Malware Analysis Report

2025-01-19 00:37

Sample ID 240504-hshndahf65
Target https://skmedix.pl/
Tags
microsoft discovery phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://skmedix.pl/ was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft discovery phishing

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Detected potential entity reuse from brand microsoft.

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Checks processor information in registry

Enumerates system info in registry

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 06:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 06:59

Reported

2024-05-04 07:04

Platform

win11-20240419-en

Max time kernel

247s

Max time network

242s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://skmedix.pl/"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\SKlauncher-3.2.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 3456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 4496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 3560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 3560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 3560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 3560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 3560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 3560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 3560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3456 wrote to memory of 3560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://skmedix.pl/"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://skmedix.pl/

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f26e86ff-bb60-4049-b083-28e03e3f5e52} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {284c9eb8-f475-4091-831f-be1e7437112e} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ae1851d-b625-4236-a40f-d3816340405d} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3560 -childID 2 -isForBrowser -prefsHandle 3672 -prefMapHandle 2760 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {830c8191-47c6-4614-9b0f-cfdd0da89c47} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4300 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4476 -prefMapHandle 4472 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3caf0620-6ac1-4c9d-9e9f-bdc495845910} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 3 -isForBrowser -prefsHandle 5600 -prefMapHandle 5556 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c643162e-08d6-4b9b-945b-2d5b7861799e} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 4 -isForBrowser -prefsHandle 5768 -prefMapHandle 5772 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e667a607-8905-4f88-bea8-5e87bdbcbadb} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 5 -isForBrowser -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47d9482a-e590-4d45-9c82-8ec78867e568} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6340 -childID 6 -isForBrowser -prefsHandle 6332 -prefMapHandle 6376 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff0cd565-baaa-440e-84c1-2a4c817800c4} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6484 -childID 7 -isForBrowser -prefsHandle 6492 -prefMapHandle 6496 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {823f1564-010f-406a-ad60-7755e48d0c1e} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6700 -childID 8 -isForBrowser -prefsHandle 6776 -prefMapHandle 6772 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fd0810c-81ba-437c-a9ea-9509af29c59e} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6732 -parentBuildID 20240401114208 -prefsHandle 7040 -prefMapHandle 6728 -prefsLen 31077 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87ef2e54-4472-480a-a4df-c270a5d0d3bc} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6720 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6708 -prefMapHandle 6712 -prefsLen 31077 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead9f852-06b1-40ce-bd45-a3ebbcd3f7b6} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6672 -childID 9 -isForBrowser -prefsHandle 6336 -prefMapHandle 6328 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cd04143-f6a2-4a21-8e1b-2c387af861cc} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3956 -childID 10 -isForBrowser -prefsHandle 3952 -prefMapHandle 3908 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5319f4a8-424d-4346-be56-c070d2d02926} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

C:\Users\Admin\Downloads\SKlauncher-3.2.exe

"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc2ae33cb8,0x7ffc2ae33cc8,0x7ffc2ae33cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1342695195374851278,6600786385611797713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe -XshowSettings:properties -version

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe -Xdiag -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=16M -Djava.net.preferIPv4Stack=true -Xmx4096m -javaagent:C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar -DMcEmu=net.minecraft.client.main.Main -Dlog4j2.formatMsgNoLookups=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.jndi.rmi.object.trustURLCodebase=false -Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050 -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050 -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050 -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050 -Dminecraft.launcher.brand=java-minecraft-launcher -Dminecraft.launcher.version=1.6.93 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.2.9\brigadier-1.2.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\7.0.14\datafixerupper-7.0.14.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6.jar net.minecraft.client.main.Main --username se --version 1.20.6 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 16 --uuid 0f4bfd5cb62931c28add1d7c99ab4d35 --accessToken 1edb6b0ad96a42b28f525bdd6b67e794 --clientId 0 --xuid 0 --userType msa --versionType release

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7608 -childID 11 -isForBrowser -prefsHandle 3636 -prefMapHandle 7652 -prefsLen 32670 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76c22e9d-c95e-4d6f-b57c-6c671855daff} 3456 "\\.\pipe\gecko-crash-server-pipe.3456" tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49729 tcp
US 8.8.8.8:53 skmedix.pl udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 172.67.199.2:443 sessionserver.skmedix.pl tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 172.67.199.2:443 skmedix.pl tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 35.164.250.149:443 shavar.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 172.67.199.2:443 textures.skmedix.pl udp
US 104.21.234.235:443 rsms.me tcp
US 104.21.234.235:443 rsms.me tcp
GB 172.217.16.238:443 www3.l.google.com tcp
GB 172.217.16.238:443 www3.l.google.com udp
US 104.21.234.235:443 rsms.me tcp
US 104.21.234.235:443 rsms.me udp
US 104.21.234.235:443 rsms.me udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com tcp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 142.250.178.4:443 www.google.com udp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
N/A 127.0.0.1:49737 tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.35:443 p4-bgttoj23r5zxq-krshpfqjhvumnuah-if-v6exp3-v4.metric.gstatic.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.35:443 p4-bgttoj23r5zxq-krshpfqjhvumnuah-if-v6exp3-v4.metric.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com udp
GB 74.125.175.106:443 rr5.sn-aigl6nzk.googlevideo.com tcp
GB 74.125.175.106:443 rr5.sn-aigl6nzk.googlevideo.com udp
GB 142.250.200.34:443 adclick.g.doubleclick.net tcp
GB 172.217.16.238:443 www3.l.google.com tcp
US 104.21.234.235:443 rsms.me tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 44.242.34.204:443 locprod2-elb-us-west-2.prod.mozaws.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
NL 2.18.121.79:80 a19.dscg10.akamai.net tcp
GB 142.250.187.206:443 redirector.gvt1.com tcp
GB 142.250.187.206:443 redirector.gvt1.com udp
GB 173.194.3.70:443 r1---sn-aigl6n6s.gvt1.com tcp
GB 173.194.3.70:443 r1---sn-aigl6n6s.gvt1.com udp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 172.67.199.2:443 textures.skmedix.pl tcp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 172.67.199.2:443 textures.skmedix.pl tcp
US 104.21.234.235:443 rsms.me tcp
US 172.67.199.2:443 textures.skmedix.pl tcp
US 172.67.199.2:443 textures.skmedix.pl tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
DE 142.132.140.101:443 status.skmedix.pl tcp
N/A 127.0.0.1:51674 tcp
IE 20.190.159.4:443 login.microsoftonline.com tcp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 152.199.21.175:443 acctcdnvzeuno.azureedge.net tcp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 52.182.143.208:443 browser.events.data.microsoft.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 104.21.50.12:443 textures.skmedix.pl tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\b7cfbf75-b82f-44e6-b4ea-24454c61f978

MD5 3be7e3e7a4269523ba93079000ca6fe3
SHA1 ddb1feb821f76c83e74ef56e63efa00613b7d0d5
SHA256 0f20282c44952a9f98f94c94167f507821710603b9d3922ca0d7395c1802652f
SHA512 cd9b96b405486fb1c3ed2e090d5718c471a5c9c9bb90dae8cdee2e779313a035c5f83e992b5fd4c742c8a21d1680d5a7866de91ccc3a47cf08dab34e2fbbcc66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\86ff3948-6298-4bba-92d1-bd9f0dd751e7

MD5 6f8c06642c790fed2256c13c81913e53
SHA1 a706fe33eca788493a4131131f15d8ae63ef65f9
SHA256 a11e1906066e2df5a8cc7ef466c17cf0a8f5ba58c097450e9711c4ffda62529c
SHA512 55f9b1457314e8ab11b05fc02039e57edb1a7d279a4546fa03b195f7f4871f63a457be66637e34b976faa498034e8923ead13544e19091bc1f1f0a5c567317fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp

MD5 109adb304fc6e5839d8bd4287dbc5a4e
SHA1 c2c1c0ee98984382873f93eefe369cc7602050af
SHA256 0add6122b96e11e372d52f0ca3ca6f4c87a73aa44af63a0857c57a32a35fe75e
SHA512 f1b21c7af81d47dc41eb2b76e601760bc471c6db3b54b3d27d875e185056d0a2b666dfe4831f6162858afda504f4dc205d80e07968488343829c89ba00f87f99

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\5b0fec46-9d51-4313-90a8-134dc4111c43

MD5 0ac2b0cfa0e1f55087ee6471ab582874
SHA1 36ef6d84853561c5ac35ca0a1ddb8e780530568e
SHA256 2003b5976ba26e81636c6ec40d49915f6b487f652a29256e67eec2a838ccb52b
SHA512 b9909bc75e56109458b4be06c28fe7bc356e05aa4e4cf31dd82900cadd666764007319e847f358c2a30b2442ce1747d38514145aced24d65762985315637f145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp

MD5 f4f9238fb8d0f412cab9ef4b5f1b9ac3
SHA1 2b9dd91fb02bac36b2227b563a3bab4b7eddf5cf
SHA256 a8872dfc217741e35c1e883ae69012056c66585f89f8ab0058d65725290123ef
SHA512 6fc7e4076585e4a162826172a269180777e9f68bdb557d8e215b426b03d6d5e27e5900268a21f55941aa3ab9e89ba84e87dec7fe8a66c497f8cec9ae72ffec41

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs.js

MD5 03ea26349805087ecf09bea831146190
SHA1 2c391a4dfb45c297c900573916069d988d346f01
SHA256 2257435068942682d3758808daf8ccda105326f0f3da2f15e9d435cbb55dcf21
SHA512 515e58d02ec0682031ca76ef28c2da73b4b09768ebe6a01225cfd11c50553485f08647ed521eb419b4612f035dbda241a3c032960aef810fb79e1acc71596a33

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\AlternateServices.bin

MD5 cf0d285731d555e9d767fc67453d8f84
SHA1 9d7f1a879d030a706887c486a409359befe79dfa
SHA256 012a29de876f5e97ea3f64f556f71b543aac15840776bcb76a8780ead7837eb8
SHA512 8b8d5201ca44a4a945aaeabf4bea8a6d72f31fb4e0b851c252b930eae52c91a42f08dfdf40554ddc3907f4673463df6d1b79c7174f8d95cd09e538e4a13d2cc1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\25964F52691AED972ED9651DC62D2ED649D0CA04

MD5 7066551dcb670f080fd6bd773b814762
SHA1 ecc443d32d5a20f8c5844cd86acbaf792815dfb8
SHA256 cc6d62c5f3cceb6f78bebbb5f1abcb728ee615180b8d2a6b92ce323bb5ba9a93
SHA512 883cde697a0969e2cb6b5f40867889c0b4b2e90e2cd54ebd448f8a83dd2b4b6d3994db35c7bd47122ca7de130d393dcd80e9ef2803e6766fb870132b4c4af45f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\2642B139127293682A334A3B94AFED2E56EF6902

MD5 e5ae82c93342ec30447cef1ae916c38f
SHA1 1c71836c867c79bd53292ac17280cf2faed5fb51
SHA256 f0ea5ed96ac0addc63f0e7ca9e769021eb4239fe44b5a93b696e512d094ebc75
SHA512 39f356eaa8b37cb13e1a3b5ac17b0d2294426db2e7ec9ac5ea780c280f4e8444392e06d8f4e9e0f79ddb2b362dd973d83efa382fb9cd91d84e3e54f2e309ecaa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\A9820D3AA01082CAD0464F5D7B7ACC7020B5827A

MD5 d1495c09bcdd0fba0998ee4a6c3b9cdb
SHA1 45ce04a0916917e5a53abed9cec8864c686ca258
SHA256 129f3fbb599effc387735fc97491303d130a5198a3f8b2019379b18ae456800a
SHA512 85ea763f25c8527ab43f1a9e09b6a2525ab56b2e38007ffadc43859229f4307f0a9d21bbc0b2b922270497ba686e6028a9b0bc81d6b93b948dd0ee816ad235d1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\5D725DA1DD35E8A5C0B1026F1D46210CD974636B

MD5 73f0a82e3846639bd437ad68149fddd5
SHA1 e2514279c3bc698067bc4a607b23768ee943305b
SHA256 0ad07721882ae73a37deace123c015d046b118fc38aa417b7a42f19737c10d45
SHA512 1a9e29c82410768c4a59fa922057ee1d58ff21f1fd80562bd800395ded8831d48ff5198c58c7a9067eceff4a4a2622787435236c178d25db3814af05c3d5f9d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\38080459652B535AD0DE543435FBA672A01C1BA2

MD5 30f09201a5af0b9e42d5d17bbfd156c1
SHA1 b935de3662a680195023403e570633893e9a9d2e
SHA256 d3602f31fb7f02bd6cdfec943b1a8bd591c7458e25b80c1ba37c7a3c6ab0eb90
SHA512 617d48a6dda55d9c51e6b140a8ad646ef0dc1fdb481c8bb3baba051da3149ac28bd998f1e374fcddccd0389ee0afc86423720cb65e032307eaf2e2a87d3c94ab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\BDEC96904459D19E2C404220905910C78EFFD20E

MD5 f2f070ef0fc546f0c113ad74a6ddf468
SHA1 941ca2d94136b06ab5bb657e88418dde2b5270ad
SHA256 8404fb424058e41a368636d2069603319d25f0e740212f89e6c6ad3e181bf2ba
SHA512 68e3f62f27c166252e4af1068edc8d63e4bae2f5054be1cd7d8421d0bc80b6fa1f16f219732c2bd4e2d21cde5d086dbf0be87217c01536b0f98ed3250a1f49b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\5CADC9E137EB9BF00D8AB43AC271FC1942D71299

MD5 3f7f161f73849056a1ee6cfa75fd2c94
SHA1 462622725273daba41e2b1d78092508c0252008d
SHA256 9037f1688938811f08ed474f9a75519429bace6f6eb50a553a1b9b0cb2e5778d
SHA512 184c8a43a8bab863f75a17439ec942e19610363a336ed565b916a8447364e1e1b4e29bad65469e51155ff875cf6be42fccbfd1852beecdcb1dc49eb357bef5de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs.js

MD5 274440e78c26a7b14434e280e084a2ae
SHA1 1c87424bb4563425e00aed5880af8564810602cf
SHA256 93a3940c7184883d08afda98a26fda6950d4a9e0fb1e474b8ac590bbe7988007
SHA512 9a2e348c7170ba6239d9051b51b78ae3fb3fdae44a8d1b6b2332c83f0628018e73d5061307817b63207c5b5b72a96664a490f598c8e8a877904cfb60439032dd

C:\Users\Admin\Downloads\SKlauncher-3.B55uh8Cy.2.exe.part

MD5 b63468dd118dfbca5ef7967ba344e0e3
SHA1 2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA256 05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512 007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548

C:\Users\Admin\Downloads\SKlauncher-3.2.exe:Zone.Identifier

MD5 8b52d5f53dfab48adbb7013073a6581f
SHA1 81668705ae296472b43670efde4a85ac95c1122a
SHA256 fbc335b52756077b5e429a442bc4a612b10fd3171d44935e1a13df109faa43e8
SHA512 1a77518de358c67e8e85f7bd2b912821fa098c6105f3fb036aa93cddecdb06366aed575b7b7ff220bc63f233814dec16e08c8f9d2f5f3edee2fe0e2f7fd81c53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\sessionstore-backups\recovery.baklz4

MD5 03cfaef6f7c712352211a7a6ddd87493
SHA1 d1ed4ade9a1c415717667a3671105ceb563e4835
SHA256 873b4c92cadedf98f1e5b58b5df16575bc5823574fa336edd91f0939171f98e4
SHA512 b9a600fbc176666b3e6be89823a2a63fe18a552567c03f5ecf47df6ed0863b32b5d737d48036d545fd048b4d203082c923e5b3b0921217190154a61a64ff3954

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs.js

MD5 20c75966c4bd8ece6027df97f7efe814
SHA1 aefccaae43813fca51721ce03d1ebb8e7469715e
SHA256 90dc621a8c4908a53823cf0174efbc34eec077ae6ce357a0e2d15d5d82021268
SHA512 81b1b5b30bcbd46fb3cbb0126e39c7e6b24fe9caeff7589b7caf67a8e6805e1cbb21fb831df4009dc0c911a1752d598bede44b3d9eb6cdbdb1532bcde7f2492f

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs.js

MD5 181e979d8e17c13fb5d063628dd3a552
SHA1 e829cd22a735915abf6a7dad2f077d578c0dd241
SHA256 b96637437dca24b67163439c2f483ef62454ad4cc6a66723129fc6d66e981a59
SHA512 7e090ade23b9a3e2a731358acc3048aff5925338c9a8f64ba99c81a9d30cd9292c6cef4ad3edcdfb43fe6b5a6fbc42d6aa48e74c14b1c2c08458e191f9f30f08

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs.js

MD5 639291e6e0b5544c703bde5af136796b
SHA1 d0f8a8c5b5a2095ae2c032740cf69d514573b826
SHA256 ec98051241a343c4f7cdcabbeb8ad1a1d75c5a04023da608920d2ab8cd22c339
SHA512 f15a3721576dec2f93377cbf1e02ef97d08a10752deae521a3c0171cc9e6aece69d2880b3e7c7e1439ebe040a593ca26ecb0fe66fc8b1b4485e78e6fdab529d0

memory/3824-934-0x0000029523A00000-0x0000029523C70000-memory.dmp

memory/3824-944-0x00000295221B0000-0x00000295221B1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 0148e98b31991988b0fb612d4b3869ac
SHA1 67d9b2fe300fe40a46777a09f3117c6f1dfa90be
SHA256 60a1ff99899dafdee64a83dd5438e24410100d6d3ffa46aff310197b3048e7bf
SHA512 1b1dac9f8c8857d1a8682d5c020853d86dfe957c845aa8c41b172c7892f9c09531f81d03ead1c68b4d714c4ab68048d77765a70b3694f4dfbdbbc93cc0ca4f9e

memory/3824-945-0x0000029523A00000-0x0000029523C70000-memory.dmp

memory/5332-949-0x000002228CEC0000-0x000002228D130000-memory.dmp

memory/5332-959-0x000002228CEA0000-0x000002228CEA1000-memory.dmp

memory/5332-960-0x000002228CEC0000-0x000002228D130000-memory.dmp

memory/6032-963-0x0000000002950000-0x0000000002BC0000-memory.dmp

memory/6032-974-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-978-0x0000000002820000-0x0000000002821000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4899139209000.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/6032-1013-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1040-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1053-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1055-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1073-0x0000000002820000-0x0000000002821000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 5b0bfa78154b1c57ab68574af285fc6f
SHA1 bf9f6b357352f81a2e4427c4e5d839b89b32d3b7
SHA256 0e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f
SHA512 95dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26

memory/6032-1111-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1112-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1156-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1152-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1168-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1172-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1175-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1178-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1181-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1185-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1186-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1190-0x0000000002820000-0x0000000002821000-memory.dmp

memory/6032-1201-0x0000000002820000-0x0000000002821000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF3763040570974159599.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

C:\Users\Admin\AppData\Local\Temp\e4jE762.tmp_dir1714806044\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF168835074144143900.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna5731311216525468539.dll

MD5 719d6ba1946c25aa61ce82f90d77ffd5
SHA1 94d2191378cac5719daecc826fc116816284c406
SHA256 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

C:\Users\Admin\AppData\Local\Temp\+JXF141217890273398926.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\29080FEC855CD2187E892DC013F455B0F9E7066B

MD5 83acc1736f8f31e603e602e8a90c1192
SHA1 9b18cba06a34513fda0e81ea569dcb6b08fab709
SHA256 009cc2828fb17243bfaf0bfd1bf39b4952835d12e14197242c0d018501f56f94
SHA512 2e6ef7293d17cbd693e6733ad6e68f692ae0c9f23698161834554821c1a67613a008a24784fcc04fa243c25832a9dece9bc5cdf2d8e3f24f241b56d203a36b6c

memory/6032-1831-0x0000000002950000-0x0000000002BC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8b53ef336be1e3589ad68ef93bbe3a7
SHA1 dec5c310225cab7d871fe036a6ed0e7fc323cf56
SHA256 fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1
SHA512 a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537

\??\pipe\LOCAL\crashpad_5956_TOSPEWLKHEUGRSRL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6e498afe43878690d3c18fab2dd375a5
SHA1 b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd
SHA256 beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78
SHA512 3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9fc8fb53ca4a2d68f11c6fbe14f77f42
SHA1 95e99124c8b378b562a27d61cbdc1e9aaa27e3a1
SHA256 7511c7ea907ba6b81249168bbb964240b9f1653b60ea880b721804b86aa2fe2c
SHA512 dedcaccee81ef85c016b3672f5b224ff57a27a2e9a5327e621053abc0b7d8f61d24435b9a3d3b6dfa43e33435b355166073122eec5924ca7f3004220f0728d97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a744bcd69e6e858317a6ec2ca221a3e8
SHA1 82cbaa959230c55b79c9fb243b9d950c6aa6abeb
SHA256 94ed15a67c71a23915c5b41cc5ff67674485baeb1d327bdaffccacbee5c29b17
SHA512 9169f196b0d15291a53c0b4457db3689fb9d27d20fe42e56cce6bdea7f6e6388b8cd22b4c412d3f664bafce2b21cc87d6fc4a80148ae890332b98951a6179230

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf9566a6a52fa11b4fcb7e1bb1e3e259
SHA1 fa77c740dfa4a119f4865618665ff275d8158670
SHA256 d0a146c897128452c6d01ef7fbf68c0776d2de777e01bbc4cfb0987ba18c8bd8
SHA512 6b300c2efcefca7117d97b6c3fe92c43f183cb935c0cba91b447b635760a79eaacf84375116293a2afe5ddafbf9add13296f23a06c04b318854d6b2bcb2f7fce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 02000b89dad7cc51c8a3a1c5fff0b644
SHA1 3fc34e531202d71163107da16bc99b4457e84c45
SHA256 a75c3bfef4a129339996ffce520919ee5466298f4bfbd0dd20003374029675a9
SHA512 954a8cf70e3858edd177bdf75bfa8ad71e6f016d6cf1a18e90fc91095335fe462079558b434209a2a309cf34c218ea11c2164f53eafe23423616d947b242effa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5e1f9068447613da1cf1cef1ac1ecd24
SHA1 96a471227975a7987934c420f6c0cf3a8457302f
SHA256 e018c545680b0da8a04b069210dffb60f4a21c19dfbaa8ad1dda4e64acedc35d
SHA512 764d9814b388d8cbaa1892843e951b3717bdfcfbd88be4e881f0694eb96fc6a9a4c77fab9204f42e70142b58dc9cbc55c2d208e704ae0473a7f65175fc611ee6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\sessionstore-backups\recovery.baklz4

MD5 c239b1e19c1458966b47cac439f74e0c
SHA1 0551a9b3b506703b05ece2e0ab463fe620f681d8
SHA256 e6a6167f6ff1d8cb3c7279edbca2228db03a7948748c1ed912bee66fb110a766
SHA512 acac95a32a8333741e7e4187c3732e4df7aa0f6d1c9301636c16e34ec648c6bb9a46e3f55308b84453017545a59b8f1a44ae9c8076695de232cce5a71438a0ef

C:\Users\Admin\AppData\Roaming\.minecraft\launcher_profiles.json.bak

MD5 dd38c2f98a5b924798cf745fe5d9cb2b
SHA1 72ab0f80dcccb978626aafc8e535616e84e2f6d1
SHA256 cb8c0e806f62e24eac4b194d61b463c3306310ff6ee1e27f43db37f1ff8b3286
SHA512 85a5cef4a8211b57f7ec4d0dccf89107c33ee02011da989cbc685f141e092a33e972afc1ddb25b878fb8dbf6ff791320ca108d5cd14d6cd97def7f1c571f159e

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.crypto.cryptoki\ASSEMBLY_EXCEPTION

MD5 bd468da51b15a9f09778545b00265f34
SHA1 c80e4bab46e34d02826eab226a4441d0970f2aba
SHA256 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA512 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\java.desktop\LICENSE

MD5 663f71c746cc2002aa53b066b06c88ab
SHA1 12976a6c2b227cbac58969c1455444596c894656
SHA256 d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.jdi\ADDITIONAL_LICENSE_INFO

MD5 512f151af02b6bd258428b784b457531
SHA1 84d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256 d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA512 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\vcruntime140_1.dll

MD5 135359d350f72ad4bf716b764d39e749
SHA1 2e59d9bbcce356f0fece56c9c4917a5cacec63d7
SHA256 34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32
SHA512 cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\msvcp140.dll

MD5 6da7f4530edb350cf9d967d969ccecf8
SHA1 3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9
SHA256 9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da
SHA512 1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\server\jvm.dll

MD5 e9b6daf0745597cecdac3059143505fd
SHA1 2c6d4109e1f29a90d54480494dab77b47a6d0d95
SHA256 b5b8c413b1a51b9c4c6489b99197208ed676c9a8c1b8158967ddb8f58efed649
SHA512 c587d36e6b746b453cbbd2a5920b6e2d32f297e0bdc50b5c3d0323f0a7604adf472783bedcf9e1afb3ed4f7b35087c5bc600677487258f4fad05ded38400ecca

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\java.dll

MD5 457499494ca72d3c07f4e85fbb6ca4df
SHA1 68906a6cd331bed1fad68b0e12ae0782b1d1680b
SHA256 82335b932f11482c5f36d12786a9301800daab0e828b3b16abf68c12d4fbe5bd
SHA512 3c2a7e67af1e0522a2c6c3d6ebc41ea942c2bae361b8f04d983f9227afbedfb704a93a8838f2b2ce84997cc5a1a72bccbbf0ba2a7bb07370fad725409174499a

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\zip.dll

MD5 69e1a1e6e0ca8fb542e11b4be5c0502d
SHA1 c915dd2ce2b7a410c76c6990509eff9fca594d2a
SHA256 d030ef0d7a9113051d14455f929df54bf4f95296016a383bb3763b640497d260
SHA512 5e71383425876e6a6c6e21a0d285ed3229c7ec7e01d0c6a328b2d3fc93f6ea799251e582b4106090e5633ad7acf5c5e2c151710d8012dc30433490e4a0d54f6a

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\jimage.dll

MD5 730f42f7933defd6f76cf31831c34d4e
SHA1 9d18162dcc2f33d36a6e9bdb5e7c0c582406fd9d
SHA256 27a502b241ab2071f82dc70580417e99289ec8a9fe29d5363c69d9bae8cc1af9
SHA512 94b2db8a2cfda6a00f0ce784e0c37c3beea92ecef944a53f747b919c39c18d8f16fac1943645a437c07a07519fd0f3db2cc5bbd1ccc91a14dd470e3b524cf6fe

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\jsvml.dll

MD5 33c5b025990bedbb0027ebca936134cd
SHA1 a801dcd56f41a086337f136cea81ccedf36ad57f
SHA256 e1ddd4d366dbfaf78d342e91665cba387d5fa90dd1172efa5567016c689d7f34
SHA512 7ebd988b33edd8b24034fd60b107953bd9dd41f9d36facf7b05a530b6c383b96d3582c930244a0f6bfd93bbf8e7b4c93491a61e85119f8486dc682c4f2df4024

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\jli.dll

MD5 b8055efdd184b39d15b663f2aa04550f
SHA1 901c0e89e9de8c6df0055b2fae83a6d653ff9c40
SHA256 e933cf502c14a1af8994f0e64853b98190f0ea2fcf062f7f80cf1712080b4f9c
SHA512 b114cc1d6ae7feda2cbe7ca23bb008746be8f72314b097a7d297238c94caebf78f5c103502dfbf9854d94f342962ac776cf215e4d99c40c80388ac5df43d102f

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\instrument.dll

MD5 25877c45f515deeda937a433fc9d8638
SHA1 ad3ecbae138e73104eddbcb38547eaba9e19c29a
SHA256 c1694de697acb4830726fbd9ba88f94c49ea152900cd353c6feffaedf90b23a5
SHA512 09a23ad95f979b462a79ccc2f426d81f5a641ad3ba96afa3f0f9d17f2c7c9c624b10719cd5c5771ae8465466c6f73aa5b2a41dbaf2020b9c98ea8479d885d019

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\vcruntime140.dll

MD5 f34eb034aa4a9735218686590cba2e8b
SHA1 2bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA256 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512 d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe

MD5 575230bd0c50dac003d275dab323d2f9
SHA1 4f97aff9b52b3d2736993a35f9fea303c3e09cda
SHA256 6e7dcf3dca0f14a9d2e1a20af11c400bf4164e02708d819768fcc4231b4f4ba2
SHA512 b9d3ff63f982592f6e28f17eeaadf0549cfbb8e5268ef1dabc763f42b6a27f1f1e1bafe3e901215e95431de5f2ac5abf515864898d8aef5c38deb7a7abfeda32

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar

MD5 75676ac6c1a3c4b0938f73e03eef8cad
SHA1 b1d8ab82d11d92fd639b56d639f8f46f739dd5fa
SHA256 fef001a7a13515c273f30915915580782afbc45273cc07aa15994e51563ef310
SHA512 c1e60c340ad0d603f37d6ae0b5ed5ac2833b382dbcceaae84cca69cbf8c4dc9baa7ff741002da3e408426e5100f6c6402713083a05b1a4e3bc5e98923d7a15d4

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\nio.dll

MD5 74c61a471c1fefd9b23871fc432762c4
SHA1 f1efba66e37d299ab5fce0f0b9cc33d03cfc139d
SHA256 819cd3f849aeb6394acc5b28d4c2629bcf04becafc121a8cc5e092f7f42625a2
SHA512 c6e542fb04b32545d9656e193f9dce98009830b1da427e5fbcd5b21915252222e75f1a68af34e65a7faa1569a95ad66346cf5adf33c4c61a6b83d89955b63bb6

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar

MD5 23a23de561dd4f83e13d46e7273a35de
SHA1 61ad4ef7f9131fcf6d25c34b817f90d6da06c9e9
SHA256 29280822f4b0796acef1f79b90b1d0c1edd86c10e876a848e04b8a6298a16bf9
SHA512 cec14b1da327c77c28ac9110af772d771df6297050dc79919c57059486eaf502ca542223c4a0f5bdb1ddf22d645b550f3b40422ee5d5fb0ebdbb07231e28746c

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar

MD5 6e26920fa7228891980890cce06b718c
SHA1 4e3eb3d79888d76b54e28b350915b5dc3919c9de
SHA256 56595fb20b0b85bc91d0d503dad50bb7f1b9afc0eed5dffa6cbb25929000484d
SHA512 eee671e66d808b56b81e15574675cf132d7628c010736d580915bbf8c04849f04df1d95ddeea13c4e119f8f0a564c7003beeb8ab437564e080ee27063c1e52b9

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar

MD5 f5b05e8db22e2e0668b786e11ac9d3ce
SHA1 3cad216e3a7f0c19b4b394388bc9ffc446f13b14
SHA256 c2a95b499e76fada7dd63e9b0ec797b678d411c2b0ee6f37f4dc674662bfb0af
SHA512 e7a9ca0449f1fcde00f242043e6f2890993aed4d98621e77a46858c7c9f4a1e5134cc77c33dd2d3b83b2e7164e99a616e3aaefbe860bb209be23e74f7b32a29f

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar

MD5 ff905bf0aacf501149a13880a2d6742d
SHA1 da05971b07cbb379d002cf7eaec6a2048211fefc
SHA256 16d70e7968b45caffc81576268eb000f473fb60bf257182d3447dea8ec919d5a
SHA512 5d66d948fc5e4be401ce6800f36ae896b9315abbb63cc0c0d489ac10651392522c9e52d2a42bdeba095b713917f41ff04121d34675c504da716bafa55355e171

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar

MD5 d01ea99740509a58222a426cc36f5456
SHA1 24cb95ffb0e3433fd6e844c04e68009e504ca1c0
SHA256 3dc3190204bac5f4184d8405bfe1f724f73a6a15a0d3f36ec7f69e6872c1a76c
SHA512 4637804df47b9191de9d219a12374c45175e790dc230040946db541022fb06ee5f6c1fd07cd6700465a6add5e66e96bf364e410da32bfacc4044507424a96e1e

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\7.0.14\datafixerupper-7.0.14.jar

MD5 0196308d39eeb5bf8e7795a2d658bf95
SHA1 db3485dc1e6b712bd81170d5ce6dca2fb2f8bd86
SHA256 d7392613febff2c7146cefad7c1245ec102432393f7aaadbfbc78ff43ef2076b
SHA512 c4ccc6e75e797eec3d24504314da169be708926b9caad594fe46727968809874cd0ef321f3d32c86140263361d1779a73ff37970e201c25b7c6ca55b58cb34ee

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.2.9\brigadier-1.2.9.jar

MD5 61cc6e0f954ff702955aa264c752d389
SHA1 73e324f2ee541493a5179abf367237faa782ed21
SHA256 1f46f6c679ad59ad5d6228e7b91962217a588f25bd259e0691bc9c5a54b68bcd
SHA512 9f7c86ce72d4906c8a22bd9dd9140da104416184c20d36211fcad779b20b465f484ddb88ad266613cca6dba188a3a3a2081f0a92044521345c2a7c626cc6b94d

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar

MD5 fc1420e3182dd32b4df9933f810ebebb
SHA1 5c685c5ffa94c4cd39496c7184c1d122e515ecef
SHA256 830bfd639c8db49236bbd8e45d3a2b8c96c56ff654a10118654958a6235d4c44
SHA512 10da612530b7c1e1ef3acd02d2d71fd689f3688fcdcd8b0710a9af646816c88fedc6ed2ea8da2d58e61c6ffc9347a61993bd27dfe04cfc3b646a927bcc48da4d

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar

MD5 8d5cc32d757f204ed369e6b27ff99469
SHA1 de8bc95660e1b2fe8793fd427a7a10dcec5b3ea7
SHA256 319ea7b53b5e52f62ad3e2b81e9db7f0751240edac548bd74f5f19e35dc21a3b
SHA512 4390482f1f8cfb65735670efc5ecc14913d6a637c35c30c4ace35b346751b7fdeb5ab1eb9e183b40b57f251ded8ab57e3d77d195d14e21910acc8e327241359c

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar

MD5 5fe031b3b35ed56182478811a931d617
SHA1 5e64ec7e056456bef3a4bc4c6fdaef71e8ab6318
SHA256 bc65dea7cfd9e4dacf8419d8af0e741655857d27885bb35d943d7187fc3a8fce
SHA512 d683751034688863dc82315a75620abbeeca525cc592d5227b136c29902a0d035f306c6bfaf87d00d95bd1bd967953b00a932286ce09cfba1a0fb35efd852cd4

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar

MD5 091883993ef5bfa91da01dcc8fc52236
SHA1 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256 a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
SHA512 f8d59b808d6ba617252305b66d5590937da9b2b843d492d06b8d0b1b1f397e39f360d5817707797b979a5bf20bf21987b35333e7a15c44ed7401fea2d2119cae

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar

MD5 df6097815738cb31fc56391553210843
SHA1 b3add478d4382b78ea20b1671390a858002feb6c
SHA256 4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593
SHA512 7503e4b8d05c6cc0ecb3a94c5a2e070e049083a441003a79a0cdf474f4286699b4ba1d2a655ddabb8ba10c50e7c36a7045cccdaee465166d4630db647aba2727

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\net.dll

MD5 6a223da529e7ca5d493b2c00a82577e8
SHA1 ea8856f004ad8d8502b7df086d15c88ac96cc06a
SHA256 50491e9ca18a77c3012dbcfb9c4a89786949ba966f5abe9977d18cbde4f92faa
SHA512 4502ce6b0b960c411b8ba52ecad400ba844034e36d87eb710ae775af2966bc26645cb1556251ea1f9f29b89aee52e00331aaf9d0f779735349dd49e2c2861a23

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\lib\jvm.cfg

MD5 7ce21bdcfa333c231d74a77394206302
SHA1 c5a940d2dee8e7bfc01a87d585ddca420d37e226
SHA256 aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0
SHA512 8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe

MD5 f548570563577d875b23595d678f1524
SHA1 6b306b9b213f0f9a58a48b37358aa8c5922edc99
SHA256 b279c3aea41953bf7a674084fd866b211df000855504add21fa0da8bf06468a9
SHA512 3686cc38e204ca8a4018ad18a8ba5884dad8b0549ac79b471e973de19ce3435b36d030ff92c826d5b8f371c90640a1cbc52b9118e7a4806d3571894829dcccbf

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050\lwjgl.dll

MD5 d8ea3886d9f59b514bfa5b24ab69c0ab
SHA1 2bf57942dff5360889f0e89c58d5acdc54e5f1ea
SHA256 a39adf52947fafd954c2a86ce031abb8c59825f7ee50337ac8c41e4280abe82d
SHA512 ba8af0415c7b0454dd8bdccf78ed59da3bb5cc5f631dd060d3cd0eaf74d8f55d7531248b6b8a995ba5b672dc0386d3fa198e8c761f2e1cc0304da0dc029bf29e

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050\jemalloc.dll

MD5 e58d41175587d4355fe06bf8b8a1ab32
SHA1 6403f8243ea983a225b3bcda6c821a0029ad9ee2
SHA256 9abf0095066ebab37b78968e11370a8078313e48cb5be8eda01f67623c6a6248
SHA512 fc432ddb67dce8a672ac268d25f01d40c1d614e4ef34cbac6c4a2c01742ebab5d00c7ef5d9f0ef46ce0b3b6a4d5ace581fcf8c247d492c3882f561015d9e2ae4

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050\glfw.dll

MD5 8cabdbe3d67546771b02af5d42073cfe
SHA1 2e19147110b9872a52814956bab151a7aa80ce58
SHA256 affa7e54eb0dedce4a5721c327c1a16035edbbd039cd402e08107d6d2d55eb1a
SHA512 b7f46feef779e5772fc7711fda601fdda6ee4bf41d4fb87735a0b8fdc5fdbbdab23ba1760989e15d66cf9ba65409933cbce858eda169d04f13f401198245ad1f

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.20.6\1.20.6-natives-632671528050\lwjgl_tinyfd.dll

MD5 e7349669dee3093d266849685efecc60
SHA1 e7c3d94ad9d83f0762dfd82780d2a683d5d9b3c0
SHA256 ec7d76e6ef7a99628ef6f8b6e544294b700108c341837779e6e2c01c0bc3da9c
SHA512 41d772a4a9673db43a4584af78d5c128278b27efc01b7da47a9f8f629fd004aa8e4c63186d93b6cb7b664325272f0a291a1e80d9ae799910989171c1cdec34c8

C:\Users\Admin\AppData\Local\Temp\SKL_TempStyleClass3089591814263418810.css

MD5 c335b272daae33aeb2c83e8a90461e8d
SHA1 c7bcbf1905586bd39303853087e44e86a47c8b54
SHA256 e3c1fd97b905ff659aafd4220812d1747cd30bf83c9a960aca3a0b2399872722
SHA512 5aec223b49bf45f86ef78a6ff9c21a8b6ae709fdee9254aa05b02aa2cd9aedd218b65e66a984577225b0a71ce8ddc5b43b9808b39a860915497f21c5412e3389

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs-1.js

MD5 b1e9806690059d98a918be167f245be2
SHA1 d9a66e7c82c3fcbd087deaf2bed432abda5cf066
SHA256 020994401bfa9456d96278723eb76f7358790d7a571ff3b32dd45c409393cd41
SHA512 f244fc27a2e01168e13161451233263c2eec82c903c6b37d45ee48818e9b597a7c6b5839ac8a1744e13d3570779732a411bcc8e6972ee2406b5d6f69fb3cdf35

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 4eb70ca6f22683e0efe701196ee3c318
SHA1 b872f2b2e9313579708e71ed36ac266630724d31
SHA256 58e93d7ab8107f74aeecf918a249df05a15d9e8206510f120c7a71e5fc2b44a4
SHA512 356ab2e47bc2d0314e2c9da50a849f6c1b0f485f16981376fb4b9fcc177e4db9efd52aecb6640362f3118d0a1adaf8a506e1c690c3f4400f2fae37471a0f0981

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 9390643d91caa79c52f21269b7eb5f46
SHA1 7c5f99fa3431b3b48123e96c7d1b02d622d2cf0d
SHA256 5d0c737b442c9396e2df696065b85a57670a915a182bb416727cecc79ce4086d
SHA512 7ee075cb2bd1653681851289a441bca5b0a24316ba16b39ea8649c0c53131fbfe25019d75c0fd5451cf2b48b9603b85bbe77a1576fc456af688a18fe5f03e5b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\sessionstore-backups\recovery.baklz4

MD5 b5882b9fdfa44e54ab7c7d5a7d110a8e
SHA1 e27908f33abfeefed7830930607eec527f7fbfe4
SHA256 d019fa785b1b044366d0acbe8a05dcc9795d0b6215500502c047baef27914ae6
SHA512 705865da4b818c5cf6bd8080e1ffe7a882a86d90f60d630c40926c163e48b5dc14d3a0a97a8191cd7c2a6a0c2bb9df653d047d43f2ea33a860acae01ffc4235c