517c835c
SHA1 7716fc0d7afb152ad051e1b9fc904bba67c16365
SHA256 e97b5ca6ee7e1dafefb40bf961204cacfee5ea9cc5d23ff2c3a79fab61e3eff5
SHA512 d1bdbb2069706e78c1b6d51c0d326741042e990abd9fcee8a31325cce60d022589e995acd5f8f0c47f929bd093575b30487341941b7e60ffcb3da17dd14794b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\0F6E48FC2FE3BA07CF39A943382347AA9FC8C2FC

MD5 7095c62de7cca518ab5ebdb59d041415
SHA1 dcde115f5c11b445d0810dfa18330178ad165494
SHA256 0c3cdd420c3efeb28c4f0dd9eb445c39908fadcff29bf5d345ee5f78ff0e99a6
SHA512 cb11f750f121e3781588af60ce1ecb696e70a71f89d6eec2ab34cffa0c8cb310d90dd335ca234d36cc2f13ce2dd5591a18db109f080324355a2038500b90c1e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 21e5ed0a12006291965c4b6ba59ab88a
SHA1 b25763bc00d96197f256631c13e3c09264448b26
SHA256 5c42d7eff0fd1c720cb040af1fa16489d97bcd0d4f3df6faacb0c4057cd2963a
SHA512 8b1d592cb0293a4847c95470dc63b85dea5b72f5aed18d3c48dda651d9402fccaef56cb015180264892bbd077245ab8cbb816c1682d8c2e01451333d041d955c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 055d98f0940c27795f1d7b38ed26ebb5
SHA1 8d0590b9992b263bdac77af66b1660efcbd7dd3b
SHA256 8013ac3dfb0309d52c0c93871a7325baeff9a7bc40a2a1dbf4a35ad798c9ad0f
SHA512 f4c0fc08dbf467dcc73de5b3544dd1a113ad7c2e1209dadece0337f9f146ba39f9385948268d18a7dd88ac8fd43949951ef2daf58765b3a41b941127df8d9659

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2af81c22326ea3ebcfe987678712d455
SHA1 b4a305985ad2314254ce4c386185f8f7145d86a1
SHA256 43b603d500c92e84300c1a30c33d4efb281b252b7e476b26af4291a81f278da4
SHA512 ef945ee60890cfc6f04d8a9ab0799cebbf7e9aaa6c808020afcf0f86380510187fa93201e9316af4654497ddb7242c4f9ebb8b5a508064437138e85f587f8270

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 db2e5b5c2e6f4590bcbfb44d8f735521
SHA1 c3685137745099860439806ddb15fcdc41d30f4b
SHA256 cceb3c270c0dd5d72bcc56681f0972e9f49586c5122b00d4ad1d6ee3345fa4fb
SHA512 fbef2dd46f2890c27254fd3ceac35baa69f3fe8aa944e96b19c21d965a48119b1cba8188ee96ae71facca8c5da98773142662b5bf80bb78ff98a1b5e4be24700

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e13d98b7c5c592e9ab29c285480dd5b8
SHA1 17160e14ac18cc3d6003e9684aaa3878d9e47e6f
SHA256 b287af7379daedafeac0c8b5ac33ed25b664e89ee7e594ed38695a21083a9526
SHA512 7de380c466b30679fbf3bbf55bb733f31d4d7d0e1cc09a22b6322e8b85333ae96f7579e14619bbda88a47eb215a7604b930abb975033474b4cdf7a62af684e6e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 f3100902e17ab595d1f75dc634530ea3
SHA1 8903a8a992c3d59ee53a3f4f5af50c159ac15835
SHA256 0d0830f0d593df158b36eb356480c1635b01bd8ad9e53bb536e2ea89d2c6404a
SHA512 813c19d5a8703e0b9b0834d95d3d57abe05ed9525aa513fb1810752f2e00142effa665ebda4c45d8e881cea16167e16e71ae37657589ee951482a8c1e358748a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 720617bc7211e3eac7226f0ad3c6b0d5
SHA1 4799a3bafe878e527b215378976a4b73861a6f4e
SHA256 246cf925828d370cd8e8a8d8672ab8885d9f161c50ac33f68e4921faac96e1f7
SHA512 6151b2a20249bb7a6a08b1cd48202c330951f152c14aca255422a702c6f93784f3fca58b0dccdf41c90ab5ffc703b67d0adb90ccc64ddbe839d298ac24c0ffec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 07eeda5905d94c82e71de138820c89a5
SHA1 5f79aaf58ed052812f29f2d3be425c873b6992f5
SHA256 9a4673d1093fb2019673da84988806aeb141fdbe58ea7b5ff490a7ac6f0a6d5c
SHA512 bb19625c6924ca3fa44938ad18232835fa5f6e219ac9655c03919721200fe6fc3989ab8d030e3024304e6bbe9bef5f2921d1e2b2982b07df84ea2f4fad03c7f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9537421406476bd61d397dcb0d0873d6
SHA1 129cda7bfa5d1a7dcd6e35003d0c595fcead58bb
SHA256 055bcb25bae9e180739167c22b9fcd8c669781915043180cb7ca3e3809e7b0ff
SHA512 40e3161902bf393a2bc49561458b38d64b3b63959cfb7b3f3be8a25f9a583fc3e08f8829993bd0e68cfffe970ebd02d5247ffce289a83ababd4ebf8606bf23c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d9012f853c1825c7179fc7bd98de4cce
SHA1 5c6deeb4d5cab5417507648a6b36217a821ce692
SHA256 7b87d014ecc9fd1bdf3e8d09f63f3ae676bba3ac5dd2984a4f82c349b0895d67
SHA512 f83219d6dd3c0c63c9a34d098c03824e47f8f38e9f93b2e61dca7646e460cb9369e850288b22866adcd082b859d8d7bc8f548611b8c7066cd0af00b8fc843716

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b0c052671b7c854e587145dcc313e364
SHA1 a6dc3767aa0aadb4b5ca17b6ca83f767ffdf23c0
SHA256 dc8f6b86614e30097186122410fbdc19f83e22bf82af418588d3b5c5d458c44d
SHA512 1722c2011607bbd3f84e563d789320d1ff7a775d880ff0cc8ab4780619393a14b6c3cfd8726f1a595f4c7ed681f53f0aa8db38395c5706e182223bd459a18e3f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a149d1f5-3d4e-4589-a1c4-b993d26988e8

MD5 a6c51e0dfcb0aa17624236538acd65ed
SHA1 7365559fd1d0b35e7056370143bd7d3a7b3d6499
SHA256 0eee2948f74938d90c898a7a9fe6fd139ae29d450f46484a28a7385463080b25
SHA512 d7eb1133ea91c299460eb1dda158e3c81a2a16e88dee81effca1281b017683a8c410e74f3fab4c2110e0d17d6efda1c09998b82afa8213cc9420918b0330510e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d857d081-98b6-407a-a213-d9de81804e08

MD5 f92e2b03778f8a870960262dfc0d77c3
SHA1 7ede44ce3a4fcd355b6cd95f1ee738618e4cfaa9
SHA256 e2af15a2e422d6b7efc0c6c67843e63e4169c92bb70115ad56f18653a48a3aca
SHA512 52463acf31a40fbad6b74a8141ab7989c1ace63b4464eb2f3b7decd83840a235c838c74d82546919b466e641fa13e1b2ed5c8308ac14cec718618c1620b586a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cf5570288e8832b72b1b91b608cd3f72
SHA1 c7864936e6e48cb1757ad7d1d110fd8065f0fd92
SHA256 4a1241dc5443795bc05c62a34dee2f54ab707a920c61a36df49a6b0092889a67
SHA512 00271798ceee32ec9416d3c779be385bf86d2afe523796ed1b871626278748f04b8a7f204624f7b32321493c3e9089deb6e2211f82660256bd8d95d85e49e81c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20497

MD5 6d4a2f6d4ee20d727d2a9a682d80e3e4
SHA1 0322ad449c750c79b55c6d303928f89b9ee61079
SHA256 c74653d90a54e8243886352948b5a87440c496cf3e0ac95a04702cd2903e09b9
SHA512 ef1ea73f3924df0da88c5817eeb0aea1a61fceb0434626340c08d6481eb5572590dd6a9ac6c8512a09eb7698bd51122ffc9dc3c0e29e345679ad19bc184868c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f47c25b4e290101b93f307c6db4ad80c
SHA1 df41aafc9c741ef71270a56c741dbd8b4bc507b8
SHA256 e541b94d2e3b90dcdaa86ef03afe9078c5b91b6f20908dbd2023214f86432666
SHA512 c26a961eed62aa83380bab7831e934aa79e8f590b0e6a16026e2e28e9779d56ac4fb57671d51aaaeb40bca5d10d31b2bbfde80033ce6eb89b7f3d1df6cb86907

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\25964F52691AED972ED9651DC62D2ED649D0CA04

MD5 e5cd50794c0d2825a42433caccccc917
SHA1 b11d9c51ddf38f2d9aa9309c4e4ddc6636719742
SHA256 3abf96cbdb0a7ecd910658adb8de8db79623ed44c4f49a82d836e37296bfb3d0
SHA512 8523bb6367b61d13ca56675843eefbf31332ac33ba4bc5ed5faa5ee8be401f5d59e05fa1574f1e566f28292b21e6ef605a15240018116698b02b211738737a83

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2642B139127293682A334A3B94AFED2E56EF6902

MD5 5d043dcb366d1de4ea0ed1b79e4a5b3d
SHA1 633affca79db1b4030e1e298b16aaf8b0ed1d96c
SHA256 761be992cfb1e4bb91576ae3991485946c4880a397dad649757bbf9b4960449e
SHA512 487d861fd5c80d12466d18151f4e0509d88315de0d52af7c37bc75a2dc4c8220ef279c11ddae52104818a4fc1ef1b3a32d47b7b9722ad2689ba91a6af9bbb697

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A9820D3AA01082CAD0464F5D7B7ACC7020B5827A

MD5 dcf1de29a765aec52b0cb9c5d553e6c5
SHA1 4fc52a7f9ebff65514f97653318c980ca5889f37
SHA256 8e8a791b5e513aef213a99d184b1f3bfa96ef111925dbcafc2690e2643b4d942
SHA512 961c3a6a7a29052b7ed26aa67255df613c4d93526dba120dac58aed3d3ebf0b1afcbf418bbe458f3e7540aa1ad2d728dde68b493aa828d2ff472b20aee925722

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5D725DA1DD35E8A5C0B1026F1D46210CD974636B

MD5 9ba04773a44511a1c69881d5f5f2a1b4
SHA1 a9cf5e76ee4d87128e4cf0784585a1bc15e60411
SHA256 ab927615d54bfcccbd6bc30de6be6d8a1dc43941caa8a6c3ee7fe4c48fec45de
SHA512 22d9bb31a2ce5d335df594aae87d0142e6fcc88bcda32efcbb4d99e6572491df401b3a50200a80de50e36c79ce8d2ddf13855bd24e72efbdb29543feec0ce425

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\9884

MD5 024d344d29e232abe0798129e62ef487
SHA1 2b6b8056bce3dc5f9116a0fb711b5d8e1c923e95
SHA256 b7b21609c56ee3f6b6e915f6550ada97d370a8eee8360fcbea8b97533b26c27d
SHA512 b545c5764c4dd98f3179cd8bf90f9876393b37816a4a8ba3a88c50adfba54f76b6733fde6eef7dbf8ff7b86f4738f8ab3150acf33260c7482554dee5eda53d1d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17224

MD5 7f0e8f36f7018e7933ac248f1a06f04e
SHA1 85a094da1512105c774456f5e543d63aed0ba6ad
SHA256 6ac00e5f6f24063e496668813a8dcaa4090d20454af8ead2cf36d454102132c3
SHA512 ed21be80235e76bd793afb776618d8e56ba3adcf5519c84ee7d89cb865d21bba2301cdb614757d4c50d0714b70f235e53774e7e677a9fa338dabe9730d1a58c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\38080459652B535AD0DE543435FBA672A01C1BA2

MD5 2b134f91d4f845e8d903861440b81b3d
SHA1 8a44ce48a950286c4a570503902216441c032216
SHA256 b09af8e6df0d1e16bc5436009a0b1728eaa0068e495bf3ad41027de6675c71b9
SHA512 6457ff3dd0aac5b7c72260ff6088f9ef0f0ae6c1c8ae55d8a37d5b0af3584f1d07079ff14cb71933aba1439c2c2b363868a4a9784d4e171db2706b6c7984d04c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24262

MD5 2ee4d9e68206f1788bc744c66e6687b9
SHA1 818bfa5fe29755f3d4bb147a0090fc9254bf1cbf
SHA256 668a2d991915f8789c212dc10f9f237e585f947c5d8fc888f6ca8753039578ab
SHA512 dd4276d08e8836ccda8b67ae5ea4d3179113d0b17b9f5990a2d5bb9435657af9ff777f5729e3b769e188929023d28116b49469cf71a43bda8a37bc42d4e2f317

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14128

MD5 a4d42cadeeb2312677278660e2d43a3e
SHA1 dbaf03398bb25663e2b24b0b48cc7912176189d9
SHA256 22c765ee02c1590ff2df3de8251c78197854018f005d78958b5d71d619cd277a
SHA512 52c68ddbeed2b71ab14ec5d2a5825dc2d4968889fdc1389e7be17492430cce311fb90cf067f2f4098f58824ad5e1f9620fcc863fff32bdc2d143a7f8f53b0cab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20435

MD5 5cf14c97c5fd47c6185f19f1bbd3b1e6
SHA1 0501cd4f3506897327ea5269f1d232e66c7224c2
SHA256 98be9e9c2405edc9beb6be33de5e4b193559f34d7da89e6220290efa74faf097
SHA512 0a63b699e959ca9da0cdb72ca92d2361f17352386510e2831d586c4930ba05b0ce7bf6f99d45cf6b225ec8401b71d17f378ff6caad72f6b3d85d5c0f72597606

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\10C0543199997E1F7BC198EDED66D97B334F0C39

MD5 ebf8c65457a528f746c44149718dd2bd
SHA1 19dcdb7740c01b3e198ad2bfc4654695c64a0c5e
SHA256 d9ec5793a26ea9db4881e24dee0acc440bd6ef7c6c29d9b920ad1004394b0214
SHA512 f687150f1578c001615b1eac3c8c095fa5fd429cf361d3599f2cf2d008d54def39c98d601db8048ef14d9e59be8bc5637650a70c77d6c823ac50a564b5246f69

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 50150ae61392cc657891b4aa72270157
SHA1 8f8880ea293cfd13a5cefed5089201421d8a32d3
SHA256 adad95e3e8fbe799d821179ee84ab3eda09d551d2445dbf40ae598bbab8240d2
SHA512 b7223c3507b6b53428d8fdd7423d6f798fe0ed961506916b602de2fe2dd0c427ea974107e56dbfd84e56dfecf61244d7c3dc2a538d02bf9e461115da5efddfd7

C:\Users\Admin\Downloads\SKlauncher-3.b9mxBJXV.2.exe.part

MD5 2bfc98e213a2f0708ed43f0f2bbcca32
SHA1 9c777f1e46ed449d5b45fe8b0a8e0938e23159b1
SHA256 cd6ad49081e1244265ef98475218bb843765b72702e2c7635f6a2be6164439c9
SHA512 54d3a8e86bf0c6cb1b120ac339adde49bd3a3ab54ad4781791d80a12dfc80948b6076a42adb930f1efdfbd2ddc08b0e8f85d29dfc6692c4a748bb042a1013068

C:\Users\Admin\Downloads\SKlauncher-3.2.exe

MD5 b63468dd118dfbca5ef7967ba344e0e3
SHA1 2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA256 05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512 007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548

memory/4572-1001-0x0000027168C10000-0x0000027168E80000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 56f82cf8bafd040cf15786d69220bb4d
SHA1 9c833ef37a83d6bcd4db25f3bcc5aaae761ce501
SHA256 843ae17e793a3a049d154f724b0af28663236c9a88d02f578e77b5cf0cea63ea
SHA512 5962aa159d5b3a25a9cbb8ad705e714a9614cac98cfcf2d1665ca6816a85b0ebaf87c44fc66038c0421657330926433071f30cf6adc49a153578d726e745da72

memory/4572-1019-0x00000271673F0000-0x00000271673F1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 ffab5aea3cb0da8321d5ed023407dc59
SHA1 7ab2102ea332ece6ad111652731a26336c3d0efe
SHA256 afa43775b79cce5bb2a5aa79f349587c998d4d1d42d8d806f4c1ac71c4640300
SHA512 ffe37f12bf5ea1aad7544145cff0c923b9b90e88ac41dc9e9108259afb02fb39ed2c4ff826bfa0f028c07df37f46923ff1c4afbf6c18e6d83bc6e99aba23968a

memory/4572-1021-0x0000027168C10000-0x0000027168E80000-memory.dmp

memory/332-1033-0x000001CFE0740000-0x000001CFE0741000-memory.dmp

memory/4776-1046-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1050-0x0000000002660000-0x0000000002661000-memory.dmp

\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-8927770824600.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/4776-1083-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1128-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1134-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1173-0x0000000002660000-0x0000000002661000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 5b0bfa78154b1c57ab68574af285fc6f
SHA1 bf9f6b357352f81a2e4427c4e5d839b89b32d3b7
SHA256 0e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f
SHA512 95dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26

memory/4776-1186-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1199-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1217-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1233-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1232-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1231-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1230-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1228-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1248-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1251-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1254-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1261-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1269-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1268-0x0000000002660000-0x0000000002661000-memory.dmp

memory/4776-1265-0x0000000002660000-0x0000000002661000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF4947268008213846848.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

C:\Users\Admin\AppData\Local\Temp\e4jECA5.tmp_dir1714790833\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF4052844772325346394.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

\Users\Admin\AppData\Local\Temp\jna-63116079\jna8028659467676948691.dll

MD5 719d6ba1946c25aa61ce82f90d77ffd5
SHA1 94d2191378cac5719daecc826fc116816284c406
SHA256 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

C:\Users\Admin\AppData\Local\Temp\+JXF5933899926327751379.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

MD5 1575102d67c5dbcd216d2fcbf15c344a
SHA1 6454955377f8771987c7db2dac7499681f74fa23
SHA256 98dec316692a9568907c955beac1352e1432745931c13f6ee218bdfc435d9655
SHA512 415a248e8e15cd376daf6405530351211b8d5fc14db7035daa48157cf87e51fc774185e7f7068954273c86a01a0d5b969aca95254b5e3f6dd4b2a07b2bda8bee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 95ceb5c879576e55da52ea8f9d63ad32
SHA1 2a52dbf80dc99540a01533f65b2f3c52603992fe
SHA256 683b7fda4eca43282e719c0e49de04b28a75f8843decf5983a020d80e8678c00
SHA512 737630a9964031584f2ff9c4a35d1abbaa79d6cec2f45201e39aa2ec95e7b8666326933eb378544549aea5f7f9bec45745c04ee968df1d35f919e7974612217a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\utymd3p\imagestore.dat

MD5 cd5c8be4077db33c28012a8c3891ca86
SHA1 92abb49a3c6ac369ac698fbbcea9d84514e1bda3
SHA256 d43626d8df8991aa19a537bee3602d3c0783ef8febaadb306131fd8ecf806231
SHA512 a7306278f679ffaed2fa9517473dcd0cb9f811c4f1c22894ca8b26e55287b621860e2ad10709e43acbe759d19b08adc5c8dd8c60cf7e6a226896e05620b081e3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SGCG3FET\favicon[1].ico

MD5 12e3dac858061d088023b2bd48e2fa96
SHA1 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
SHA256 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
SHA512 c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HRBX3BZ1\login.live[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF7441BD4DF81C75E.TMP

MD5 6549bd38fa0b5fa11ed4286b84612fb1
SHA1 42ed26e812a8110c96c08cdde1cb87b62b1c16f7
SHA256 77ee781f711b1e46f05cc1ad6da40d5b14196e3d91e21e29d78db724fffde8bb
SHA512 3bf35c0fdca75713e75472c85dac49e9372416e5eece704c15d14245d33b02639c3205bf659e28759b7e74663f1ec3c09e4cd5cca3c9e8119549987796e9e715

C:\Users\Admin\AppData\Roaming\.minecraft\launcher_profiles.json.bak

MD5 025b9420ef9449d52963b795805b8235
SHA1 b8c2f18753d4ab11d8861982da24f31fb78b18d5
SHA256 a3dab7338b766b3b4d8196a459359ff52ea3dc63771ae333969b7119db578dc8
SHA512 35653735e71571f242c4b9c1ff72748f270482e5481390c6d4760e2ae7b5551dcaa6cf57b36fc3f6f21f1d90a19258288b0d5c6b78a462cf34b4d0e81f01ad31

C:\Users\Admin\AppData\Local\Temp\+JXF4768154438635635737.tmp

MD5 c4c47e3d7ed51a6bb67b7b8088a4b0e3
SHA1 b190f4e4e8f838c46ffe9507d966ea4d8b37d8ce
SHA256 5e606f805a71432d4875de7dab737bf9dea1187090f0a5190da9b1bbab09f57c
SHA512 b4251618479c52398ca71cfc61ad88230a14145771ef1085ab9288486d7bfc841f0ea222909f8ba6882db6076df26bfe37e1c23917569270c86d6e7adee7cf13

C:\Users\Admin\AppData\Local\Temp\+JXF7542973517544719658.tmp

MD5 4b1ffad3c0075af22674765ff1ee2f56
SHA1 1f7b05d0ed1c6c15736115a59ad844adea5f1f66
SHA256 fe3714926082ac5764327e3b67ae52cb6f0cf6b8c4221c064a6cacf821079414
SHA512 427db3fe5860676fab65a9b895d205620a1ec0aa172f45aa9ecef261820e25b84f3413bc5d0a9d0c1311422a8da1f5706ac4f6211a60aacc82974cf00ff036a4

C:\Users\Admin\AppData\Local\Temp\+JXF4784780067006700818.tmp

MD5 b97f16379b4c106616f60f702733f5c6
SHA1 85c472fb9a7f256643bc4bba10f158dfaa1d1e8b
SHA256 4c392dcc8ad916f0f9df7559ab5563b01dd94f9f3b2db34617fe392e00060339
SHA512 d124af2c705b97cbb307497f88c47a5f7d320174d48626ea14ac27d42bcf8016f32810cf7ecb6af1261297b8c331a6ea89e2e35c3e2536390d8d6e500ed8d61e

C:\Users\Admin\AppData\Local\Temp\+JXF7449354641279939100.tmp

MD5 4154321279162ceac54088eca13d3e59
SHA1 5e5d8c866c2a7abfd14a12df505c4c419a2a56f7
SHA256 6bdebeb76083e187c7ae59420bfc24e851edb572e1a8d97c1c37b7b2dc26148c
SHA512 04ca175774cbe3f2d83543c01cc388e2715ab7b1378143db41bacdc7e7eddf05d3beef476f6acbe7ddeb34861984efb5fd7f299ec1820697c440b372d258aee7

C:\Users\Admin\AppData\Local\Temp\+JXF627935389043608021.tmp

MD5 a473e623af12065b4b9cb8db4068fb9c
SHA1 126d31d9fbb0d742763c266a1c2ace71b106e34a
SHA256 1bda81124d6ae26ed16a7201e2bd93766af5a3b14faf79eea14d191ebbd41146
SHA512 1fbc2841783140fe54f3ab1fa84e1ded2534bcec3549ade2f513491b32178df515bd63a0a4a2c35017a6850ff9c3a24f8602357d912acf8ca92b8d68ba846d3a

C:\Users\Admin\AppData\Local\Temp\+JXF7624541201658579969.tmp

MD5 9a21378c7e8b26bc0c894402bfd5108c
SHA1 72bd9f3ca75ca691ce86fe1ebbdb269f5f737bae
SHA256 0d34f9588400a586b774be97e66ae8c076a8807b8455df0587b39d2a4a1a3b42
SHA512 4a9d23a01f1a7474e0339d4d8b151d0269bfaf7d9e13ff6aa34d7f929002e8ff185f273e6f7afd2d40df3e0630a962dc7767d870dcf1766f3e04b8029a7b452e

C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe

MD5 802d1182a4685e1b86c0a9dcb3f2be36
SHA1 3aea1c3d1925ec0e6c4e534adcccb1271c6a5f04
SHA256 e48ef14933f4eb6071497a5311ca0ac6e115f7a0d57a60e519296f8fd42ad4fe
SHA512 ebde9d7c89fed73ea1766fdbaf716e5ba69068b5b0c913490c9ad8703540945e2cda248b0365d6a49acecae960a8fa846da53cfbf8e19b98a6da382267dc562c

C:\Users\Admin\AppData\Local\Temp\i4j1321171856815587400.tmp

MD5 e269224895c7fb1d2083a4d5a5d0d51c
SHA1 27e1afdf2330f5a4b384091fdf76d8551c03e0ac
SHA256 51ab9d24f1e8deeb397ce4586dbc771841d19ae6d80dc809e120602a6df424c4
SHA512 156420e4c2a9c0ff8cda952fdfccaefcc0c9ef67930f48f3b87864ed59b8db5bf11b9e1c1f3fa771836c1fc5653202837c0a52f41090495d488766a3111d844d

C:\Users\Admin\AppData\Local\Temp\+JXF5712007104081739005.tmp

MD5 c5c41f7587f272a4c43a265d0286f7bb
SHA1 916224c963d04b93ed54ce7c201108f398e7e159
SHA256 d549110689cdde0821ca2c7148f7b47a097166b4169786a4a9ede675f5ce87f3
SHA512 d4b4d01088d9f506368dc19d709b4ba6be764929b0dd05775841e14cbbec674f216b81515ae529e95abfd22ed2f3e2d2774363dd4284c8c8b57d203599555f76

C:\Users\Admin\AppData\Local\Temp\+JXF8602201351783414257.tmp

MD5 12ec66b825b504d752e8c333bf81dacf
SHA1 56896d3e6011466b7e6631c714c57e20ee8366d9
SHA256 5fc09af94a447fae6f82c00f15dfaef9eae7c560e6cbe46d3e84524019a574aa
SHA512 8cb838589ac4f9819b7e2204517445df94663d3217297212973e8b2d9fece162155130ddc783e7e89ef2832d38bace731b2ae3b73aff36ad782c707813bc52b4

C:\Users\Admin\AppData\Local\Temp\+JXF4597361929477131352.tmp

MD5 118abbe34a2979b66d6838805c56b7cd
SHA1 7f320cb81660fc6dff9cc5751f8fcc0134847c77
SHA256 d054d998ae12be33820b100e0ed3923d513fa5c79c6d4e7ca1953afeb262ea9b
SHA512 5bcad4a03ced2ce76c5ebf78cd2c1328a4ee27019807f56a48bf8a0f936c57f351f10726c176952f0cf08776a5ce53d34c14d6a848925be2789408a61678f381

C:\Users\Admin\AppData\Local\Temp\e4jECA5.tmp_dir1714790833\exe4jlib.jar

MD5 bd8451491a92b1aa5fe6d44bc9f3e1c6
SHA1 fe210263b4bdaa3719b00994e665839c8987094e
SHA256 8a416dab7b3028f3e79b41521b65432ab2d25dec9f85e220ade0157badc0dd41
SHA512 3c1892e9f8812ed6e895936ad16f3f457f50283d88d37b45d780a1d5f0bb2751bb74585b03227d10367b9367c7c2eef68d88d914b8e3cbcca0b2dfca05ad0ebf

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4106386276-4127174233-3637007343-1000\83aa4cc77f591dfc2374580bbd95f6ba_ebaa0802-254d-4be1-a642-a8a5c0b06224

MD5 c8366ae350e7019aefc9d1e6e6a498c6
SHA1 5731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA256 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA512 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

C:\Users\Admin\AppData\Local\Temp\imageio1397700649927498963.tmp

MD5 4bc22d05b225a34a3ddb4f17d2469b77
SHA1 11a7a273129b3deb9cd2c77ef1834b5643469d3d
SHA256 face76c9c4fad9476a1d80483d41772c805808a1383012b1c22065e30d32ede6
SHA512 e00b03ba7550af9676c56c1ae39c00ccbae42a06011b37e3faec174ee1eda3dd16a223194824ba3f11e7d8bea78e74991af31b51a9066c3941864e13c91c45df

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher\sklauncher.vmoptions

MD5 616097195b6350dd5271aa6f30cc167a
SHA1 5e2e2d48a513ff1c4b9612e16c954e060c34831b
SHA256 c0ad6503240446061d7da9181b625f149574430135e0d6ab32fb61f176c831fe
SHA512 de5646740c390dcdaa94b020163f532978c11eb2d6896ff4c06197c0354e50d610926d40ff97d9a56e24b4e122d94f430efc76cf2539a989b9885d527c7654bb

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher\sklauncher_data.bin

MD5 42db12bffac56e4a4930e4b3aa92ee62
SHA1 4328daa98c09fd77e139efe138fbd4ecf605b0ce
SHA256 ac45002b2aceb188d5372b9a818329992da039b564a1261e069685c0dba8c674
SHA512 a10ed3cde6bb5afdd2bd34a2fb69719130c6821dc27eac0dd0b80fe33ff75059387aa0e1bfcdba05f5fd80edb8e7db290d0e30e03e9e700f285557d64f42924e

C:\Users\Admin\AppData\Local\Temp\i4j5437175824312600673.tmp

MD5 2544970a9292699f5c1311c2d27160f3
SHA1 1b767d299fe08fe78d2860cce730eb5702fc5a3d
SHA256 cf96f15ea83c1c1a2bd6f971aae59b0f7dac0bd02d40133950b49ac8e19f4b48
SHA512 d429b7a0daaab5e3a751101c960472460b70eca09d0be19efb88dde4deeb6f34312d3ad157176611cdaeb0600fa3b608787251d6f4309954d89db940828867d9

C:\Users\Admin\AppData\Local\Temp\imageio8750685964070628311.tmp

MD5 8ee50698797304540fc85117d67fe39a
SHA1 2762547e578d3d4ca469b30a94c7535e57c5c72e
SHA256 90f1e2bcc7b6c2e9b5acbf3211ecb0b58f9e36b4f3db56acfc07f2a3577b644a
SHA512 d0497ee7a43d35c06ea7c8052311f0c4c9d25b17329f93ba67344871d7441a77dcc381a2474656f8ef4a0f1b5bdebc906c6ec46713d04dc9ca82aa470c8a4a25

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher\accounts.json

MD5 49752a0a39a19790fa3d12ac59bc94d1
SHA1 1312bb92ca265a577ca152978895fb1f69ab4cc1
SHA256 7fab60561b867a476c71e51249aaf7ef3452e42dfde01e7cd91220cd112cc666
SHA512 4b64f1b11ea90af35e402ffa2392a9deb4454ebab9dba072710838f6448d0b3075a31a88bb74771a9c6c71c01507264ad22fc9ef19297354ebd361788699dc39

C:\Users\Admin\AppData\Local\Temp\SKL_TempStyleClass5840427437242871556.css

MD5 c335b272daae33aeb2c83e8a90461e8d
SHA1 c7bcbf1905586bd39303853087e44e86a47c8b54
SHA256 e3c1fd97b905ff659aafd4220812d1747cd30bf83c9a960aca3a0b2399872722
SHA512 5aec223b49bf45f86ef78a6ff9c21a8b6ae709fdee9254aa05b02aa2cd9aedd218b65e66a984577225b0a71ce8ddc5b43b9808b39a860915497f21c5412e3389

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.naming.rmi\ASSEMBLY_EXCEPTION

MD5 bd468da51b15a9f09778545b00265f34
SHA1 c80e4bab46e34d02826eab226a4441d0970f2aba
SHA256 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA512 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.net\LICENSE

MD5 663f71c746cc2002aa53b066b06c88ab
SHA1 12976a6c2b227cbac58969c1455444596c894656
SHA256 d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.internal.vm.ci\ADDITIONAL_LICENSE_INFO

MD5 512f151af02b6bd258428b784b457531
SHA1 84d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256 d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA512 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json

MD5 38d5de040f836f59636acbfcb9b4854b
SHA1 50c0629a4ddcfe74dc1dc108e2d8a65545c74259
SHA256 685d07ca85d5bb59d1e21526281281930e499dcdf9553e135f9c441c44593ae3
SHA512 423fbaca940b262a66dad4afdaff52c95d56cba0ce8b11fd797fc40ac6ad7768f5c9757d65512eea0d9bca6e6cb9bdb0416db204158c7b6ad09dbd01be24bd58

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin

MD5 098f635d6d8d9b6eb167a2a3a832fc99
SHA1 12163efae3f650ab3d75b70c98887b5118dfbf62
SHA256 b501582c8cb4a5f568df38be335c9b3d46f975562bd2785511861a2fd6445d48
SHA512 5dbbc21a7a5f4fa14c67975e564dcfe19d5bad1475e0979a688576b8285ee2b7785747e7d19284bb33dae3ff1fe2fa46c71fba6bf0d4c66680f24aa0e89f98fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\permissions.sqlite

MD5 25052fa1c053a2c30505d5e62175e435
SHA1 1294b79b4640067e73b6f1488dd862d2cd7b7c36
SHA256 11a21a2466757240307e382cfb96536f60ba391296f17ac56e9fc77914fd64b1
SHA512 28def49a85db2f4e115b2dddf17a5d3bdae890291f04b4f5c9757c78802d3d947d707db6e26a4428d5803cb7438d17903ff34bdda9ca0a4375c5452dc21903d4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\index

MD5 45d406883fc3eb362c0ccd7c1278cecb
SHA1 e7a23de2ab2c81c57dfc27c691857847f721f39a
SHA256 e2ab6aa16223fecca9473199d1f11a24ad58291c43e451fbf7f42bcc2c1dbc3d
SHA512 80c9458fafcdc4479853b79f2d0704ff9c8342449ca5d8a7b2d25b3a71eb168a57c9fde4a83ef33e63b01c82f83c9efaa95403d075ddc0f6cc57cea89788c5d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\index.log

MD5 fa729d6f6c1ce0aee67715e18e24350a
SHA1 a4339bb16d047d238f9edbedc28affa0019a41a4
SHA256 7031c476e4343fc4f2725bc100ef1f1d2ef25fbac01cb68f06fc33caa046cb78
SHA512 060110ed8bec51414e5c5c8a4da339fd175f076f00144fafcb38cb5f84bcabdf6ccc745f724314fa0d2e0c0b48656277f69c8dccfa73343d5497b674a90bb6e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage.sqlite

MD5 debf32ada80a2241dfb3b9fd13ffc2a4
SHA1 122203cdd1f11536ab975d536e39fbd594157f76
SHA256 694b5cc8cfe554135252e03132bdca940a13bfb02e0ee205bdcff5ae7537026d
SHA512 d90c80674a692629e5ef3d2d71b67133cbf69224fb6cf6e852b6b4fa04d721ca7243be2ef090ef6cc77980c186250cc82a0506b289c85f51135d955fae51b8c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cookies.sqlite

MD5 a4554613ffc799dd1fdb119cbcc77227
SHA1 4a46d113bfa7b7f38cfafd8da7870bc67f407706
SHA256 2680e6c3b206f3828c76801471e6ff49d9cccf6deaa93eb57af1ebcc95827731
SHA512 0b09e56e84727bed7661263e018e21488d77a7e5417db8e3d7bea5114a441553ce0f22891bbeafea6f630149f28eaee8f411a1484fd4a7652d2219e74bccf0d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

MD5 9207c39f8d415b1867b5a2d1fe533221
SHA1 a533890a8b04613f72d27a7d439ff17c741d0c88
SHA256 63723e42e61082c8026af2f47d93c28b60e0569f8083b499f28099ce403eda64
SHA512 bbe3d7d8b120d9d88385c4d3334b4cf91dd8d3faaba115518de4d931463df84e871581fb06f96b19dc8511a1f10026ddb375088ff3f477d8404ada9bc1e6b53e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 038a95e8f7bd5584c3f99c0e018b6961
SHA1 feaa021d20a70e343a12bd85239ad9039af70649
SHA256 0008e107a2485ac77c6e224c6752f58ccbead638db55d383b0666647c79d84c9
SHA512 f126ad78fb2331245b20c3766945d436fbe2ec8353896f1b90175bf2067582fc876284c14706f72500d520c0f117d53602709f71dad5f9e74e373d71e43e659a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d4aa142e-ea0c-43ce-beee-585a4b509048

MD5 306185fcc8de0806e9f3abacdc09ad69
SHA1 e31179d352cbc5d84891f1ef06d9de84c6da7fc5
SHA256 9b2f585055c4d0d75490b6b765104c529b3d846842eed564cb5e93a9695277e0
SHA512 102abe0d66ddfb2f157665f7ba0f80be47c988255c90b02bd18a3b291533b3d5adc4b810a2b3d43e91f4d2cdaac76c5f1e215e59e043983e21fd1c437f4ac214

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 fbca1ff62bb9c9fbd33d62e7938847a2
SHA1 0b9df1e9e39d203a744b665c6ba16190d27ce88b
SHA256 7102ead620661e31d3a7ff430693d21ddc2236e4a2ad19bc5ed8da4bfb390760
SHA512 8a98aedfe9ec06f18d0b1c5fd7dbc08c028e88e6f62d9fd1c2677435d2ebf0921b8e5d506c2ad95bcb42a42532707f3257a489767b9a867a8dd379eb9cc9df4a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt

MD5 67b95a981d750bd67fb8bce0b5030355
SHA1 6dc54909fceabfb9d0c96e0e40a9200aa7916291
SHA256 2059e05b0282a145812a3861104477f40a30e68c4bc41764282601f6ad6c6c12
SHA512 a359abbd264c78491b31f10580c07bfa783aa0e669c1b02c3fa48f99768f7f3ca45974f3902cf006967afdf1611e3ff81512039fee03a54ca6e6d4707b2e424b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\8b6e71d2-6f6e-403d-bdc7-8cbeab97e352

MD5 d83a1f2c1f9ede5b36c42e2541935992
SHA1 5aff57ecc62e050814b8ba00959697e72693553f
SHA256 6dc45e93ff41b36bcce61e3083b773caa2da2a0e3406ef76e97421310a8dfdd9
SHA512 94adc85da874d986fe04e99cd476eaa38bf8cf08a1b7bd106c3b1f9083544e7ba6133c690b95df807e2326a4af27e5f6e0daef4756d127e4bd05622401703e0c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 64b29e316ddc56896f299f708c771138
SHA1 be8b2aff02aa0a6f530121f92c6850df06d37469
SHA256 d97d9c6dc363ce5c517e777cce8126e6e284dc9dd1810b765ebd15b20690f22a
SHA512 4722bbef3e998bdf8b4359b38596ec34904717d9f30984c3a280af5ba6d7f5f01ac902c56da3fe0189f143cb88676e11ed6d9627aa1b79aefe4c6420aa5d95ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\events\events

MD5 9cebd3f50eb9a3d2f84a84d82aeea34e
SHA1 a56c3570fa294b301df5fdca4008fd76fa70042a
SHA256 cf6066120f0fe0e7bd423e05c50e15ac5443b9a8674d8f6554af796bafe41769
SHA512 41f7380dedc98ab7720e70d217e8b3e1c509ca3a367ead8f98be5049e382efe46bff46338d19880ecc317a7a068ac608542d1d137401779b5394af98bc0b3005

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite

MD5 52f81dc1949409647056ecb7b7b2775f
SHA1 e746d8bf5f2e5c07d371833685a0d6317cf3859d
SHA256 02ea9271575c3da7a83e99d3a1c068a4bc6a84d0bbe083a1b5fba7541ade4654
SHA512 18423ad9ccbf09689f8b2f4b3f7e3e4258819a929aebf1366f52875eb2cb72c320e04d42785e6505e0ce330757567462e6bd9e8052f956f9e7c6451ee3989f8f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\favicons.sqlite

MD5 101247fea8ec2cf02a32b78437b770d3
SHA1 1b721902a6a448d5ef23c46b7973e0fdf52eb820
SHA256 d53aec18c789f0ac6e87c0a14918190a48d1b91dd83e3af96b553712756115f3
SHA512 f24f7176183de45f72515a396a4881daab93b2209230aa63e83cb7e0120cb4ccf2ab13a2a74734d2f5e3765bd7c1400530a73364eff809da489ec58a3421c3b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite

MD5 a35b2ae2d4664e541761d6071cc1fee5
SHA1 ed033c0403aa5e93a0f5a082c818a97e391f3f47
SHA256 f792cadc16eacdde791001bcf62ab3010add4a2bdc297e1eeca53f0c5e5b3b34
SHA512 1ce2116ea1c56fae128214fc134863dd3832f2d429d3b55d4497072585b813cf4c28a82ea2e794ddfc7750cab7977f3a4af4c91aa09ac1e6ab7dd325cac989d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert9.db

MD5 9ca000a0bbce4ae88d0d75e81f630404
SHA1 9b2380d97a0d77081b22e3ab7071688c573eb637
SHA256 e113485262ff51848347e9a15ac38a3421537aa06c7e3060699c82f2ba1417c0
SHA512 470e83127b15ba0d6da6576c4d41231ae3f56f4d56de46e81865cfd59972e7bfb11525c26c30da36baa5769d78c63c84f04eb5ee5c2e896b20cec86ff77af14c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 34ba09b33f64c6be138b74bf68503e54
SHA1 60960511c231615255f5c838a582439b860fefac
SHA256 f0332f29fe1327764cd1dd331369678bd858c364e625d1883a5c28e16cb0c73c
SHA512 d8dc989adb073fc99ce50ef952b33c84e8ec42fd2c8273c4846b550835682a6b759cae15329fbf7893e1521db47b4bc234ba317bc9ff2fcb558b26732b18d8db

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

MD5 fda1555824339c596c576643aab1ca49
SHA1 419ea888d65fbdb87eebed859295a600ec1be5f4
SHA256 3ed17f03c33fb305c22297ac40bfd01e55e1fb908dc57e51f4733a8705f69ba0
SHA512 2f29804754a7588273859a0ef05392e7d57f89a3cf9729598b21bdbd3aac04fdf82a69cd2d8ab5860392cd3724319d5858624a3892ef825e680817db0f7211df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\formhistory.sqlite

MD5 62237228461d36a521b3046c9ebe543d
SHA1 039baf8d61896f3ae462d6a1c337196afb29ae21
SHA256 e30b8ca951675088a21f75853b689347f38553b435de4530d096ecce2d58a661
SHA512 656b4fc9827591d5b1ca4bd59010f20d69e83f5b1eb1828e8ebf702b652e1d85c3134dd60d64ec1ef72ce7ac059d33d622cb99051b8517b7be1678e094126c5b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 57d21d129f04e16170df1ae011eae7f3
SHA1 52bffca93e3312973326c1e4cee4daf5e3238a74
SHA256 a9f4123289ecd4bd4706f3444fcb1657aff6fc7bcd17cc5860c02b11991835f1
SHA512 abb778bd1cb1d6b26ad68d0b394b22e7cc945b4aec3edca6e1bfd1d45ffc65bf7b5784464729068f33a511302590923346326fb31e11885789249e2b2e346474

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Cskmedix.pl%29\ls\usage

MD5 ef5bef2c23533b20775817e0acf08128
SHA1 7e6292d37817cb31904c13795ff44f14e69a7678
SHA256 0ef72b88336bf69ce23a2f09cd08268e0eb7ef6ce19e7fd0632c7179a22f7f31
SHA512 61c57a8772cbfd11f9118704795d4ac30259b447ab34575ae25636fa1f7138d015e89514ea9025abf3fbce791cf597023a3ac209ca3a27031aa2f01aff2cd0c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Cskmedix.pl%29\.metadata-v2

MD5 7f843187587ded2fc81ffea60f2e0339
SHA1 b75e4234b97c092000999e51d42f5b02e60b900a
SHA256 debb8dc821a7cb086bb6a09cbc2318bcd5426b7ae4dc1e6307e2723b1038617f
SHA512 d14b2e68a9f5f7f80de2eef8c2156ddb180ba891cef9e7ac335ef96cbf4ee7c563c82f253d7510815184bba565842b91f23f0282ebc4244acf532d1c73141376

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\ls\usage

MD5 bd528fcca9960597ca63fa020c5b1082
SHA1 c0ae420c7d6a6487479a757894bdb61ef76a64b5
SHA256 89ae79ea8815f86407797af5e46f32547c7920320e427a0b1818a4fd1b82208e
SHA512 0eeef6d2f38bbfade7f7b992efb37e93b886dc82035eb5f518ea6c729d1a7d672c033f92dc88fda27b3f99e96f6a05e6da5a901178e3b2f29276b93b5abb5fbf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\.metadata-v2

MD5 b85ad3acdc3748abdd4ce4894fcaaf73
SHA1 12277eeb5899e1b33f57a1a6b4e9f920a48feeb3
SHA256 89117e18bf7915c54bd8aa2289c5a0cd3f279e3756a9b4b4fc2705a36bd4a21a
SHA512 5030701858889f72f12b6687759ac6301b62461f316fd17039f6f3d83d09b6c9ab27967b2fc235e8fa4ac5748c8dbc5196519db61b73dd059cc4e5bfb029fb1f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12016

MD5 2cc569bfac2b59817575450571cb667f
SHA1 6386165aa56c121e41aff04942d4b1dc0182abfa
SHA256 99f8133f96c9de9be341475c55ae4fa8607fc6265d3e0c5e2fdb02602dab0fcc
SHA512 6838fe77cedb80014b73c775c089fe5052eef509414b5b7407776fffbb209e3048b208ede4d3e522de8934cbe29e019d2aa8cf4cdf24d83fe343697df9435afd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25191

MD5 04cea0cd4d957f0e192db9749a0f0148
SHA1 b933d04eb498d05b5da1b077dde0340bcf214a12
SHA256 0a57dff807b166a5c6531f1986e6566a5826cec23122a1fc9e37c6c098b0e569
SHA512 03e9c8971e29b128ae1266f6ed2092e0669db394536b4a8aa007e2edb1d1172765e81883db17f8d24e51e3c51feaf810dfa2cfc23bf1d506d5fba7586bf7b31a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21925

MD5 cef4aec50664920c6c24b4285558f152
SHA1 480aba0792f91a606133f3ac45fc0b4922029c2a
SHA256 8831eb6aad16646f748fc34cfc83de885d27199a3331c3d24e5cfae3dc258b0f
SHA512 a3d34c715c1b13fd2df4504420e63e275ae8481200f4c85f99a373d6c7514f973812574e9d89b97e3953bb6a1db8cdcc1dfa7e93b6d55cebfdd9659d84aff5c7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25798

MD5 4f27849dcda948f9d1d61fe97c4a2bf5
SHA1 8065691e2b55167b2b0316984402f098a4e4d426
SHA256 3ed448329bbb48a288c70a604784fbace4d8156dc93722fe77c654eccf83dfb9
SHA512 176fa15d9640737280ab9124a8e09e021db782f4208d609af0ede581521d6cfc3a0ed2860d6c8795e2cf59592b0b3eefc8023aee1c4b767e492a44bb0d9d6f14

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22532

MD5 6d00e05552dfcfa34ca0f99082a7fef4
SHA1 94a221a6007060284379a167dab9b7b3bdaada24
SHA256 aaaf9e7c6810716482a3b9fd4445ee84f8136fb5571e1eb8442b14ce10e2c186
SHA512 f79c4a52e54dd2c4c112abb103c91faf4ab99cd932fb5a7be9111caf8230786e8991d53f18fea5ab9ccf168fcfe22d7eda854ea0ff88cdde8308a4853e3cd9d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\19267

MD5 e1cdc67eb73b47cb98001c8a76423b77
SHA1 f958735ec0904fc220cc38751cda30b2587157b2
SHA256 439bf8c5df4f6c7d645a94040e8de2b889aae90f978ecb6a7fc752f567105374
SHA512 e729b319daf48b2d40b27d116f4b1fcf38d59eabc82f28e0b3c09d8dc5b5dd44da398740a8075b66d951a6e80c59b39b4b8f216e789829a807cb28e90fbd472a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 26d651fb1a5ac6059fa0b49dd9330728
SHA1 422489cf56bdc0a376bff824c5e3817d6f726679
SHA256 7b6515319a1904ea151e361a85d223a6be64c8adc49334be4f4dcb55722845ec
SHA512 e50020f7ccbf4ade858c6928e58d86f8309a19894de6ed0ba742e802cd66a46e8873c2f40ba0bd3e2e973f9bb69cb4a43fff258afbc939e98dda557ec4fb3258

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\26207

MD5 24fbd8d34db747b35cd422dd19104820
SHA1 7ec5950128d138c10160b569709475ade3da39e5
SHA256 1ea7523ab1723097d2748e5974b2d422d047a2ff3bf8054853b594985d2daf49
SHA512 a459f2b703d9f8a9e6f23a37f7a69410f340b19525aa09f1df7d36f1319df3c3000e4c3dec20e7a8eb37f6bba6820b106929eda097f218badd4bebfa4f51c5e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22942

MD5 b0822778f4b2014596374df7d8ec7724
SHA1 e9a3d2a98ded86274b225ca7f679b3191eb223b7
SHA256 a5cc48cc81c900f6b0652efd3c11408c38c714fe0097a64b712c9984154d9676
SHA512 51d9066db91c093ed2a4245b163646c7929129b7010bc67075ace99ff183095cda2f894912c1f71b3c9bc23ec27629c4e9b877d8719bb4e9bafe9ba54c6aa71d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18217

MD5 7acd6833e24cff702eee83992b5c0987
SHA1 de174fd744febfb9ebf3cb09024d2e2ba67534d4
SHA256 26c0e494aef34738b89bef9f4208a2f32ab9871917de429bb5088474d3610fb4
SHA512 19ad2865a5bba0639a5735c0f6f161c29025b256ba03812f1329e01e672335418551845b15cc9e8ce71e34d288906a9fc7ff857be4929ece7eb8acaddcab67e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\23497B1A0ED28AAE2C6D515EA7BD9531C3020BF0

MD5 1adf1d59633083ca073f351679cb4eb3
SHA1 bf5903003db43ea81ec36caa538719ff599238a5
SHA256 cdfeab4f8465668bb5f82653087fbe3e56b55588cb44092edffa907d629c5a92
SHA512 627fd311abbc170813cfcb9d063f5f48a9320b43769733c138909b9f40c95dcd4bc69e07002a8f2787582f03b16a89dd18df1ecea3468e644d9cc2c37d2d9b7a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++open.spotify.com\cache\morgue\120\{a62b87d6-d776-4a1d-ba6d-d8de18681178}.final

MD5 a8a7fd2141ad855f81d1ddf519364693
SHA1 97f7f3f17943dee44dd352681985a0f7293cac91
SHA256 43648804333d60ba9cc91e77ab8216c723b2fb71f8a75dd4892bbaea53184e19
SHA512 69ef0b52e9f74a10e27e625d65a202b620cb810cae0d6812d306331f4a27824dda4b21bf6f83b9e8cf9a3156bdb7e39e11eb52bda0078f37ec437a54e8b48fc4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 1174ffdf635b04dd16dccf89b0bbfa0b
SHA1 90d97ec441cf2604a2af6a04bd396d76378396c0
SHA256 36a78df592a303a00bb51565528c3c903edb7546d3d2f4ac44424615de04d690
SHA512 feac0168d9bfc12fcde2357de5b3a4d4cef7b8a4b34399dc10dcf8e55d731f3eb97aa50cc280409d6389f18897f5c7c6b63dba88bee5dd3d563e5e34bf3c97da

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18990

MD5 4b4ad4c2a358ac92750cae282d761776
SHA1 02f5790d9898996ee0b3a80facbf3a70cb9ba876
SHA256 456ae5a6e3da6af7512ad1af90ed0b674c6be16435d2a600389cf9b47708d58a
SHA512 87519c2f3ff5ee1e266578ad87c56d4bb201ad03b314a63311e74cb1941ddafbe6bc450d361bad329249909990ccff79b093f7ddadd2c36f144fea1d9f863fbf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24928

MD5 eaf76453a1885d46479aa34f95cdee1b
SHA1 426131d60f26c0b082a9d1d12a5d7bc03ca58517
SHA256 cf24ce9c5739ff52ba7adbf615a711e36c464498382af1f0641da49bd03980c4
SHA512 1466dbc033677e0b948420021eb88b509050f6e3811db1efc08ac05592e0912251eeff08d6a496f344fc62a136cdb93af94b8acf77f25a949782d6751a331313

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 09c775b1dc56a24bdde3bc03d97414bc
SHA1 f75d00cbdaafb0673580ecb8230fc352fc0c96cf
SHA256 3bfa148d4dff4fcecfb8472491f3ee39f02eb6e038aabe2c65ff00cccb614dd3
SHA512 e748a3dfd54a7e11e3aa3395bee644e17999da86ffaef83c2c6b99cbb42e1e57753d6a875ab52a4c75728c1faa99bfe17e89e24b79f83d32b98e71de4cd80c48

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b5d253894269a44eb76f202c9d8c966a
SHA1 ba353ac4a6007ef90bbd2484d42c649383ff0529
SHA256 fde6c76f3ea3cbf99b1d16f768af2559b5bd2d71c776889294c921532b795aca
SHA512 da9e71d3c8896bbc93b9c2b9a8353618322baecd2f37177d5b44e504b86490aa55345dc8da1af37093f121c628ec21d05e529a2782c01319d0d562de0a992f43

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\10906

MD5 a7eecac23ef4649be7dc8c89d4846fe8
SHA1 28e2c0b77804b9a3724e4fd08d20a26d7c161a3d
SHA256 85801a6d046f7d9b157efec4ef2b8eb515d46fa44eb6a9a95395841a25bc3467
SHA512 b3a81093150ebe966fe75277ddc0c3c4e84a1b67df930367fc0966ee7d12baac2c02c71d86d0374cf8c773bfc40cf52c2c9752e6fb5e60d8c5890447dcf6ae85

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12175

MD5 27ae9a77ddd55e8954520805538c4f76
SHA1 f3a8baac444bdf2cb1e415139ae63166b19cadc4
SHA256 40006997f2f0ebb5def319d5933d848db934e504d98cdfe1687e834017b959d7
SHA512 0314efade6d744cbef75a14022789bf2ea1ae8659ee7ecb2a1c8036372a20415a6d63dc0b2b0219fef358f15bd5b68697e9c1fc56181e8f83a28dd029e421b7f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FD8B5A19DF57620BA56D7418AA339A3D779BDF33

MD5 34a9e28124f9d2353918f560c91165fa
SHA1 392a9467a28de3589e6b831aac5ece47c25ba066
SHA256 e1600fb5386ca419986c8d1eca99b69d01b3c9768bc8c0d89788a9b65c81a2a0
SHA512 dc05e881a7810eb5fda61195b618eeb69f1634ceff1e155f7c389b35d4012bbeee5063385723d307e5d5f9854d546b8a6edfb8e0d61082b5fc160edd43ab04e2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21878

MD5 1ed61678748d7df44e8eb413b7bf5379
SHA1 d61e61aab527f3f0ed7cd05b85ef5cb675db0556
SHA256 63dbf530c2d1a86124d403b1d5ccc5e98375bc4c89b567a7135c41b861fe2703
SHA512 5e946d28f50ccd48e7325c07918426748040f3e94a2155071ea0a15c77ee84e84fd31f48a3bd77ac3789ab57d7605852b4a34d0ba9a699754446ce0bfdf27b73

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\15361

MD5 5ae02d34d43c6380c94be7fa7d77d7ee
SHA1 3f42765b691b15d88d8a6493e61e083257ff3bbe
SHA256 fe455341b59cf8da8258d5842e98581776f00a7bfedbf468797c6a6247c59bf3
SHA512 3475147828dbc9616a4828af9bce36f054ab6847e4068812188d429c1b78c0a51329b670e777ce8449209a5e70363480e2b8f13bd8dc0c40ee8b5a7f8a857566

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\28346

MD5 d504a0da6af059483421be85915d922e
SHA1 65c62fed7d5a5b6a18ce8c0423bb162a1fcd9483
SHA256 506d0b2fe1bc6bd6e84b88bed532de690cae6bf6c90ffb99f0ebd91c2c001c26
SHA512 01db253b5e9aa433555427f0edfe3e11353d9c8bca2f7171f14a00a85da874c89f184cfd6bee050b69188e61a25129f636495bffaa55994ca0e33922b64560fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f826cc75a2315542a45f6a228ebead65
SHA1 228bc08c95e32e7f7dd97ee6a140e283a45cb8d2
SHA256 67365265b71025d972e579bf237f9655014ddf0d2d03018772814e05bc89ceb1
SHA512 12c3710638470ddd0a7561bfb01e138092e624e39ed7d8ffa44b1bb53d976929452efce9589e1a871b522f91a4d72348308c3e52b6116f7cae272fe0c1634c49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1586

MD5 c89e28f007ccc7a291fc614569ad0e75
SHA1 542b4ddeb9ae5fdeb90d0b46aaad8a3808138d6c
SHA256 b6bef9667aee810f35d369920a7227e19daa02e749b4790f6a5b7d7a9937ad7d
SHA512 c41aa666f70539b889b56b2ae36acabd5cc2a72a68d49ff451ba36169bd0c647c77c7ced3a30242d22a6ab678ac45f5ca7e330771673e5f270a3a4f02e413384

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\store.json.mozlz4.tmp

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17239

MD5 ec7a996f1c4c4d7c99aada459bc876be
SHA1 2190a4f5118ead5623da4ba3e1996d1e30bedf97
SHA256 9bacac22c451a0e087c04849eb96751b2fa7a409ae3616f3dca8f84108868698
SHA512 545e8f098853d8171d9ef6ed4a31a1cbc314594add2c9d5326176724831ca182a01909d2264bdd0cc9a59587c5fb6519efbcd52ac2cb49e6ea257999b9c07bc2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\11753

MD5 76ff2ed66b2b5813310dc09cab716adc
SHA1 dc49fe3a55e9374673e6c497d64caaae05cbc473
SHA256 f652fa5add11af08d6a113c5e4a2f71e06cc8b713643ce7cace82e69555f3f92
SHA512 36766bc9c5e6ccd736777d41dc18f29776c425efc3a020d41b4bb860c01d4384ee81d0f6f6bfd6456683904af40acea0d887f63a6f3588636ce97b53541d88a1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\13347

MD5 c3b52858f0f38382fdad28d99845b7b3
SHA1 d1b364ef47a119bb133fc452f6425cdfeb9bac44
SHA256 315c5ebfa93653b18923afd8d9b02b261bc8f8c13db0ae1573bb00f93829ba95
SHA512 205b01357dce078902312a932b0dac063e4ff8027b1798322b024534f4e4b8112d5f354c3f712e16ce4eb5e721c2216a37ec58c70daedecd338996f75dea76de

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17645

MD5 cde6c8ba42c3edbc641bce0b92f907d4
SHA1 c67861604ad249c1b82e834192786733cf5dbd1d
SHA256 65805385536c24490c9b8761f9a0c231c8a903bc26375acdf438b5ec5c546976
SHA512 1411120fa933b9a05f6b11b153271f9fd1809eb10eb80d6f05c783e854313d52034d42c8167739eb9de7d92813bf51766954c2fa2144a2ec770346eef5b3c559

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 412b33c60e7ef6330eb6922017b3de27
SHA1 0ad464d36341cc387d8bdcbfd796ee7c6746fd2a
SHA256 70d5a295002bfec362fd299310d28f3c9fc263d0a6715d3871599ad41971eef6
SHA512 de5085b7293da932ab2c9f7e9984533dee0cbb9d407fe7817c6fd09bea7ae24f214e3a341e9fa0a0c47099263793d853ce329a5b2b264e6082ba8e5bd4872a9f

C:\Users\Admin\Downloads\SpotifySetup.1KNYQARm.exe.part

MD5 cc98845b2100c8598411b753cab5ea58
SHA1 a253a714fa68ff34391be3476f307c8edbf637b2
SHA256 2bf4be1f2ece869159c1f8d5c0a8a4b806e8b9007c1bcf2193a36621f99279e8
SHA512 a48b77a9d255221e3f72cff6499f063a5aa7c0f25369734422934b6844fb0519af31215141a11c09983bd2bef737c34517c30e68dd6589b0d0808459931a0893

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 21a383d1370f8d29f13efba3527f231d
SHA1 4c96b6c16aa49633dc695b22fd3d3f297779cfd4
SHA256 e41fbc2c4cba45855a961ccf12c43f19d90d673378affdd18b28c68b5fc4b328
SHA512 50d058cb2cda9136dec85c966d02873780efef351b24563b5fe7f1b7f1ffb0717a10fac91c9d5f87eb3869acb195aa4fd028644df778dab09d53bd4649753522

memory/6440-12728-0x0000000001250000-0x0000000002BAD000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980\lwjgl.dll

MD5 d8ea3886d9f59b514bfa5b24ab69c0ab
SHA1 2bf57942dff5360889f0e89c58d5acdc54e5f1ea
SHA256 a39adf52947fafd954c2a86ce031abb8c59825f7ee50337ac8c41e4280abe82d
SHA512 ba8af0415c7b0454dd8bdccf78ed59da3bb5cc5f631dd060d3cd0eaf74d8f55d7531248b6b8a995ba5b672dc0386d3fa198e8c761f2e1cc0304da0dc029bf29e

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980\jemalloc.dll

MD5 e58d41175587d4355fe06bf8b8a1ab32
SHA1 6403f8243ea983a225b3bcda6c821a0029ad9ee2
SHA256 9abf0095066ebab37b78968e11370a8078313e48cb5be8eda01f67623c6a6248
SHA512 fc432ddb67dce8a672ac268d25f01d40c1d614e4ef34cbac6c4a2c01742ebab5d00c7ef5d9f0ef46ce0b3b6a4d5ace581fcf8c247d492c3882f561015d9e2ae4

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980\glfw.dll

MD5 8cabdbe3d67546771b02af5d42073cfe
SHA1 2e19147110b9872a52814956bab151a7aa80ce58
SHA256 affa7e54eb0dedce4a5721c327c1a16035edbbd039cd402e08107d6d2d55eb1a
SHA512 b7f46feef779e5772fc7711fda601fdda6ee4bf41d4fb87735a0b8fdc5fdbbdab23ba1760989e15d66cf9ba65409933cbce858eda169d04f13f401198245ad1f

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-1099017328980\lwjgl_tinyfd.dll

MD5 e7349669dee3093d266849685efecc60
SHA1 e7c3d94ad9d83f0762dfd82780d2a683d5d9b3c0
SHA256 ec7d76e6ef7a99628ef6f8b6e544294b700108c341837779e6e2c01c0bc3da9c
SHA512 41d772a4a9673db43a4584af78d5c128278b27efc01b7da47a9f8f629fd004aa8e4c63186d93b6cb7b664325272f0a291a1e80d9ae799910989171c1cdec34c8

memory/6440-12827-0x0000000001250000-0x0000000002BAD000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

MD5 3e64827b712d0b179bbb4704b64589d9
SHA1 1af9f076d8fb5cb370ba9c353ed8decc636c1f06
SHA256 e8dbad0bc20ee85b96b0dd345f16348c7110fdc7870979fb908ee36b1acabac0
SHA512 18db4c470787a71cc1ce90afaa9f9206bdfe8c12a1400a48a22c9c7f3a4c10b793bcb694c281ccaaddee18cabd19315a43e62492bf0ed95a7cc44f68eb3fc9c1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 2992a843b6825e902a42e2f2afa751af
SHA1 329b89c8904c28fb3f35d758a40bf1fddf579c42
SHA256 7b1091bf034ae7a218f7a90425a88352bc414f57a7770c3683c22308ad92d912
SHA512 bc0215c882d33edd8d8ae40234748541684bbbe9167b561043a3ed35d90bb55fc278230f788879a6bbb614e21e41acfe4af806858d3e8ff909ba731a9fc005d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\n8k18eEP3XVV5fxtpoQkUw==.ico

MD5 27d74d899cc3eb145b9c3f4731d03679
SHA1 ab503c850078e3e0f4f5682c122cb729b6d07fc4
SHA256 316cfafdd8b1bc8579f8dd241a1072c87873cdb11ab6b1e0f05e7d71369a6b19
SHA512 9c92502eee1c6d8181d5a17b1b30b9a8542db4a85b4551308142aafc0da648c37ce084a6c7b6409e3780b8bbeb26feba0af9fbe8ee0bb6078b77e0bf47388c72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

MD5 d0fe97f4d35082c0ce77beb8362ec643
SHA1 61248aff38f3fcd18741de6ffa4fc12078f90bb7
SHA256 0286ccc6c8d5d160833af587b93edb1376b46a8a9a4be889744a6773e0bc3ca1
SHA512 3fecda21df6c9aae2b69513c0f5c4081366379b440922400649ec13c2d584fb6affa75eea3529ee1761b763825f4b37f18e126e1c2ffa38c3f42a9cd4c1b365b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite

MD5 6ff0ed7be7040846fb30175bbfb564f3
SHA1 4f9ec6935e6d40e5d951710fdbbfcc8ba6fe4da9
SHA256 290476623db9d4d5cb424626ffa8419692202745dfcbc2bcc64312357a6181ab
SHA512 30f5499daa6e006cef3a3b1fc5d8980ea41a6be918d4f62ace16d43bfd64ae027a9cd52e7823675b0c2f1fdc934970f1e9ad9ab161e9722d1d9ce6f6d2d7a39e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 2ad4fe43dc84c6adbdfd90aaba12703f
SHA1 28a6c7eff625a2da72b932aa00a63c31234f0e7f
SHA256 ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933
SHA512 2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\ed9ef829-5f3d-4622-8621-8a0a3bd52575

MD5 592d30ce2242bfd8b098d439b54f5d0f
SHA1 1a98457a0a283421a18c5ba9f66d57fa91a2b9f8
SHA256 c1c9725681b250a73b20cc7b744eff5d30c6eeae38988cc606d48b4efc493561
SHA512 fcc50fbbf5af130ee765390ef63d5c070c6704d1902a38e2b36a0bd855494c78eb99b84473f947b5c6f96e37d8b9ba5a95c62c6b36e1b09f2274113403b434e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\dd616d1e-88ae-45e6-a2c1-06971edf59bc

MD5 16f6bc2554afb0143a54e088cfb50df5
SHA1 a61da7bd0b528916c400769d832bc3c11f5fd52b
SHA256 8481d0f22b917bf9511b164b4f709670abaddc3009a2ca7e967e59924cb800b9
SHA512 bb2bae1f5ecd87b2f2eaa85eee0cfa0048f00d6cfa533b2b3709a75552a141d2590049917d001682617444db3abf0572b606b145ddb7040c4b5199e1388b7882

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 db963a7840de1003c7c6fe0ee8370381
SHA1 75fe298c38e4b70a66e3f9fa629506bc837cfb91
SHA256 257dcee5f2ddda380183b364cd8c06f81184dd4544b87756564a3e05ff08b6af
SHA512 84be350b74df9ef2b7a23854600a862417d2914fd73d3d1c977c7029e789382c09108cbe2bc9375e1249303e74ef571fc963ff598e2cdf65e616f5d7e1c28c36

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8FE6BB5B069E32193FA90551D0CABC9D6A7D8B08

MD5 bb922ba5056ce4f336c29a5a96e016dd
SHA1 5c759f684f4922d0549540191ce6e41ae599ddcd
SHA256 a3046d6a1126064fd36b4b40320216f9db0368fbb5c90870e74cc880acba3b55
SHA512 db21d0c8027e3ec669e6006c2ca69ce3af1b31a9260626d6b8dd48352c0ff5f8d598ee65fd7b24bf3231d488e3d65533218ceacecb90cd031faa66e9a849640b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A9AF614317B357EF73559D5B7C5EFB6999CD6B5B

MD5 d177d002ba370e5bdd026c69e6dc350e
SHA1 67b1989b51c75133e124084886f43cca2d1bfd01
SHA256 6b9fec390d04e7687376d3add5b3f8f9a8afb65ae5174eafa463b5915cb57426
SHA512 0bccf171b7158e8f40f35ff1a7c320914164c8ae1c27219ed1338ee8a70a60db5eb872ee2dd3236a580044754c86bf290d5ce9a8b3e026b4d79d7a7eb3ef8f13

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d3f8cfe547a662b7f69e15ec8e089622
SHA1 ec9b1474c41d9acb38f71636352eb647e8efd361
SHA256 4b4210490f671b66ba9749ad0e84e9e34acec891573df52aadc667d1b595d128
SHA512 b7d10b895e98f4fd912853c30b512a7d48f58f004a9388691d86ec6c3130923418ea5167f1623d864296320cacd600343c4a2303dc96269b52a958458b9030c8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\3260

MD5 f9cec4d047d47182eeb40b4b231c90bc
SHA1 6cf8ed4214831f00eb2241c1c15601a0c294dabf
SHA256 e4eaf957a70868c5c838a0a002aa606ce5874788f9289debb019464fa23448b1
SHA512 72c78abe74763afe9ec03e4537da3e3aa2f7317c0e1b303cc422d11b4f457990c31b2a214b8262674c729672e9f830b927ee0ebbd3ffe5a566571c470a1b8b89

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\32763

MD5 90ab449d6f7e4ef2d3ecbcc685c930e1
SHA1 cadbd070b57ddd92d7b47ddb5b446f4507f0d8a0
SHA256 6c566778a0eeb42c4c724f9423f32b12da38de33263749e8d8204330ae85ed79
SHA512 4b8cd5369ad8f5b3278970baed9976cd19c7443a57b0069cd1261459374490254cde933084552eea9feb4cf99ee38c68dc11362b36724c2a805156df3fd2adfa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\16323

MD5 9bc8a42d0850e751a64cb53ee98f1003
SHA1 f836d810d71c3518c96fe83c9a182290d6cc30d6
SHA256 3b211107ece18a679837931460ae76382bbebd02b051af1f203d1a44c5bd1594
SHA512 5f563b82c28279764401cf4e3d24ce78ee6f32881a88b20c4e3fc96929b6250e0e4f160c17a36c0effa7930efe5e072d3c7e698f895ff5ab3f0dce7b68a28756

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2d7ed6b8d3a286c7a16f2453cdff10c3
SHA1 0bc175e95d3d51d2e9e3ede3b15b00d9ba10a19a
SHA256 1bfadfaa06013526189a06448369ae7d3788e29e2efdb0cb74512f04f1280e70
SHA512 a3630c14c8f10faff79c8ba9a8f4725c6892e08d2a218f9fc7bc97f74b2ea0143695999582270e731c24b1ba71c767126e54ec06195aac3e1bc124e8dba0e7a9

C:\Users\Admin\Downloads\jre-8u411-windows-x64.D1XWpXur.exe.part

MD5 c352b03e421407a2aa9eb8ad3a12856c
SHA1 f75431d84190b539a76d47bbecdb0c9fbdcf7667
SHA256 6eada6e5391930544fdece53aac83be53b9b4b66bb1dd02ec9b39650eb0e7b12
SHA512 f659c09aa8632b27981ee94a6b4846edd3e28e3243c4cbf5efa42d2744e5c24839199b42129e109fab169e17c1070930f02c2c76c6f0b49aef4871a1cc7466b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 20b553263597f20c7c6f6b0a4574c317
SHA1 e7e75605ab684d5285e014199bd7e6c243451813
SHA256 02f72736ffd279a2f66628fda1d6d8142cfe4004b844ca53954c2018ef2f9c15
SHA512 6d2b8dc3c3bb12ab2d3f312c7cde20180babf397d40a1f01ae9ace200247561ff4c9a5642a897fe386547f8a3414ccfc79a4558fe4acf35155f96f45499f055a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5d20bf190065566a124a6ab96129471b
SHA1 6eeaaccd0e64357607bfcf93581c7e3dc7fd856e
SHA256 15b14f7b429afab372577d0ba2a92e754f46ba29e446e19d846419db7a56a244
SHA512 90152a48116b3086e717bc0d3c8a708d4a6805c0f9cb88aea8c769592ef8635af09611441244c2051916f4799d3fb938dbc805aa9f1c02a716d32686286a7ca2

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 9f5c4807dee20e35df749052a9b6c7c4
SHA1 2b16fd4a41999bbb67d97f3cdb9fcb1f54b7b094
SHA256 0f7cdcc92812368bebc2a9861a004773e5fafcb9e495830fe5acb3669a7d622f
SHA512 777b1a763b94df20f2309ea069a3e2b3fc3db10fab4f799c98967cf0cfdf1de2ffb4ce9cda44860ac2a0380fae13bee452e4d23b6cd03167ee56519ef5c2e921

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 c8dc58eff0c029d381a67f5dca34a913
SHA1 3576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA256 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512 b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

MD5 ec822112e6adb9eb96e96322cfd89839
SHA1 8d745b8587f74415e168176b10215f38f531392e
SHA256 308b807ea50c72e520c3eec4bf9f360e75696b8013dc9942175376946073706f
SHA512 777c38d1ff7c14615167c6ea4c67b10f15b8f51ea44d146661507b07ba8e4de9105d285bdbec44db6b2a7fd831905e524c6ba159ed07bb2c75237c6085bf3355

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 819f1a97cfdc1dfd9dcb2ccd706f4471
SHA1 6acd78e07d545c8d7fe30e9c1c07d10f7ac590e3
SHA256 3a3cf8750b1499ed31cb91ef6026c03c323258e8cc5ed6c87039f8f0b2fb255b
SHA512 18b7b980772ac49cbdafd9e4b37dc5f52eba6059ab8bfde0ba3fee5e5b8ae66876b57191a6b6ead2de780790650a6793ba1872790768923b57c4b405eb3e7a85

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\utymd3p\imagestore.dat

MD5 432e44c11b6ce57e13d2fecbfadf40bf
SHA1 d1807e1f7234911616599f5b6d9bf03a6e8f5f49
SHA256 c95c7174bc6ae1f87b895dc18013e19637c063ceea7c20223ce3802777989106
SHA512 d5e3537b56f89c9ae2b23186afd99793278939b9a4862062f348c66e652972e73aab6c1626f904cb0f18e9436dbe906692c19d683170b28a3669803fdfd466d1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RML28J1S\favicon[1].ico

MD5 ec2c34cadd4b5f4594415127380a85e6
SHA1 e7e129270da0153510ef04a148d08702b980b679
SHA256 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512 c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\LU5KO5ZN\www.msn[1].xml

MD5 59c807415954a187767fbff598f45afc
SHA1 bf7df49f35b7bb36223b0a531560198695f9b297
SHA256 19e72630d126e051f4f40f5fa2ecc338bd81db81a7ad2b2ef9ac10f23bb292b5
SHA512 d35a827fe4f6ca3c80fa5936162794d37b25ae8023f76003c5f31ea300347b5c3b4be23c252fab64a07c264b4214f58d3b64045ed6b31b884d745998cfa0ad86

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 1f5692a0e45358680b4f05ce4d829a41
SHA1 66bd7695a315783b5206fd57aef1c80b4c071cd3
SHA256 18fa8313253ea5b9274dd8b3c7aa161defde8607cf6b3e728b26123c09658fb4
SHA512 e3f710f739b75b36189f57ff199eb58cd152e35d95d4b7a7067d07692227b9d4400385ab24067abc4a987d4b5b8f0ec974993d4ad0cccee2f9108aa2340a94ee

C:\Users\Admin\AppData\Roaming\.minecraft\assets\indexes\16.json

MD5 f342edb6b13da9caf67f6ab25d8a0b4b
SHA1 2424100100917826a5933159802456d10f50d99a
SHA256 65c4941404715a1090a87d5e799c70b0e5b51be9971d3db0cec2b687de2350bd
SHA512 04e8057c56c4e6c009f46c7f626b0e13ab244f01813a6186e8b1cdc3b29e5c14cfb14053b2ecef35ca612bd2f31a3b3c7adb61cbd5740fff58472dc8091012ab

memory/10160-18824-0x0000000001250000-0x0000000002BAD000-memory.dmp